regulators – WindowsTechs.com

French privacy regulator slaps Facebook, Google with fines totaling nearly $240M

Posted on January 6, 2022 by Tim Starks

France’s privacy watchdog fined Google nearly $170 million and Facebook almost $70 million on Thursday for making it harder for users to refuse cookies — which store user information — than to accept them. The National Commission on Informatics and Liberty, or CNIL, also ordered Google and Facebook to fix that issue within three months or face daily fines of more than $100,000 from the restricted committee, the CNIL body that handles sanctions. “The restricted committee considered that this process affects the freedom of consent: since, on the Internet, the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favor of consent,” the CNIL wrote. That puts the two companies in violation of the French Data Protection Act, the commission said. On Facebook, YouTube and Google sites, one click can […]

The post French privacy regulator slaps Facebook, Google with fines totaling nearly $240M appeared first on CyberScoop.

Continue reading French privacy regulator slaps Facebook, Google with fines totaling nearly $240M→

Banks must report major cyber incidents within 36 hours under finalized regulation

Posted on November 19, 2021 by Tim Starks

Banks must report major cybersecurity incidents to federal officials within 36 hours under a rule that U.S. financial regulators finalized on Thursday. Beginning in May 2022, financial executives will need to be more forthcoming about computer system failures and interruptions, such as ransomware or denial-of-service attacks that have the potential to disrupt customers’ ability to access their accounts, or impact the larger financial system. The rule, dubbed the Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, was cemented by the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation. There is currently no specific window that banks must repot such incident to the agencies in question. The final approval comes as Congress weighs broader reporting rules for critical infrastructure owners and operators, and as the Transportation Security Administration has begun imposing reporting requirements on […]

The post Banks must report major cyber incidents within 36 hours under finalized regulation appeared first on CyberScoop.

Continue reading Banks must report major cyber incidents within 36 hours under finalized regulation→

SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage?

Posted on December 30, 2020 by Tim Starks

Every massive breach comes with a trail of lawsuits and regulatory ramifications that can last for years. Home Depot, for instance, only last month settled with a group of state attorneys general over its 2014 breach. The SolarWinds security incident that U.S. officials have pinned on state-sponsored Russian hackers is unlike anything that came before, legal experts say, meaning the legal liability could take even longer to resolve in court. As Congress, federal government departments and corporations reckon with the vast sweep of the SolarWinds breach, there are still many more questions than answers. Fewer pieces of it are less certain than how it might play out in court, where companies and individuals alike stand to gain or lose. Many millions of dollars, corporate blame and years of finger-pointing are on the line. That’s because the targets — government agencies, and some major companies — aren’t the usual kind of […]

The post SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage? appeared first on CyberScoop.

Continue reading SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage?→

Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are

Posted on December 23, 2020 by Sean Lyngaas

The North American electric grid regulator has asked utilities to report how exposed they are to SolarWinds software that is at the center of a suspected Russian hacking operation, and the regulator advised utilities that the vulnerability “poses a potential threat” to parts of the power sector. The North American Electric Reliability Corp. (NERC), a not-for-profit regulatory authority backed by the U.S. and Canadian governments, said in a Dec. 22 advisory to electric utilities that there was no evidence indicating that the malicious tampering of SolarWinds software had impacted power systems. But the fact that software made by Texas-based firm SolarWinds is used in the electric sector has made vigilance important, according to NERC. “At this time, NERC is not aware of any known impacts to bulk power system (BPS) reliability or system outages related to the SolarWinds compromise,” reads the advisory, which CyberScoop obtained. “However, the presence of SolarWinds […]

The post Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are appeared first on CyberScoop.

Continue reading Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are→

Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets

Posted on December 15, 2020 by Joe Warminsky

Regulators in Ireland have fined Twitter for failing to report a data breach promptly and not adequately documenting the incident, marking the first time the regulator has penalized a “big tech” company for violations of Europe’s data protection law. The fine of 450,000 euros, or about $550,000, stems from a bug that allowed thousands of people’s private tweets to be made public between late 2014 and early 2019, when Twitter reported the problem to European authorities. The social media company said it could only identify specific users affected by the breach from September 2017 onward — about 89,000 total over that stretch. The bug only affected users of Twitter’s Android app. Ireland’s Data Protection Commission issued the decision Tuesday on behalf of the European Union, under the EU’s General Data Protection Regulation (GDPR). Twitter’s European headquarters are in Ireland, as are those of Google, Facebook and several other multibillion-dollar U.S. […]

The post Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets appeared first on CyberScoop.

Continue reading Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets→

Insurer’s huge data exposure draws charges from New York state

Posted on July 23, 2020 by Jeff Stone

New York regulators have charged an insurer with violating state cybersecurity law for allegedly exposing hundreds of millions of documents that included Americans’ personal data, including Social Security numbers and financial information. The New York State Department of Financial Services announced legal action Wednesday against the First American Title Insurance Company, the second-largest real estate title insurer in the U.S. The company is accused of exposing customers’ Social Security numbers, bank account information, driver’s license numbers and mortgage and tax records through a software vulnerability that went undetected between May 2014 and December 2018. Upon discovering the flaw during a routine security test, the insurance company failed to fix it, DFS alleged. “After the data exposure was discovered by an internal penetration test in December 2018, First American failed to conduct a reasonable investigation into the scope and cause of the exposure, reviewing only 10 of the millions of documents exposed and […]

The post Insurer’s huge data exposure draws charges from New York state appeared first on CyberScoop.

Continue reading Insurer’s huge data exposure draws charges from New York state→

Facebook asks to be regulated kinda like a newspaper, kinda like telco

Posted on February 19, 2020 by Lisa Vaas

Zuckerberg is in Brussels right in time for the European Commission’s release of its manifesto on regulating AI. Continue reading Facebook asks to be regulated kinda like a newspaper, kinda like telco→

UK Warns Insurers About Cyber Risks

Posted on February 17, 2020 by Mark Rasch

Do you have cyber risk insurance? Are you sure? If the answer to that question is uncertain (and it should be uncertain), then there’s a huge, uncalculated risk. Not just to you, but to your insurance company. The UK’s main insurance regulator, the Ba… Continue reading UK Warns Insurers About Cyber Risks→

Policy and Procedures – Security Compliance

Posted on December 17, 2019 by Matthew Pascucci

All organizations have policies and procedures on how particular tasks and goals are established within the organization. The issue here is many of these are either word of mouth or haven’t been written down. This leads to having subjective polic… Continue reading Policy and Procedures – Security Compliance→

Zappos Offers Users 10% Discount in 2012 Breach Settlement

Posted on October 18, 2019 by Elizabeth Montalbano

Lawyers will get $1.6 million in a settlement that stems from a breach that affected more than 24 million customers. Continue reading Zappos Offers Users 10% Discount in 2012 Breach Settlement→