Apr 212018

Welcome to all new readers from Seton Hall Law School and attendees at the Artificial Intelligence Conference this week.

On this site, you’ll find news stories on data breaches from all sectors and from around the world. You’ll also find original investigations and reporting on breaches that you won’t find on other sites. Browse the categories to get a sense of how news stories are organized.  As of today, there are more than 21,000 posts archived.

In addition to reporting on specific breach incidents, I also post links to legal resources and analyses by law firms. Those are in the “Commentaries and Analyses” category.

To find links to state data breach laws, check out the breach laws page of this site.

This site gets updated throughout the day, subject to sufficient caffeine.

If you are particularly interested in health data breaches, you may also want to check out Protenus.com for their reports on breaches in the U.S. healthcare sector. This site provides the data and statistics that fuel their reports.

For privacy news and issues, see my companion web site, PogoWasRight.org.

You can also follow me on Twitter at @PogoWasRight, or email me at admin[at]databreaches[dot]net.

Cheers, and if you can’t find something you’re looking for, let me know and I’ll try to help you.

Apr 192018

Matt Burgess reports:

“Do not pretend that I do not exist, do not ignore me or break the deadlines,” was the message from one unknown hacker to a British company targeted in February 2018. The person stole a “very large quantity of data”.

Both the hacker and the hacked company are the subject of a High Court injunction. The legal ruling from judge Matthew Nicklin, has been taken out to stop the company being named and prohibits hacked data from being stolen.

The case gives an insight into one hacker’s demands to a company and how it responded. It is the latest in a number of injunctions being taken out by companies that are looking to protect information that has been stolen from their servers.

Read more on Wired (UK).

OK, I don’t see how this is going to stop the hackers from dumping data if they don’t get paid. Maybe some web hosts will honor/comply with an injunction and remove data, but there are just too many ways/places to dump data for this to really make a serious dent in the problem.   And what would stop a U.S. journalist from reporting on the breach, naming the company, and discussing any stolen data???

Apr 182018

David Bender writes:

Today, 34 global technology and security companies announced that they have signed a Cybersecurity Tech Accord, which publicly commits them “to protect and empower civilians online and to improve the security, stability and resilience of cyberspace.”  The signatories include Cisco, Dell, Facebook, HP, Intuit, and Microsoft.

The text of the Accord references recent events that have put online security at risk, and sets forth four principles:

Read more on Covington & Burling Inside Privacy.

Apr 172018

Ellen Nakashima reports:

The U.S. and British governments on Monday accused Russia of conducting a massive campaign to compromise computer routers and firewalls around the world — from home offices to Internet providers — for espionage and possibly sabotage purposes.

The unusual public warning from the White House, U.S. agencies and Britain’s National Cyber Security Center follows a years-long effort to monitor the threat. The targets number in the millions, officials say, and include “primarily government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors.”

Read more on the Washington Post.

Apr 162018

Oscar Williams-Grut reports:

Hackers are increasingly targeting “internet of things” devices to access corporate systems, using things like CCTV cameras or air-conditioning units, according to the CEO of a cybersecurity firm.

….  Eagan gave one memorable anecdote about a case Darktrace worked on in which a casino was hacked via a thermometer in an aquarium in the lobby.

“The attackers used that to get a foothold in the network,” she said. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”

Read more on Business Insider.

h/t, Troy Hunt