On March 15, 2022, the FTC announced a proposed settlement with custom merchandise platform CafePress in connection with the company’s alleged failure to implement reasonable security measures, and its alleged attempt to cover up a 2019 data breach.
Continue Reading FTC Announces Proposed Settlement with CafePress over Alleged Data Breach Cover Up
Hacker
New York Attorney General Announces 1.1 Million Accounts Compromised in Credential Stuffing Attacks
The New York Office of the Attorney General recently announced the results of an investigation into “credential stuffing,” which uncovered 1.1 million compromised accounts from cyberattacks on 17 well-known companies. The announcement included a “Business Guide for Credential Stuffing Attacks,” detailing the attacks and providing tips for businesses to protect themselves.
Continue Reading New York Attorney General Announces 1.1 Million Accounts Compromised in Credential Stuffing Attacks
Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies
On November 8, 2021, law enforcement agencies in both the United States and European Union announced that a series of actions, including a number of arrests, were taken against the Russia-linked ransomware group, “REvil.” …
Continue Reading Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies
FTC Bans Stalkerware App Company from the Surveillance Business and Orders Company to Delete Any Illegally Collected Information
On September 1, 2021, the FTC banned the operator of a stalkerware app company and its CEO from offering, promoting, selling or advertising any surveillance app, service or business, alleging that the app allowed purchasers to illegally surveil other individuals by monitoring their device activity without their knowledge. …
Continue Reading FTC Bans Stalkerware App Company from the Surveillance Business and Orders Company to Delete Any Illegally Collected Information
UK High Court Dismisses Claims Following DSG Data Breach
On July 30, 2021, the UK High Court handed down its judgment in the case of Warren v DSG Retail Ltd [2021] EWHC 2168 (QB), determining that the claimant could not seek damages on the basis of misuse of personal information, breach of confidence or common law negligence following a data breach.
Continue Reading UK High Court Dismisses Claims Following DSG Data Breach
Court Authorizes FBI to Remove Web Shells from Compromised Microsoft Exchange Servers
On April 13, 2021, the U.S. Department of Justice announced that the Federal Bureau of Investigation executed a court-authorized removal of malicious web shells from hundreds of vulnerable computers in the U.S. …
Continue Reading Court Authorizes FBI to Remove Web Shells from Compromised Microsoft Exchange Servers
Dutch Regulator Fines Booking.com 475,000 Euros for Late Breach Reporting
On March 31, 2021, the Dutch Data Protection Authority, announced a fine of 475,000 Euros for Dutch headquartered online travel agency Booking.com for failure to report a data breach within 72 hours of becoming aware of the incident in 2019.
Continue Reading Dutch Regulator Fines Booking.com 475,000 Euros for Late Breach Reporting
Florida Water Hack Shows Danger of Remote Access Vulnerabilities
On February 8, 2021, Pinellas County, Florida officials announced that a hacker had remotely gained access to the City of Oldsmar’s water treatment system on two separate occasions and was able to change the setting for sodium hydroxide in the water supply. The incident highlights the danger to local government information systems and the dangers of remote access vulnerabilities.
Continue Reading Florida Water Hack Shows Danger of Remote Access Vulnerabilities
D.C. Court Rejects Attorney-Client Privilege and Work Product Protections in Data Breach Case
On January 12, 2021, in Wengui v. Clark Hill, PLC, et al., the United States District Court for the District of Columbia rejected a law firm defendant’s assertions of the attorney-client privilege and work product doctrine for forensic reporting and other related information associated with its outside counsel’s data breach investigation. …
Continue Reading D.C. Court Rejects Attorney-Client Privilege and Work Product Protections in Data Breach Case
ICO Fines Ticketmaster 1.25 Million Pounds for Security Failures
On November 13, 2020, the UK Information Commissioner’s Office fined Ticketmaster UK Limited £1.25 million for failing to keep its customers’ personal data secure.
Continue Reading ICO Fines Ticketmaster 1.25 Million Pounds for Security Failures