fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

Capital One Fined $80 Million in Data Breach

The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank’s credit card holders.

Capital One failed in 2105 to establish effective risk management when it migrated information technology operations to a cloud-based service. The bank’s own internal audit failed to identify “numerous weaknesses” in its management the cloud environment and “engaged in unsafe or unsound practices that were part of a pattern of misconduct.”

Source: Capital One Fined $80 Million in Data Breach | SecurityWeek.Com

Morgan Stanley Hit with Class Lawsuit Over Alleged Data Breaches

Former and current Morgan Stanley customers have filed a putative class-action lawsuit alleging negligence and invasion of privacy over the firm’s failure to properly scrub decommissioned hardware of personal information such as social security numbers, account numbers and other personal data.

Morgan Stanley earlier this month began notifying brokers and customers that some client information remained on hardware from two data centers that were closed in 2016.

Source: Morgan Stanley Hit with Class Lawsuit Over Alleged Data Breaches – AdvisorHub

Proposed Amendment to the North Carolina Identity Theft Protection Act

In April 2019, with the introduction of House Bill 904, a bi-partisan effort was made to strengthen cyber security in North Carolina.

H.B. 904 seeks to make North Carolina’s Identity Theft Protection Act one of the strongest in the nation by broadening the definition of what constitutes a data breach, what proactive steps companies and employers must take to prevent a breach of their customers or employees’ personal information, and the penalties available to victims of data breaches, among other provisions.

Source: Proposed Amendment to the North Carolina Identity Theft Protection Act | Spilman Thomas & Battle, PLLC – JDSupra

Atlassian says encryption-busting law has damaged Australia’s tech reputation

Startup darling has taken further aim at the TOLA Act, echoing calls for the warrant process to have independent oversight.

Atlassian believes Australia’s encryption-busting legislation continues to have a negative impact on the country’s technology sector, both from the perspective of partnering with an Australian company and attracting tech talent down under.

Source: Atlassian says encryption-busting law has damaged Australia’s tech reputation | ZDNet

Years before big hack, Twitter contractors reportedly spied on celebs

Years before the July 15th attack on Twitter that let hackers compromise some of the social network’s most high-profile accounts to tweet Bitcoin scams, Twitter contractors apparently were able to use Twitter’s internal tools to spy on some celebrities, including Beyoncé, chronicling longtime security concerns at the company.

The tools in question typically allow certain Twitter staffers to do things like reset accounts or respond to content violations, but they could apparently also be used to spy on or hack an account.

Source: Years before big hack, Twitter contractors reportedly spied on celebs, including Beyoncé – The Verge

The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation

On Tuesday, July 21, 2020, the New York Department of Financial Services (NYDFS) brought its first enforcement action under its Cybersecurity Regulation against a large title insurer for failing to protect sensitive personal information.

The NYDFS is seeking civil monetary penalties, an order requiring the Company to remedy the alleged violations, and any other relief deemed just and appropriate.

Source: The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation

Garmin global outage caused by ransomware attack

The WastedLocker ransomware, used by a notorious Russian hacking group, is said to be to blame.

The incident began late Wednesday and continued through the weekend, causing disruption to the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices.

Source: Garmin global outage caused by ransomware attack, sources say | TechCrunch

EU citizens raise concerns about online data misuse

More than one in two citizens of the European Union are concerned about the misuse of their online data by fraudsters and cybercriminals, a new EU study has found.

As part of a recent survey undertaken by the EU’s agency for fundamental rights published on Wednesday, an average of 55% of respondents said they are concerned that the information they share online and on social media, could be maliciously accessed.

Source: EU citizens raise concerns about online data misuse – EURACTIV.com

Twitter notifies Irish DPC about hack

Social media company Twitter has officially informed Ireland’s Data Protection Commissioner (DPC) of a cyberattack involving high-profile accounts.

The DPC is reviewing the notification and has yet to decide if to launch an investigation into the incident, according to media reports.

Source: Twitter notifies Irish DPC about hack

The Twitter hack shows a major cybersecurity vulnerability: employees

Attackers keep finding ways to leverage human weakness to get around security measures.

On Wednesday, Twitter fell victim to hackers who used a “coordinated social engineering attack” to compromise some of Twitter’s highest-profile accounts—including those belonging to Barack Obama, Elon Musk, Bill Gates, and Kanye West—to launch a crypto scam targeting those users’ followers.

While cybersecurity advances have hardened IT infrastructure and made it increasingly difficult to hack systems remotely, criminals have a logical way around these measures: targeting the employees who are already inside the systems.

Source: The Twitter hack shows a major cybersecurity vulnerability: employees.

1 2 3 117
>