LATEST POST
President Biden Says He Will Veto Any Resolution That Repeals the New SEC Breach Disclosure Rule
While advocates for more transparency and timely disclosures in response to data breaches were generally pleased with the new disclosure rule by the SEC that went into effect on December 18, not everyone was pleased. In November 2023, Senator Thomas Tillis [R-NC] introduced bill S.J.Res.50 – A joint resolution providing for congressional disapproval under chapter […]
FBI director to warn that Chinese hackers are preparing to ‘wreak havoc’ on US critical infrastructure
CNN reports: FBI Director Christopher Wray on Wednesday is expected to warn that Chinese hackers are preparing to “wreak havoc and cause real-world harm” to the US. “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come […]
Attorney General James Sues Citibank for Failing to Protect and Reimburse Victims of Electronic Fraud
NEW YORK – New York Attorney General Letitia James today sued Citibank, N.A. (Citi) for failing to protect and refusing to reimburse victims of fraud. The lawsuit alleges that Citi does not implement strong online protections to stop unauthorized account takeovers, misleads account holders about their rights after their accounts are hacked and funds are stolen, […]
Ex-IRS Contractor Who Leaked Trump, Griffin Tax Data Gets Five Years in Prison
Bloomberg News reports: A former Internal Revenue Service contractor who stole and leaked the tax returns of former President Donald Trump, Ken Griffin, Elon Musk and other billionaires was sentenced to five years in prison. Charles Littlejohn, 38, pleaded guilty Oct. 12 to stealing Trump’s tax data from the IRS and leaking it to the New York Times. He also admitted taking tax […]
SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit
Bloomberg Law reports on a case that probably has a lot of CISOs somewhat nervous: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its software security representations defrauded […]
California Privacy Protection Agency Launches New Website with Privacy Rights Resources
Robinson + Cole informs us that the California Privacy Protection Agency (CPPA) has opened a new website at https://privacy.ca.gov/ with resources for California residents to help them understand their rights under the California Consumer Privacy Act (CCPA). The resources include how to submit a complaint against a business that has violated consumer rights under the […]
23andMe admits it didn’t detect cyberattacks for months
23andMe continues to garner negative press for its incident response. It seems like only yesterday that they were trying to blame victims for reusing passwords as the cause of a credential stuffing attack that resulted in the theft of ancestry and genetic data of almost seven million users. But how will they explain to regulators […]
New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying
As 2023 drew to a close, a report by Emsisoft made the bold recommendation to impose a flat-out ban on ransom payments in the event of cyberattacks. Their suggestion has spawned a good deal of discussion, including a new report by incident response firm Coveware, who disagrees strongly with the recommendation. The following is just […]