Category: Data Breach

Don’t let Cyber Insurance be Your Cybersecurity Plan

In a recent letter to insurers, the New York State Department of Financial Services (“NYDFS”) acknowledged the key role cyber insurance plays in managing and reducing cyber risk – while also warning insurers that they could be writing policies that have the “perverse effect of increasing cyber risk.” If a cyber insurance policy does not … Continue Reading

Digital Transformation – Regulator Issues $80 Million Penalty for Not Doing It Right

By Romaine Marshall, Jon Washburn and Jose Abarca on August 19, 2020 Posted in Announcements, Cyber Attack, Cyber Crime, Data Breach, Regulators, Security

Digital transformation refers to the process of leveraging technology, people and processes to innovate or stay competitive. The main driver of this process is often data. For a vivid illustration see Data Never Sleeps, an infographic released by Domo, a leading business analytics company. While executing digital transformation the right way can lead to great … Continue Reading

Securing Online Shopping has Never Been More Important

By Jon Washburn and Fred Struve on July 1, 2020 Posted in COVID-19, Data Breach, Internet, Security, Software

In the wake of the COVID-19 pandemic, more consumers than ever before are shopping online – and they’re not likely to be very forgiving to any retailer that breaches their personal information. According to this recent survey from payment solutions provider PCIPal, 64% of people in the US would avoid a business following a COVID-19 … Continue Reading

Court Orders Disclosure of Capital One’s Incident Report

By Romaine Marshall and Jose Abarca on June 1, 2020 Posted in Data Breach

Last July, Capital One announced that an outside individual gained unauthorized access to information belonging to 100 million individuals in the United States and approximately six million in Canada.[1] Within days, lawsuits were filed nationwide asserting an assortment of claims relating to the data breach. Last week, in a class action filed in Virginia a … Continue Reading

Soon, All Ransomware Attacks May Be Data Breaches

By Jon Washburn and Romaine Marshall on March 18, 2020 Posted in Cyber Attack, Cyber Crime, Data Breach, Privacy, Security

As this recent article illustrates, many ransomware operators are now collecting information from victims before encrypting their data, and then threatening to release what they’ve collected – or actually releasing some of it – to increase the chance they’ll get paid. There have been many cases already where at least a portion of data has … Continue Reading

Cyber Risk Update for Construction Companies

By Tamara Boeck and Jon Washburn on November 11, 2019 Posted in Cyber Attack, Cyber Crime, Data Breach, Fraud, Privacy

Scammers are always seeking new ways to target victims for Business Email Compromise (BEC) scams, where they leverage email to try to convince you to give them credentials, send them confidential information like W2s, send them money by changing things like direct deposit instructions, or give any other data that can help them profit from … Continue Reading

Achieving Industry Standards

By Romaine Marshall on October 28, 2019 Posted in Cyber Attack, Cyber Crime, Data Breach, Privacy, Security

For Cybersecurity and Privacy, “What Are the Industry Standards? Are We Meeting Them?” These are questions the FTC Chairman, Joseph Simons, strongly suggested a CEO must ask before a data breach occurs to avoid the prospect of personal liability. These questions and statements by other commissioners emphasizing the FTC’s role – to bring about a … Continue Reading

HHS Issues Practical New Cybersecurity Guidance for Healthcare Businesses of all Sizes

By Dustin Berger and Sarah Bimber on February 19, 2019 Posted in Cyber Attack, Cyber Crime, Data Breach, ePrivacy, Phishing, Security

In late January, the U.S. Department of Health and Human Services’ Healthcare & Public Health Sector Coordinating Council issued a new cybersecurity guidance document for healthcare businesses of all sizes. The guidance document, entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” available at https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx, provides concrete and practical guidance for addressing what the … Continue Reading

Yahoo! Breach Class Action Poised to Settle

By Jon Washburn on October 29, 2018 Posted in Data Breach, Privacy, Security, Uncategorized

The Yahoo! class action over the 2013-2014 hacks, affecting 1 billion (later updated to 3 billion) accounts, is poised to settle for $85 million – and the provision of free credit monitoring services for 200 million account holders for 2 years. While $85 million may seem like a relative bargain compared to the $350 million Verizon … Continue Reading

Anthem Pays OCR $16 Million in Record-Breaking HIPAA Data Breach Settlement

By Sarah Bimber on October 18, 2018 Posted in Cyber Attack, Data Breach, HIPAA, Regulators, Security

The Office of Civil Rights (OCR) announced in a press release this week that Anthem, Inc. (Anthem), one of the nation’s largest health benefit companies, has agreed to pay $16 million and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. This settlement … Continue Reading

When was the last time you looked at RDP access?

By Jon Washburn on August 15, 2018 Posted in Cyber Attack, Cyber Crime, Data Breach, Security

A presentation at Black Hat recently revealed that the creators of the “SamSam” ransomware have netted over $6M to date, attacking mostly medium-to-large public and private sector organizations. And they’re showing no signs of slowing down. In the most recent SamSam attacks, the attackers concentrated their efforts on brute-force hacking of weak passwords on devices accessible … Continue Reading

List of Pending 2018 Breach Legislation

By Jon Washburn on March 19, 2018 Posted in Data Breach, Law/Regulation Update

While we have yet to see much in the way of major changes (or punishment) following the massive Equifax data breach last year, there are many changes being introduced at the state level with regard to breach notification, penalties, whether or not credit reporting agencies can charge you for freezing your credit, and consumer rights … Continue Reading

CNIL’s GUIDANCE FOR PROCESSORS – ANSWERS TO YOUR MOST PRESSING QUESTIONS

By Amy Carlson on November 20, 2017 Posted in Announcements, Data Breach, ePrivacy, EU, Law/Regulation Update, Regulators

See European Regulation on the Protection of Personal Data Guide Sub-Contractor Edition, September 2017. Are you a contractor within the meaning of European Regulation on data protection? Are you subject to EU regulation on data protection? What is the main change introduced by the European regulation for contractors? What are your obligations as of May … Continue Reading

Big Data is amazingly useful … and risky

By Jon Washburn on November 17, 2017 Posted in Data Breach, ePrivacy, Security

Per the Freedom of Information Act, US citizens have the right to access information from the federal government. We can visit Data.gov to search the more than 197,000 current datasets currently indexed on the site. While the intent is to leverage that data for the public good, there’s also an enormous amount of information available … Continue Reading

Proposed Oregon Legislation: Credit Card Data Breach Bill

By Robert Teel on November 8, 2017 Posted in Data Breach, Law/Regulation Update

We received a proposed data breach bill (available here) recently circulated in Salem. This draft is a variant of Oregon House Bill 2581 that died in committee. That bill would have required, among other things, merchants impacted by security breaches to notify issuing banks of all the credit cards subject to the breach. Compared to … Continue Reading

Should I Place A Fraud Alert vs. Security Freeze?

By Amy Carlson on September 21, 2017 Posted in Data Breach

Should I Place A Fraud Alert vs. Security Freeze? As a privacy professional, almost all your fellow employees were affected by the Equifax data breach. You may be asked about whether to place a fraud alert or a security freeze. You can send this guidance from the FTC on the difference between fraud alerts and … Continue Reading

Yawn – Another Company Failed to Patch. Wait! 144 Million Affected?

By Amy Carlson on September 21, 2017 Posted in Data Breach

Yawn – Another Company Failed to Patch. Wait! 144 Million Affected? A PR Disaster? Failure to promptly patch is an incredibly common cause of data breaches. Learn from Equifax’s situation about patching and communication. Boards, Senior Management and privacy personal should confirm that patches are applied promptly. Also, when breaches occur, hire and listen to … Continue Reading