Hunton writes: Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers (“SSNs”) to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs. The amendment was passed as part of…
Category: Of Note
Private messages from 81,000 hacked Facebook accounts for sale
Andrei Zakharov reports: Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts. The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure. Facebook said…
Virginia Hospital Must Answer for Snooping Employees’ Privacy Breach
From Bloomberg Law: A Virginia health-care system will have to answer claims that it is liable for its employees’ snooping into a patient’s confidential health information. A Virginia trial court shouldn’t have dismissed Lindsey Parker’s complaint alleging Carilion Healthcare Corp. and Carilion Clinic should be held liable for their employees’ wrongdoing, the Virginia Supreme Court…
Litigation Options For Post-Cyberattack ‘Active Defense’
Alexander Berengaut and Tarek Austin of Covington & Burling write: In March 2017, Rep. Tom Graves, R-Ga., introduced a draft bill titled the Active Cyber Defense Certainty Act. The bill would amend the Computer Fraud and Abuse Act to enable victims of cyberattacks to employ “limited defensive measures that exceed the boundaries of one’s network…
Canadian Regulator Issues Final Guidance on New Data Breach Reporting Requirements
Hunton writes: On October 29, 2018, the Office of the Privacy Commissioner of Canada (the “OPC”) released final guidance (“Final Guidance”) regarding how businesses may satisfy the reporting and record-keeping obligations under Canada’s new data breach reporting law. The law, effective November 1, 2018, requires organizations subject to the federal Personal Information Protection and Electronic…
GandCrab ransomware crew loses $1Mil after Bitdefender releases free decrypter
Score one for the good guys. Catalin Cimpanu reports: Bitdefender believes the criminal group behind the GandCrab ransomware has lost an estimated $1 million in ransom payments after the company released a free decryption utility for GandCrab victims last week. The Romanian antivirus maker says that at least 1,700 GandCrab victims were able to successfully…