The Washington Post reported that “Since at least March 2016… Russian hackers have ‘targeted U.S. government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.’”  The March 16, 2018 report entitled “Why Russian hackers aren’t poised to plunge the United States into darkness” includes this natural question “How serious is this hacking? View Full Post
Reuters reported that Judge Lucy Kohl ruled that “the plaintiffs could try to show that liability limits in Yahoo’s terms of service were “unconscionable,” given the allegations that Yahoo knew its security was deficient but did little.” The March 12, 2018 article entitled “Data breach victims can sue Yahoo in the United States” included these comments about Judge Kohl’s (US District Judge, Northern District of California) ruling: Yahoo was accused of being too slow to disclose three data breaches that occurred from 2013 and 2016, increasing users’ risk of identity theft and requiring them to spend money on credit freeze, monitoring and other protection services. View Full Post reported “that virtual currencies can be regulated by the U.S. Commodity Futures Trading Commission [CFTC].” The March 8, 2018 report entitled “Federal Court Just Ruled CFTC Can Regulate Crypto—But Agency Isn’t Alone” included these questions resolved by US District Judge Weinstein (Eastern District of New York) with a resounding “YES”: Is virtual currency a commodity? View Full Post reported a “new wave of phishing attacks aims to dupe users and steal their passwords by disguising malicious emails as tax-related notifications from the IRS.” The March 2, 2018 report entitled “Millions of Office 365 Accounts Hit with Password Stealers” included these comments: Barracuda Networks last month flagged a “critical alert” when it detected attack attempts to steal user passwords. View Full Post
Reuters reported that Equifax’s 2017 cyber incident where +147M consumers’ data was stolen included “costs mainly reflect technology and data security upgrades, legal fees, and free identity theft protection and credit monitoring offered to the more than 147 million consumers affected by the cyber security incident.”  The March 2, 2018 report entitled “Equifax expects $200 million in breach-related costs in 2018” reported a number of class action lawsuits: …as well as investigations by U.S. View Full Post reported about “a three-year battle, a regional court in Berlin has found that Facebook’s default privacy settings, terms of service, and requirement that users register under their own name violate Germany’s data privacy and consent rules. “  The article entitled “Facebook Foreshadowing: German Court Underscores Tech’s Uncertain GDPR Future” included these comments about how “the German court ruling was a signal that social media and tech companies may be wholly unprepared for the GDPR and may have a long way to go to become compliant with its mandates” and that: …people are going to be surprised by a lot of the fundamental heavy lifting and changes that they are going to have to do around the way that they design products going forward. View Full Post
The Securities and Exchange Commission (SEC) Chairman Jay Clayton announced the SEC’s approval of the “Commission Statement and Guidance on Public Company Cybersecurity Disclosures” under which “the disclosure requirements under the federal securities laws that public operating companies must pay particular attention to when considering their disclosure obligations with respect to cybersecurity risks and incidents.”  Chairman Clayton’s February 21, 2018 public statement entitled “Statement on Cybersecurity Interpretive Guidance” included these statements: In today’s environment, cybersecurity is critical to the operations of companies and our markets.  View Full Post
The Washington Post wrote an article that “State officials have been scrambling to address vulnerabilities in their systems, particularly since the fall, when the Department of Homeland Security disclosed the attempts on the 21 states. Though it is not believed there were further attacks, experts say Russian operatives may have been laying the groundwork for a more aggressive effort in 2018.” View Full Post recently interviewed Erin Nealy Cox (US Attorney for the Northern District of Texas since November 2017) who described her  “…expertise in cybersecurity will help me identify and communicate the threats to the affected communities so they can understand and craft solutions needed to defend themselves; and it will help me ensure that my prosecutors have the tools, training, and resources to prosecute vigorously those responsible for cyber crimes, wherever they may be located.” View Full Post
Money.CNN reported that Google’s Waymo (Google’s self-driving car program) sued Uber for theft of trade secrets, but during the middle of trial “accepted a settlement offer from Uber, which agreed to a deal that includes 0.34% of Uber’s equity at a $72 billion valuation, which works out to about $245 million.” View Full Post
Darkreading reports that there has been a new cyberattack at the FBI Internet Crime Complaint Center (IC3) which “scams people into providing personal data and downloading malicious files by impersonating the”… IC3…which is “intended to give the public a reliable means of reporting suspected illegal activity online.”  The February 2, 2018 report entitled “Cyberattack Impersonates FBI Internet Crime Complaint Center” includes these 3 versions of the IC3 scam: One involves a fake IC3 social media page requesting personal data to report Internet crime. View Full Post