LATEST POST
Snowflake addresses a targeted campaign directed at users with single-factor authentication
Snowflake has issued a statement disputing claims made by some threat actors that were published by a security vendor. The vendor, in response to a legal threat from Snowflake, subsequently deleted their article. The Hacker News reports: Cloud computing and analytics company Snowflake said a “limited number” of its customers have been singled out as […]
Northern Minerals Ltd. targeted in cyber attack prior to removal of Chinese investors
ABC News in Australia reports: An Australian company that runs a strategically crucial heavy rare earth project has been revealed to have been targeted in a suspected cyber attack as Treasurer Jim Chalmers orders Chinese investors to be removed. On Monday Mr Chalmers instructed Yuxio Fund and four other international companies linked to China to […]
Debt collection agency updates breach disclosure to indicate more than 3 million people affected
Bleeping Computer reports that nationally licensed debt collection agency Financial Business and Consumer Solutions (FBCS) has updated its breach disclosure to indicate that more than 3 million people were affected by a breach in February. FBCS, which collects debts involving consumer credit, auto loans and leases, student loans, commercial, and healthcare, initially reported in April […]
New FTC Data Shed Light on Companies Most Frequently Impersonated by Scammers
From the Federal Trade Commission: New data from the Federal Trade Commission shows that Best Buy/Geek Squad, Amazon, and PayPal are the companies people report scammers impersonate most often. A newly released data spotlight shows that consumers in 2023 submitted about 52,000 reports about scammers impersonating Best Buy or its Geek Squad tech support brand, followed by […]
At least 15 Cencora/Lash Group clients affected by hacking incident; more than 542,000 patients already notified
In February, Cencora (formerly known as AmerisourceBergen/Lash Group) filed notice of a cybersecurity incident with the Securities and Exchange Commission: On February 21, 2024, Cencora, Inc. (the “Company”), learned that data from its information systems had been exfiltrated, some of which may contain personal information. Upon initial detection of the unauthorized activity, the Company immediately took containment […]
Tennessee Passes Law Restricting Data Breach Class Action Suits
Linn Foster Freedman of Robinson + Cole notes that Tennessee Governor Bill Less has signed legislation into law that will shield private entities from class action lawsuits stemming from cybersecurity incidents unless the event was caused by willful, wanton, or gross negligence. The bill amends TCA Title 29 and Title 47. Freedman comments: This bill […]
SEC Staff Provides Guidance on Cyber Form 8-K Reporting
On May 21, 2024, the U.S. Securities and Exchange Commission (“SEC”) published interpretive guidance on reporting material cybersecurity incidents under Form 8-K. Lawyers at Hunton Andrews Kurth comment: Since December 18, 2023, when the SEC’s rules for reporting material cybersecurity incidents under Item 1.05 on Form 8-K took effect, we have identified 17 separate companies that have made disclosures under […]
SEC Charges Intercontinental Exchange and Nine Affiliates Including NYSE with Failing to Inform the Commission of Cyberattack
A press release from the Securities and Exchange Commission (SEC): Washington D.C., May 22, 2024 — The Securities and Exchange Commission today announced that The Intercontinental Exchange, Inc. (ICE) agreed to pay a $10 million penalty to settle charges that it caused the failure of nine wholly-owned subsidiaries, including the New York Stock Exchange, to […]