Catalin Cimpanu reports: To add insult to injury, after users were infected by a malware strain that stole their passwords and personal data, the malware operators forgot to secure their backend servers, which leaked sensitive user information for hundreds of thousands of victims for more than a month. For weeks, Bob Diachenko, Cyber Threat Intelligence Director at…
Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software
Charlie Osborne reports: Security researchers have provided insight into how a single student unwittingly became the conduit for a ransomware infection that cost a biomolecular institute a weeks’ worth of vital research. In a report due to be published on Thursday, Sophos described the case, in which the team was pulled in to neutralize an active cyberattack…
Fr: Ransomware attack on environmental center resulted in data loss
La Nouvelle Republique reports that the Permanent Center for Environmental Initiatives of Gâtine (CPIE) experienced a cyberattack on April 18 that resulted in irretrievable data loss. “We had a cryptographic virus that got into our computer server. When we opened the system, all our files had the same name. And if we wanted to decrypt…
Privacy Updates from China: Proliferation of Sector-Specific Rules As Key Legislation Remains Pending – Part 2: Data Protection in the Financial Sector
Yan Luo, Zhijing Yu, and Vicky Liu of Covington & Burling write: In Part 1 of this blog series (see here), we discussed recent data protection developments in China’s e-commerce sector. In this post, we discuss recently issued rules aimed at improving data governance in China’s financial sector that could also have data protection implications. These…
China Issues Second Version of the Draft Personal Information Protection Law for Public Comments
Hunton Andrews Kurth writes: On April 29, 2021, China issued a second version of the draft Personal Information Protection Law (“Draft PIPL”). The Draft PIPL will be open for public comments until May 28, 2021. While the framework of this version of the Draft PIPL is the same as the prior version issued on October 21, 2020,…
Scraping Episodes Highlight Debate Over Anti-Hacking Law’s Scope
Andrea Vittorio reports: Recent data scraping incidents at Facebook Inc. and LinkedIn Corp. highlight an ongoing debate over whether companies can invoke an anti-hacking law to restrict rivals or other actors from harvesting information from people’s online profiles. The issue could reach the U.S. Supreme Court, in a case over a data-scraping dispute between LinkedIn and workforce…