CyberNews reports: Sun Life data was exposed after MOVEit hackers breached Pension Benefit Information (PBI), jeopardizing hundreds of thousands of individuals. Sun Life, a financial services company managing a trillion dollars worth of assets, informed the Maine Attorney General that a third-party breach had impacted 212,129 individuals. Earlier this year, the company was impacted by […]
Bloomberg reports: New York regulators assigned heightened cybersecurity requirements to banks, insurers, and financial services providers based in the state with the release of finalized rule amendments Wednesday. Covered entities will have to use multifactor authentication, expand cybersecurity governance duties, and conduct consistent threat testing under the regulation updated by the New York Department of Financial Services. […]
The Hill reports: The U.S. sued a software company targeted in a massive Russian cyber espionage campaign Monday. The Securities and Exchange Commission (SEC) suit against Texas-based SolarWinds is seeking civil penalties, reimbursement of “ill-gotten gains” and the removal of the company’s top security executive, Tim Brown, according to The Associated Press. “We allege that, for years, […]
Eric Geller reports: The Biden administration and dozens of foreign allies will pledge this week never to pay ransoms to hackers who lock up their national governments’ computer systems, hoping to discourage financially motivated cyber criminals from seeing those systems as attractive ransomware targets. The joint promise will occur as part of the third annual […]
October 2023 marks the 20th anniversary of the effective date of the Gramm-Leach-Bliley Safeguards Rule. Its purpose then – and its purpose now – is to protect consumers by requiring entities covered by the Rule to “develop, implement, and maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer […]
Stock prices often fall after a major breach is announced. Many will rebound quickly, but not all do. Here is an example from this past week of a firm taking a significant stock hit shortly after a breach was announced. CNBC reports: Shares of cybersecurity firm Okta closed down 11.5% after the company said an unidentified hacking group had […]
An international group of law enforcement agencies have seized the dark web portal used by the Ragnar_Locker ransomware gang. The notice appeared today, and although there have been no press releases yet by either Interpol, Europol, or the FBI, TechCrunch was able to get confirmation from a spokesperson for Europol that information will be released […]
The same individual, “Golem,” who leaked DNA data from 23andMe on BreachForums has now leaked even more data. While the original leak was described as relating to Ashkenazi Jews, the newest leak of more than 4 million records was described as being users from Great Britain and Germany, including data from “the wealthiest people living […]
From a recent article on Reuters: Government regulators are seemingly as numerous as the stars nowadays, especially in the universe of data incidents. When organizations experience a data incident, they will need to quickly assess what happened, why it happened, and who (e.g., clients, consumers, vendors, employees) was affected. They will also need to chart […]
International Counter Ransomware Initiative 2023 Joint Statement
Released by the White House, November 2, 2023 The 50 members of the International Counter Ransomware Initiative (CRI)—Albania, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Colombia, Costa Rica, Croatia, the Czech Republic, the Dominican Republic, Egypt, Estonia, the European Union, France, Germany, Greece, India, INTERPOL, Ireland, Israel, Italy, Japan, Jordan, Kenya, Lithuania, Mexico, the Netherlands, New […]