Category Archives: Cyber Attacks

GettyImages-686643058

Targeting Public Services: How Municipalities and Gas Pipelines are Vulnerable to Cyberattacks

While the Facebook / Cambridge Analytica scandal has captured the public’s attention, two significant attacks on the City of Atlanta and natural-gas pipeline operators illustrate risk to fundamental human services, including law enforcement and consumer energy. On March, 22 2018, the City of Atlanta reported a ransomware cyberattack on government network servers, including servers hosting data for the Atlanta Police Department, preventing government employees from accessing information necessary to perform their duties. In particular, the police department was effectively handcuffed, and unable to access evidence…

Continue Reading....
iStock_000010623991_Medium

Consumers Have Standing for Data Breach Claims against Barnes & Noble

The Court of Appeals for the Seventh Circuit has issued its second decision in favor of consumers bringing claims against retailers for injuries following cyber attacks exposing sensitive consumer information in Diefenbach v. Barnes & Noble, Inc. On April 11, 2018 the court resurrected the class action brought against the book retailer by consumers whose debit card information was hacked in 2012. Specifically, the court ruled that the named plaintiffs properly alleged an injury under state consumer protection laws, including lost time, cost of…

Continue Reading....
Facebook Logo 21333270_l

New York AG Seeks to Require Privacy Violation Notifications

While the law has adapted to the reality of cyberattacks and data breaches, in the wake of recent revelations about Facebook use of personal information, New York’s Attorney General intends to propose legislation to address Privacy Violations — where personal information is obtained or used by organizations in violation of a platform’s terms of service, or the law. Facebook has recently acknowledged that data analytics firm Cambridge Analytica collected personal information of 50 million Facebook users without their consent as part of a political influence…

Continue Reading....
Data Protection

Study Finds Nearly Eighty Percent of Respondents Lack Formal Incident Response Plan on Cyberattacks

IBM Security has announced the staggering findings of the third-annual benchmark study on Cyber Resilience — an organization’s ability to maintain its core purpose and integrity in the face of cyberattacks. Conducted by the Ponemon Institute and sponsored by IBM Resilient, more than 2,800 security and IT professionals were surveyed around the world in preparation of “The 2018 Cyber Resilient Organization.” The study found that many organizations continue to be ill-prepared for a cyberattack. Some of the more staggering findings are as follows:

  • 77 percent

Continue Reading....
London_iStock_000054776234_Medium

Major Cyber Attack on Britain’s National Health Service

A widespread cyber attack has breached healthcare services across England and Scotland, possibly impacting up to 33 NHS organizations and additional general practitioners. The Prime Minister has confirmed the attack, and that the National Cyber Security Centre is already working with NHS digital to safeguard patient data. More information can be found here.  …

Continue Reading....
463151329

IRS Student Loan Application Program Breach Affecting up to 100,000 Taxpayers

On April 6, 2017, IRS Commissioner John Koskinen testified during a Senate Finance Committee meeting that the personal data of up to 100,000 taxpayers may have been compromised by hackers accessing both students’ and parents’ tax information through the Data Retrieval Tool (DRT), a free application for federal student aid data retrieval connected with the Free Application for Federal Student Aid (FAFSA). Obtaining such information allowed these hackers to file fraudulent tax returns and steal refunds. The last breach of this magnitude occurred in 2015,…

Continue Reading....
computer crime

Lessons in Cyber-Hygiene: How John Podesta was Caught by Phishing

Instead of a Hollywood-style cyberattack into an underground bank of highly secure servers, it appears Hillary Clinton’s campaign chairman John Podesta fell victim to a run-of-the-mill phishing email appearing to come from Google. On March 19, 2016, Podesta received an alarming email to his Gmail account indicating someone had accessed his account, inviting Podesta to click on a Bitly URL (a service providing shortlinks, or smaller URL addresses) pointing to a longer URL that looked like a Google link. According to Bitly’s statistics, the URL…

Continue Reading....
463151329

Credit Card Payment Coverage Declined: Cyberinsurer Not Obligated to Reimburse P.F. Chang’s for PCI Liability

In the most significant cyberinsurance coverage decision to date, an Arizona federal district court in P.F. Chang’s China Bistro v. Federal Insurance Co., No. CV-15-01322-PHX-SMM (D. Ari. May 31, 2016), granted summary judgment to Federal Insurance Company, acknowledging it had no duty to reimburse P.F. Chang’s China Bistro for payment card industry liability assessments under the CyberSecurity policy issued by Federal to P.F. Chang’s corporate parent. This decision represents a significant victory for cyberinsurers insofar as it upholds insurers’ marketing strategy of making available…

Continue Reading....

Forty Percent Increase in New York State Data Breaches

On Wednesday, May 4, 2016, New York State Attorney General Eric T. Schneiderman announced a 40 percent increase in reports of data breaches during 2016 as compared with the same time frame last year. As in a growing number of states and federal agencies, New York’s Information Security Breach & Notification Act, enacted in 2005, requires all individuals and organizations conducting business in New York to report any unauthorized access to personal information to affected individuals, law enforcement and other government officials. According to the…

Continue Reading....
iStock_000010623991_Medium

Iranians Use Cellular Modem to Hack Suburban NYC Dam

Any machine, if it’s connected to the internet, can be hacked; including the automated equipment controlling dams, steel mills and nuclear power facilities. As we previously reported here, criminals were able to take control of a German steel mill’s computerized production system, forcing an unscheduled shut-down causing “massive damage” in 2014. Likewise, in 2010, a cyberattack was able to disable Iran’s uranium enrichment centrifuges by targeting the software installed in the electronic equipment. This week, the Wall Street Journal reported that in 2013, Iranian…

Continue Reading....