Collaborate Disseminate
Kellen Dwyer, Kim Peretti, and Emily Skahill of Alston & Bird write: The Department of Justice dealt a blow to global cybercrime on April 6 with the takedown of a massive botnet controlled by “Sandworm”—the Russian General Staff Main Intelligence D… Continue reading How to Fight Foreign Hackers With Civil Litigation
Alyssa M. Sones of SheppardMullin writes about a data breach lawsuit with a somewhat different, albeit unsuccessful, approach. Sones explains: Fraser’s allegation that Mint had a role in helping the hacker gain control of his phone number sets this cas… Continue reading Mint gets data breach claims dismissed
Hunton Andrews Kurth writes: On May 10, 2022, as part of the Queen’s Speech, the UK government announced its intention to introduce a Data Reform Bill (the “Bill”). The UK government’s background and briefing notes to the Queen’s Speech state that the … Continue reading UK Announces Data Reform Bill
Capital One will pay $190 million to resolve claims it jeopardized customer information in a 2019 data breach. The settlement benefits around 98 million Capital One customers whose information was compromised as part of the 2019 data breach. Read more … Continue reading Capital One to settle 2019 data breach class action lawsuit for $190 million
Brian Krebs reports: The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned … Continue reading DEA Investigating Breach of Law Enforcement Data Portal
A criminal complaint was unsealed today in federal court in Brooklyn charging Idris Dayo Mustapha, a citizen of the United Kingdom, with computer intrusion, securities fraud, money laundering, bank fraud and wire fraud, among other offenses. The charg… Continue reading Cybercriminal Charged with Unauthorized Computer Intrusion, Securities Fraud, Wire Fraud and Other Crimes
Theresa Defino reports: Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and business associates (BAs). And, if Congress agrees, its… Continue reading OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief
Ionut Ilascu reports: Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind… Continue reading Hackers are now hiding malware in Windows Event Logs
Dan Goodin reports: Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world’s biggest and most sensitive networks. The vuln… Continue reading Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
Keegan Brooks writes: The DeKalb County School District has been making thousands of files containing sensitive student and staff information widely accessible to anyone in the district. Types of information exposed have included social security number… Continue reading Insufficient Data Security and Disregard for Student Data Privacy Plague the DeKalb County School District; With Commentary by Jim Siegl