Maydeen Merino reports: The Federal Trade Commission this week defended its investigation of MGM Resort International’s data security practices as the Las Vegas-based casino is seeking a court order to block the agency’s probe. Following a cyberattack that disclosed the personal information MGM guests in September, the FTC issued a civil investigative demand (CID) in…
Impact of Tennessee’s Cybersecurity Class Action Safe Harbor
Here are some perspectives by law firms. From SheppardMullin: Tennessee has joined a handful of other states to provide certain safe harbors in the cybersecurity realm. Unlike others, the law sites beside -but does not modify- the states’ data breach notification law. Also unlike others, the safe harbor is very narrowly tailored, and is not triggered by…
Ph: Arrested Data Security Officer Admits To Hacking 93 Websites
Mark Ernest Villeza reports: A data security officer of the Manila Bulletin has admitted to hacking approximately 93 websites, including government and private company websites, as well as servers based abroad. In an interview with ABS-CBN aired on June 24, the hacker with the alias “Kangkong” revealed that he left a specific picture on the compromised websites as…
Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers
June 24, 2024 TLP:CLEAR SUMMARY The Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used in a social engineering campaign targeting healthcare, public health entities, and providers. Threat actors…
If the insider threat is at your vendor, could you discover it quickly?
Here’s today’s reminder of the insider threat. We start with a notice from Geisinger about a security incident involving Nuance Communications: Nuance Communications Inc., an outside vendor that provides information technology services for Geisinger, is notifying Geisinger patients that some personal information may have been accessed by a former Nuance employee. On Nov. 29, 2023,…
SEC Charges R.R. Donnelley for Ransomware Attack Response
Hunton Andrews Kurth writes: On June 18, 2024, the U.S. Securities and Exchange Commission (“SEC”) announced a settlement with R.R. Donnelley & Sons Co. (“RRD”), a global provider of business communication and marketing services, for violating the internal controls and disclosure controls provisions of federal securities laws in relation to Donnelley’s response to a 2021 ransomware attack….