It’s encouraging to see breach notification deadlines taken seriously. The Norwegian Data Protection Authority has imposed a monetary penalty of NOK 2.5 million on Argon Medical Devices for breaching Article 33 (1) of the GDPR. That article requires controllers to notify the regulator of a personal data breach within 72 hours. According to Datatilsynet (the…
Category: Of Note
UK law: Ethical hackers urged to respond to Computer Misuse Act reform proposals
Alex Scroxton reports: Ethical hackers, security researchers and consultants, and the community at large are being urged to step up and make their voices heard as the government explores a series of proposed changes to the Computer Misuse Act (CMA) of 1990. The long-awaited consultation, which has been running since February, is seeking views on a…
Twitter takes legal action after source code leaked online
Dan Milmo reports: Twitter has revealed some of its source code has been released online and the social media platform owned by Elon Musk is taking legal action to identify the leaker. According to a court filing made on Friday, Twitter is demanding that GitHub, a code-sharing service, identifies who released on the platform parts…
The BreachForums case: The HHS-OIG did WHAT?!? Why?
Revelations contained in an affidavit by an FBI agent and a press release by the Department of Justice about the arrest of the owner of a popular hacking forum raise a few questions about the role of the U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG). An affidavit by FBI…
Justice Department Announces Arrest of “Pompompurin” and Disruption of BreachForum’s Operation
The full text of DOJ’s press release today follows. A few questions from me are included after the press release: The founder of BreachForums made his initial appearance today in the Eastern District of Virginia on a criminal charge related to his alleged creation and administration of a major hacking forum and marketplace for cybercriminals…
Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals
Robert Lemos reports: Companies in every industry continue to leave backup and storage platforms unsecured, with more than a dozen issues, including insecure network settings and unaddressed CVEs, affecting the average device. That leaves these repositories — often the first line of protection in the event of a ransomware attack — as sitting ducks for cybercriminals….