Caleb Skeath, Shayan Karbassi, and Ashden Fein of Covington & Burling write: In February, the Federal Trade Commission (“FTC”) published a blog post that elucidated key security principles from recent FTC data security and privacy orders. Specifically, the FTC highlighted three practices that the Commission regards as “effectively protect[ing] user data.” These practices include: (1) offering multi-factor…
Category: U.S.
Hackers steal gun owners’ data from firearm auction website
Lorenzo Franceschi-Bicchierai reports: Hackers breached a website that allows people to buy and sell guns, exposing the identities of its users, TechCrunch has learned. The breach exposed reams of sensitive personal data for more than 550,000 users, including customers’ full names, home addresses, email addresses, plaintext passwords and telephone numbers. Also, the stolen data allegedly…
Cyber Plan Would Hold Software Makers Responsible in Hacks
Katrina Manson reports: The Biden administration is set to release an aggressive new national cybersecurity strategy on Thursday that seeks to shift the blame from companies that get hacked to software manufacturers and device makers, putting it on a potential collision course with big technology companies. The 35-page strategy, shared in advance with a group…
Minneapolis Public Schools systems restored, no ransom paid
Jeremiah Jacobsen has an update to the “encryption event” previously disclosed by Minneapolis Public Schools (MPS). [Note: MPS’s phrase “encryption event” appeared to be a ridiculous — and dare we say, sleazy– attempt not to call it a “ransomware attack.” The district still has not described it as ransomware attack.] Minneapolis Public Schools released a…
Nearly 800 people affected by possible data breach during College of the Desert malware attack last summer
KESQ has an update on a malware attack on College of the Desert last year: College of the Desert has begun alerting the approximately 800 people who may be affected by a possible data breach during a malware attack last summer. The malware attack occurred in early July. The attack took down the school’s phone…
HHS OCR creates new HIPAA enforcement arm and enhances focus on cybersecurity and privacy oversight
Marcy Wilder, Scott Loughlin, Melissa Bianchi, Paul Otto, and Alyssa Golay of Hogan Lovells write: This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions – Enforcement, Policy, and Strategic Planning –…