Litigation and legal developments concerning data breaches.
Deloitte has been getting its name in the news this month, but not in a good way. First, a ransomware group named “Brain Cipher” claimed to have attacked Deloitte UK. Deloitte responded to their claims by denying that their network was breached and stating that the breach involved a single client’s system that is not […]
The Hacker News reports that a notorious Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested: According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a […]
A recent article by Allen Matkins Leck Gamble Mallory & Natsis LLP begins: On May 29, 1453 the walls of Constantinople had stood unbreached for more than a thousand years. Yet on that day, the army of Sultan Mehmed II was able to force entry into the city through the Gate of St. Romanus. The Byzantine Emperor Constantine […]
It seems like everything is “AI” these days, but there’s also an increasing awareness of the flaws or risks in using AI for some purposes, including AI making up things that just aren’t true (called “hallucinations”). But there are also cybersecurity risks. From Covington and Burling: On October 16, 2024, the New York Department of […]
Legislation proposed in September would mandate minimum cybersecurity requirements in the healthcare sector. Kevin Wood, the Chair of Winstead’s Healthcare Industry Group, writes: …. Senators Ron Wyden (D-OR) and Mark Warner (R-VA) introduced the Health Infrastructure Security and Accountability Act (HISAA) on September 26, 2024. Like HIPAA and HITECH before it, which established minimum levels […]
South Korea’s Personal Information Protection Commission has fined Meta 21.61 billion won for leaking the personal information about its users without their consent. That’s $15.5 million at today’s conversion rate. Joong Ang Daily reports: The Personal Information Protection Commission (PIPC) said Meta had collected such information about 980,000 users located in Korea via their Facebook […]
Bundeskriminalamt (BKA) announced the seizure of two websites and two arrests: In an internationally coordinated operation by the Central Office for Combating Internet Crime ( ZIT ) of the Public Prosecutor General’s Office in Frankfurt am Main, the Hessian State Criminal Police Office ( HLKA ) and the Federal Criminal Police Office ( BKA ) on suspicion of various cybercrime offenses, officers of the HLKA executed […]
Christopher R. Smith of Epstein Becker & Green, P.C. writes: On July 12, 2024, the FDA provided small dispensers—those employing 25 or fewer full-time pharmacists or pharmacy technicians—with an exemption from the Drug Supply Chain Security Act’s (“DSCSA”) enhanced drug distribution security (“EDDS”) requirements until November 27, 2026.[1] The FDA had previously announced a stabilization period effectively delaying […]
The Record reports that the Securities and Exchange Commission has charged four cybersecurity firms for their disclosures stemming from the SolarWinds incident in 2020: The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s announcement is the result […]
Should regulators do more naming and shaming?
The U.K. Information Commissioner’s Office did an interesting two-year trial and the results suggest that publicly reprimanding public sector entities over breaches and data leaks is an effective strategy — even without any monetary penalties. Infosecurity Magazine reports: The publication of reprimands following data leaks has been cited as an “effective” deterrent for public authorities. […]