Skye Witley reports: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its software security representations defrauded investors and violated rules on controls. SolarWinds argued that it disclosed risks…
Category: U.S.
Facebook suffers big loss in lawsuit against data-scraping company
Jon Brodkin reports: One year after Meta sued a data-scraping company, a federal judge this week threw out Meta’s breach-of-contract claim because the defendant obtained only public data from Facebook and Instagram. Meta sued Bright Data in January 2023, making claims of breach of contract and tortious interference with contract. Bright Data is an Israeli company that collects data…
NYS Comptroller Audit: Garrison Union Free School District – Information Technology (2023M-127)
Issued Date: January 19, 2024 [read complete report – pdf] Audit Objective Determine whether Garrison Union Free School District (District) officials secured the District’s network user accounts, established physical controls and maintained inventory records for information technology (IT) equipment, and developed an IT contingency plan. Key Findings District officials did not adequately secure the District’s…
HHS Releases New Voluntary Performance Goals to Enhance Cybersecurity Across the Health Sector and Gateway for Cybersecurity Resources
January 24 Today, the U.S. Department of Health and Human Services (HHS), through the Administration for Strategic Preparedness and Response (ASPR), is releasing voluntary health care specific cybersecurity performance goals (CPGs) and a new gateway website to help Health Care and Public Health (HPH) sector organizations implement these high-impact cybersecurity practices and ease access to the…
Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
Alexander Boyd , Colin H. Black of Polsinelli PC write: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage…
23andMe’s data hack went unnoticed for months
23andMe may try to blame the victims for their massive data breach, but how are they going to blame anyone for it taking them five months to detect the breach? Mariella Moon reports: In late 2023, genetic testing company 23andMe admitted that its customer data was leaked online. A company representative told us back then that the bad…