Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

Equifax data breach fallout – hundreds of class action suits and SEC subpoena

Equifax faces hundreds of class-action lawsuits and an SEC subpoena over the way it handled its data breach

“Equifax, the credit reporting firm, is facing more than 240 class-action lawsuits from consumers — in addition to suits from shareholders and financial institutions — over the way it handled a massive data breach that affected 145.5 million Americans. The lawsuits were detailed in the company’s third-quarter earnings report Thursday, its first since revealing the breach in September. The incident prompted three top officials to leave the company, including former chief executive Richard Smith. Equifax also said in its filings that it had received subpoenas from the Securities and Exchange Commission, as well as the U.S. Attorney’s Office for the Northern District of Georgia “regarding trading activities by certain of our employees in relation to the cybersecurity incident.” Shortly after news of the breach broke, reports circulated that top officials had sold Equifax stock after the company found out about the breach, but before disclosing it to the public. Equifax said this week that it had cleared its executives of wrongdoing after an internal investigation found that the executives did not personally know about the breach before their stock sales. To date, SEC Chairman Jay Clayton has not confirmed or denied that the SEC is investigating those executives for insider trading, according to the Associated Press.”

Department of Homeland Security 2017 Privacy Office Annual Report to Congress

“The work of the DHS Privacy Office supports all five core DHS missions articulated in the Quadrennial Homeland Security Review: (1) prevent terrorism and enhance security; (2) secure our borders; (3) enforce our immigration laws; (4) safeguard cyberspace; and (5) strengthen national preparedness, as well as the important cross-cutting goal to mature and strengthen homeland… Continue Reading

Equifax says it owns all its data about you – really!

Senate Commerce Committee Hearing – Protecting Consumers in the Era of Major Data Breaches – November 8, 2017: “…“Massive data breaches have touched the vast majority of American consumers,” said [Senator John] Thune [R- S.D.]. “When such breaches occur, urgent action is necessary to protect sensitive personal information. This hearing will give the public the… Continue Reading

EFF – Here’s How Congress Should Respond to the Equifax Breach

“There is very little doubt that Equifax’s negligent security practices were a major contributing factor in the massive breach of 145.5-million Americans’ most sensitive information. In the wake of the breach, EFF has spent a lot of time thinking through how to ensure that such a catastrophic breach doesn’t happen again and, just as importantly,… Continue Reading

New York Times is Now Available as a Tor Onion Service

Runa Sandvik is the Director of Information Security at The New York Times: “Today we are announcing an experiment in secure communication, and launching an alternative way for people to access our site: we are making the website available as a Tor Onion Service…One way we can help is to set up nytimes.com as an… Continue Reading

FERC Proposes New Security Management Controls for Grid Cyber Systems

“The Federal Energy Regulatory Commission (FERC) [on October 19, 2017] proposed new cyber security management controls to further enhance the reliability and resilience of the nation’s bulk electric system. These include mandatory controls to address the risks posed by malware from transient electronic devices like laptop computers, thumb drives and other devices used at low-impact… Continue Reading

Enabling Blockchain Innovation in the U.S. Federal Government

GCN.com – “As more government agencies investigate the potential for blockchain technology, ACT-IAC has put together a primer, Enabling Blockchain Innovation in the U.S. Federal Government. Including thought leaders from government and industry, ACT-IAC’s Blockchain Working Group was created in May at the request of the General Services Administration. Jose Arrieta, director of the Office… Continue Reading

Common Internet of Things Devices May Expose Consumers to Cyber Exploitation

From FBI News Release, October 17, 2017: “In conjunction with National Cyber Security Awareness Month, the FBI is re-iterating the growing concern of cyber criminals targeting unsecure Internet of Things (IoT) devices. The number of IoT devices in use is expected to increase from 5 billion in 2016 to an estimated 20 to 50 billion… Continue Reading

NIST – Passphrases are the new way to protect your digital world

NIST Blog, Mike Garcia: “…First, I’m going to share the takeaways from our new password guidance. Simply put: Use passphrases, not passwords. Then, I’m going to explain the absolute most important thing to know about passwords: Try not to use them at all. And if you do, don’t rely on passwords, or even passphrases, alone.… Continue Reading

DHS issues operational network security directive to all federal agencies

FCW.com: “The Department of Homeland Security is requiring agencies to use new email and web security guidelines that address man-in-the-middle attacks. A binding operational directive from DHS gives federal agencies 90 days to implement a pair of tools, Domain-based Message Authentication Reporting and Conformance (DMARC) and STARTTLS. DMARC is an email authentication tool designed to… Continue Reading

Cybersecurity, Encryption and United States National Security Matters

Cybersecurity, Encryption and United States National Security Matters, Senate Armed Services Committee, September 13, 2016 (published September 2017), via FAS. Steven Aftergood, Secrecy News: “What constitutes an act of war in the cyber domain? It’s a question that officials have wrestled with for some time without being able to provide a clear-cut answer. But in… Continue Reading

Active Cyber Defense Certainty Act

The Register: “Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them. The Active Cyber Defense Certainty Act (ACDC) [PDF] amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber-miscreants legal in America… Continue Reading