LATEST POST
Ex-IRS Contractor Who Leaked Trump, Griffin Tax Data Gets Five Years in Prison
Bloomberg News reports: A former Internal Revenue Service contractor who stole and leaked the tax returns of former President Donald Trump, Ken Griffin, Elon Musk and other billionaires was sentenced to five years in prison. Charles Littlejohn, 38, pleaded guilty Oct. 12 to stealing Trump’s tax data from the IRS and leaking it to the New York Times. He also admitted taking tax […]
SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit
Bloomberg Law reports on a case that probably has a lot of CISOs somewhat nervous: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its software security representations defrauded […]
California Privacy Protection Agency Launches New Website with Privacy Rights Resources
Robinson + Cole informs us that the California Privacy Protection Agency (CPPA) has opened a new website at https://privacy.ca.gov/ with resources for California residents to help them understand their rights under the California Consumer Privacy Act (CCPA). The resources include how to submit a complaint against a business that has violated consumer rights under the […]
23andMe admits it didn’t detect cyberattacks for months
23andMe continues to garner negative press for its incident response. It seems like only yesterday that they were trying to blame victims for reusing passwords as the cause of a credential stuffing attack that resulted in the theft of ancestry and genetic data of almost seven million users. But how will they explain to regulators […]
Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
From the law firm of Polsinelli PC: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage in financial activities […]
HPE: Russian hackers breached its security team’s email accounts
Bleeping Computer reports: Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company’s Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight Blizzard, aka Cozy Bear, APT29, and Nobelium, is a Russian state-sponsored hacking group believed to be part […]
Stolen credentials are big business
Panda Security has a blog post on phishing and how it so profitable that criminals don’t always use stolen credentials themselves — they just sell them to other criminals. From the blog post: Phishing attacks have one purpose – to steal your usernames and passwords. Cybercriminals use carefully crafted messages to trick you into visiting a […]
New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying
As 2023 drew to a close, a report by Emsisoft made the bold recommendation to impose a flat-out ban on ransom payments in the event of cyberattacks. Their suggestion has spawned a good deal of discussion, including a new report by incident response firm Coveware, who disagrees strongly with the recommendation. The following is just […]