Theodore J. Kobus III of BakerHostetler writes: Welcome to our seventh Data Security Incident Response Report (DSIR). It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create this report. We are excited to soon launch a new digital platform version, and we intend…
UK: HMRC outlines late-filing penalty notices data breach
ICAEW [ Institute of Chartered Accountants in England and Wales] members in practice have been among thousands of agents who have received late-filing penalty notices which are not for their clients. HMRC has investigated and provided an update on what went wrong. […] The total number of individual penalty notices sent to the wrong agent…
NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses
Kate Hanniford of Alston & Bird writes: Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by its regulated covered entities to the Attack. Although there have been no reported instances of…
Implementing the HIPAA Security Rule: Call for Comments on NIST SP 800-66, Revision 1
Implementing the HIPAA Security Rule: Call for Comments on NIST SP 800-66, Revision 1 The National Institute for Standards and Technology (NIST) is planning to update the NIST Special Publication (SP) 800—66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST is seeking stakeholder input…
Sekurak blog interviewed Babuk about Metropolitan DC Police attack
A blogger from Sekurak (a Polish blog) conducted a great interview with Babuk yesterday. You can read the write-up here. Here’s a snippet from it: sekurak : How did you get to the police infrastructure in Washington? Babuk : 0-day VPN. We can’t say anything else, it’s 0-day after all. sekurak : When did the Washington Police realize that…
Breached Online Ordering Platforms Expose Hundreds of Restaurants
How many of us increased our online orders from restaurants because of the pandemic? Unsurprisingly, criminals have been motivated by that to engage in even more Card Not Present (CNP) fraud. A new report by Gemini Advisory, released today, highlights the growing risks restaurants (and consumers) face. In the past 6 months, Gemini has reported…