In a recent white paper I co-authored with Protenus, Inc., we noted the significant risks of a breach involving a vendor or business associate. In following up in a subsequent post, I also included a “pop quiz” for readers to use to test their understanding about the terms of any contract they have in terms of…
Category: Of Note
TalkTalk gets record £400,000 fine for failing to prevent October 2015 attack
From the Information Commissioner’s Office, this announcement about what is a record fine for them: Telecoms company TalkTalk has been issued with a record £400,000 fine by the ICO for security failings that allowed a cyber attacker to access customer data “with ease”. The ICO’s in-depth investigation found that an attack on the company last October could have been…
RedHack leaks reveal the rise of Turkey’s pro-government Twitter trolls
Efe Kerem Sozeri reports: Leaked emails from the Turkish government provide new details of how Turkey’s pro-government Twitter troll army targets the opposition and silences media criticism in the media. Last Friday, RedHack, a Marxist hacker group, claimed to have hacked personal email accounts of Turkey’s Energy Minister and President Erdoğan’s son-in-law, Berat Albayrak. They threatened to leak data if Turkey…
FTC denies LabMD’s application for a stay of Commission’s Final Order
In what is likely to infuriate those who believe that the Federal Trade Commission has already abused its authority in its relentless enforcement action against a small cancer-detecting laboratory, the FTC has denied LabMD’s application for a stay of their final order while LabMD appeals to a federal court. In explaining its denial, the Commission said it looked at four…
InfoArmor: Yahoo Data Breach Investigation
Well, it seems InfoArmor is calling b.s. on claims that Yahoo! was hacked by state actors. The overview from their report: Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations. Some of their initial targets, which occurred in 2012…
NJ Spine Center saw no other option but to pay ransom
Oof. This notification from the New Jersey Spine Center, sent to patients on September 22, describes a real disaster where not only essential patient files and credit card information were locked up, but their most recent backup was too. No wonder they paid the ransom. On July 27, 2016, our computer systems were attacked by a malware…