Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Marriott Confirms Over 5 Million Passport Numbers Stolen in Data Breach

Marriott International Inc. has released new numbers relating to its Starwood Hotel’s reservation database by stating that 5 million passport numbers were stolen in the database. After further investigation, Marriott states that the information for fewer than 383 million guests (as opposed to 500 million) were exposed. The data that was compromised of these guests … Continue Reading

HHS Issues Cybersecurity Practices for Health Care Industry

Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and health care experts. The publication, Health Industry Cybersecurity Practices: Managing Threats and … Continue Reading

Top Cybersecurity Risks for the Health Care Industry

Clearwater Compliance’s newest CyberIntelligence Insight Bulletin concludes that the top three cybersecurity risks for the health care industry, which accounts for 36.8% of reported critical risk incidents include: 1) user authentication deficiencies, including storing passwords in obvious places where others can find them such as on the computer monitor or under the keyboard, using generic … Continue Reading

Two More Cyber-Attacks Reported – Ransomware Suspected at Several Major News Organizations and Hackers Threaten to Release 9/11 Insurance and Litigation Files

Late last week, several major news organizations were hit with a ransomware attack believed to involve Ryuk ransomware that affected several Tribune newspapers around the country and two newspapers formerly owned by Tribune. Ransomware cyber-attacks typically attempt to disable systems and infrastructure and block access until ransom is paid as opposed to attempting to steal … Continue Reading

Experian® Predicts Cyber Threats in 2019

Experian’s Data Breach Resolution group has released its Data Breach Industry Forecast 2019 Report, which provides predictions for data breaches in 2019, and outlines staggering statistics of data breaches that occurred in 2018. One statistic is that the “number of records compromised in the first half of the year had already surpassed the total number … Continue Reading

A Very Smart Primer on Smart Contracts—An Example of What One Financial Services Regulator is Doing to Foster FinTech

The Commodity Futures Trading Commission’s LabCFTC recently released “A CFTC Primer on Smart Contracts” as part of LabCFTC’s effort to engage with innovators and market participants on a range of financial technology (FinTech) topics. The Primer offers a clear and concise explanation of “smart contracts” and their potential impact on the CFTC’s mission to foster … Continue Reading

Cyber Criminals Recruiting Employees on the Dark Web to Assist with Fraud Schemes

Darkreading.com has issued a survey entitled: Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web which states that malicious insiders are responsible for 27 percent of all cybercrime. This statistic confirms that cyber criminals are increasingly recruiting insiders by using the dark web as a recruiting tool. So not only do businesses … Continue Reading

Recruiting Scams on the Rise

With more companies hiring, online recruiting scams have re-emerged to prey on job seekers and employers. The Better Business Bureau tracked more than 3,000 recruiting scams in the first 10 months of 2018 with losses in the million dollars. The online recruiting scam works this way: the scammer fraudulently uses a company’s name and logo, … Continue Reading

The Financial Stability Board’s “Cyber Lexicon” – Global Jargon for a Global Mission

On November 12, the Financial Stability Board (FSB) published a Cyber Lexicon, designed to help financial institutions around the globe address “financial sector cyber resilience.” The Cyber Lexicon sets forth definitions for 54 “core terms related to cybersecurity and cyber resilience in the financial sector.” “Cyber Resilience,” one of the 54 definitions, is defined as … Continue Reading

UK Information Commissioner’s Office Issues Guidance on Use of Encryption and Passwords in Connection with GDPR

The “security principle” under the General Data Protection Regulation (GDPR) requires that organizations process personal data securely by means of “appropriate” technical and organizational measures. This month, the United Kingdom’s Information Commissioner’s Office (ICO) issued new guidance focused on two specific measures the ICO recommends that companies consider in complying with the GDPR security requirements: … Continue Reading

Ransomware Continues to Be Top Threat to Small Companies

According to a new report by Datto, Inc. (its third annual Global State of the Channel Ransomware Report), ransomware continues to be the top cyber-attack experienced by small- and medium-sized companies. Some managed service providers were surveyed in Singapore, the Asia-Pacific region and across the globe. Fifty-five percent of them said their clients had experienced … Continue Reading

FTC Announces Cybersecurity Resources for Non-Profits

Non-profit organizations collect, use and disclose personal information just like any other for-profit industry. However, non-profit organizations often don’t have the same resources to devote to data security as their for-profit counterparts. The risk is the same, but the ability to defend and respond is more challenging due to more limited resources that can be … Continue Reading

Hackers Tamper with Trademark Applications and Registrations in USPTO System

The U.S. Patent and Trademark Office (USPTO) announced last week that it has discovered that unauthorized users have attempted to hack into its online trademark system to attempt to make unauthorized changes to active trademark applications and registrations. They have also tried to register marks owned by others on third-party brand registries. According to USPTO, … Continue Reading

New Ethics Guidance for Lawyers from the American Bar Association (ABA) Regarding Data Breach and Cyber-attack

We all know data breaches can impact all of us, regardless of whether we are a Fortune 500 company or a small business. Lawyers, of course, are not immune from data attacks and recent guidance from the American Bar Association Standing Committee on Ethics and Professional Responsibility illustrates how critical it is for lawyers and … Continue Reading

SEC Report Cautions Companies to Consider Cyber Threats with Internal Controls

The Securities and Exchange Commission (SEC) this week issued an investigative report that outlined cyber incidents that nine public companies had experienced, causing fraudulent losses totaling more than $100 million. The conclusion of the report is that public companies “should consider cyber threats when implementing internal controls.” The investigations focused on business email compromises where … Continue Reading
LexBlog