Verizon’s top-notch annual Data Breach Investigations Report (DBIR) is out. You can jump to the Executive Summary of the report, download the entire report, or view it online. Here is its seven key insights infographic, below. Of the seven key insights, the figure that stands out the most to me is 74%: 74% of all…
Category: Of Note
Update on GLBA Safeguards Rule in Higher Education
Benjamin Wanger and Pierce T. Cox of BakerHostetler write: On February 9, 2023, the Department of Education Office of Federal Student Aid (“FSA”) issued an electronic notice regarding the Federal Trade Commission’s Final Rule amending the Standards for Safeguarding Customer Information (“Safeguards Rule”) under the Gramm-Leach-Bliley Act (“GLBA”). The amendments to the Safeguards Rule, which go into…
Hong Kong privacy watchdog warns data management firm over possible exposure of credit histories of 180,000 people
Sammy Heung reports: Hong Kong’s privacy watchdog has threatened to take legal action against a data management firm for failing to protect the credit histories of about 180,000 people from unauthorised access. The Office of the Privacy Commissioner for Personal Data on Thursday said it received a complaint in December 2021 from an individual who…
Developing: RaidForums users db leaked
In what is likely making some people a bit nervous, the users database for RaidForums has been leaked on a forum. The database appears to date to September 2020. It contains entries for the site owner, Omnipotent, as well as moderators, and well-known users. DataBreaches spot-checked the database and found individuals with their known…
New York county still dealing with ransomware eight months after attack
Brandon Vigliaro reports: The fallout from an eight-month-old cyber attack on a county in Long Island, New York has devolved into mud-slinging as leaders try to figure out just what is going on. Suffolk County was hit with a ransomware attack in early September 2022, which led county executive Steve Bellone to issue nine separate emergency…
NYSDFS Fines Lender and Mortgage Servicer $4.25M for Cybersecurity Failures Including Vendor Management
Joseph Lazzarotti of JacksonLewis writes: Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). According to the press release, OneMain Financial Group LLC (“OneMain”) will pay a $4.25 million penalty to New York State for alleged violations of Reg 500. In…