Cyber Breach Archives - Page 4 of 5 - Data Privacy and Security™

Federal Cybersecurity Problems “Decades in the Making”

Yesterday, the House Oversight Committee received testimony from federal officials regarding the April 2015 cyberattack on the Office of Personnel Management (OPM), which compromised the personal information of approximately 4 million government employees and retirees, including social security numbers. The executive branch delayed reporting the incident until June 4, much to the dismay of the House Committee. OPM head Catherine Archuleta was under fire for what Committee Chairman Jason Chaffetz, R-Utah, called the “most devastating” cyberattack in United States’ history. Ms. Archuleta attempted to avoid… Continue Reading

May 12, 2015 Cyber Breach

“Anatomy of a Data Breach”

Blog contributor James M. Paulino II recently co-authored an article in DRI’s For the Defense. The article, “Anatomy of a Data Breach,” takes a look at fundamental concepts on both the technical and legal sides of the issue of cybersecurity to help companies and their counsel face the growing threat of data breaches head-on. “As the stage is set for the first major debate over federal legislation, two basic issues emerge for attorneys and clients alike. First and foremost, what exactly is a data… Continue Reading

May 11, 2015 Cyber Attacks / Cyber Breach / Cyber Risk

DOJ Issues Best Practices for Cyber Incident Response

The US Department of Justice, Criminal Division, Cybersecurity Unit has issued a 15-page best practices document “to assist organizations in preparing a cyber incident response plan and…in preparing to respond to a cyber incident.” The document explains in detail steps necessary before, during and after a cyber attack or intrusion, summarized in a “Cyber Incident Preparedness Checklist” (see below). “Any Internet-connected organization” is advised to review and adopt these best practices in order to provide a prompt, effective response to incidents, minimize resulting harm, expedite… Continue Reading

May 8, 2015 Cyber Attacks / Cyber Breach / Cybersecurity / White House

Senator Seeks Answers from President on White House Cyber Attack

Chairman of the Senate Committee on Commerce, Science and Transportation, John Thune, has sent an open letter to President Obama to address the cyber attack on the White House’s unclassified computer system in late-2014. The breach, allegedly by Russian hackers, was according to Senator Thune “more extensive than previously known,” and accessed “a great deal of sensitive information, such as schedules, policy discussions, and e-mails sent and received by” Mr. Obama, “including exchanges with ambassadors.” Following increased attacks across Executive Branch departments and agencies, Mr.… Continue Reading

April 27, 2015 Class Action / Cyber Breach / Cybersecurity / Lawsuit

Recent Class Action Settlements By Target & Adobe

Adobe’s impending settlement in a class action comes just a month after Target settled claims for $10 million. Although confirmatory discovery is ongoing according to Law360, Adobe and the named class members are expected to present their settlement proposal to District Judge Lucy Koh by the end of May. Last year, both Adobe and Target lost motions to dismiss that challenged the plaintiffs’ Article III standing based on the U.S. Supreme Court’s 2012 decision in Clapper v. Amnesty International USA. This may have been… Continue Reading

April 27, 2015 Cyber Breach / Cyber Risk / Cybersecurity

House Overwhelmingly Passes Two Cyber Threat-Sharing Bills, Senate Poised for Third

On Wednesday, April 22, by a vote of 307-116, the House passed its first major cybersecurity bill of 2015, the Protecting Cyber Networks Act (PCNA), backed by the leadership of the Committee on Intelligence, which would shield private companies when sharing cyber threat data with government civilian agencies, including the Commerce and Treasury Departments. A second bill, The National Cybersecurity Protection Advancement Act of 2015 (NCPAA), which amends the Homeland Security Act of 2002, was passed by the House the following day, Thursday April 23,… Continue Reading

March 24, 2015 Class Action / Cyber Attacks / Cyber Breach / Lawsuit

Target to Change Security Policies and Pay $10 Million to Settle Data Breach Lawsuit

U.S. District Court Judge Paul Magnuson has indicated that he will grant preliminary approval of a 97-page settlement agreement between Target and class-action plaintiffs. Under the settlement, Target will pay $10 million to compensate injured customers, with court documents suggesting as much as $10,000 for a victim. In total, 42 million shoppers had their credit or debit information stolen, and 61 million had personal data stolen from November 27 through December 18, 2013. The settlement also requires Target to change its security policies within 10… Continue Reading

March 11, 2015 Cyber Attacks / Cyber Breach / Cybercrime / Lawsuit

Hackers Charged with Stealing 1 Billion E-mail Addresses

The U.S. Department of Justice has unsealed indictments against three hackers for having broken into eight email service providers (ESPs), stealing 1 billion email addresses and names, and receiving $2,000,000 for the sale of products to those email addresses through a “spam” sales scheme. According to the indictments filed with the U.S. District Court for the Northern District of Georgia, Canadian David-Manuel Santos Da Silva and Viet Quoc Nguyen and Giang Hoang Vu from Vietnam used an email phishing scheme beginning in 2009 to gain… Continue Reading

March 11, 2015 Cyber Attacks / Cyber Breach / Cyber Risk / Cybersecurity / Financial Security

SEC, FINRA and the U.S. Senate Prepare for Cyberattacks in 2015

Two major government agencies have issued reports addressing security of brokerage and advisory firms, and two U.S. Senators have declared their intention to expand cyber-security laws into automobiles. In February, the SEC released two major publications (here and here) regarding risks for brokerage and advisory firms, as well as adjusters. The Financial Industry Regulation Authority (FINRA), a private corporation managed by financial industry insiders and billed as the self-appointed “regulator” for NYSE and NASDAQ, has issued a report to assist broker-dealer firms with… Continue Reading

March 3, 2015 Cyber Attacks / Cyber Breach / Cyber Risk / Cybersecurity / Financial Security / Lawsuit

Third Circuit Reviews FTC’s Authority To Enforce An “Unreasonable Failure” To Protect Against A Cyber Attack

Today, the Third Circuit heard oral argument in a case that may have a profound impact on the Federal Trade Commission’s enforcement authority over corporate cybersecurity. The question presented to the Court of Appeals is whether the FTC can pursue an enforcement action against a company under Section 5 of the FTC Act if the FTC believes that a cyber-hack occurred due to the company’s “unreasonable failure” to protect consumer data. The FTC alleges that Wyndham Worldwide did not “employ reasonable and appropriate measures to… Continue Reading