Sg: Software firm fined $74k for data breach caused by weak password; half a million users affected

Ang Qing reports from Singapore: A company running online language lessons for children around the world used a password based on its website name, LingoAce, making it vulnerable to the data breach that resulted. More than half a million users were aff… Continue reading Sg: Software firm fined $74k for data breach caused by weak password; half a million users affected

UK NCSC and Insurance Associations Publish Guidance on the Approach to Ransom Payments

Financial and insurance organizations have been under increasing attack by Scattered Spider. Now there is more guidance for entities. Hunton Andrews Kurth notes: On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insuran… Continue reading UK NCSC and Insurance Associations Publish Guidance on the Approach to Ransom Payments

SEC amends Reg S-P to require data breach notification within 30 days

Aaron Nicodemus reports: The Securities and Exchange Commission (SEC) will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers with… Continue reading SEC amends Reg S-P to require data breach notification within 30 days

Dell notifies customers of breach; seller “Menelik” is ShinyHunters (1)

On April 28, a new forum user on BreachForums called “Menelik” claimed to have 49 million Dell Technologies customer records for sale. The Daily Dark Web provided a screencap and details from the listing.  The customer data purportedly incl… Continue reading Dell notifies customers of breach; seller “Menelik” is ShinyHunters (1)

Dell notifies customers of breach; seller “Menelik” is ShinyHunters (1)

On April 28, a new forum user on BreachForums called “Menelik” claimed to have 49 million Dell Technologies customer records for sale. The Daily Dark Web provided a screencap and details from the listing.  The customer data purportedly incl… Continue reading Dell notifies customers of breach; seller “Menelik” is ShinyHunters (1)

Years later, Marriott admits data were not encrypted before its 2018 data breach. Now what?

What might happen to a company that has been making false claims about its system security for more than five years after experiencing a massive data breach? Will state attorneys general, the SEC, and the FTC investigate and possibly penalize them for … Continue reading Years later, Marriott admits data were not encrypted before its 2018 data breach. Now what?