Tag

Cybersecurity

Browsing

The ICO has issued a statement confirming that organisations should immediately check to see whether they are potentially a victim of the cyber-attack carried out through the SolarWinds Orion IT management platform (see ICO statement). Initial technical research indicates that while the majority of potentially compromised users of Orion are based in the United States of America, there are significant numbers of users in the United Kingdom and EU. The versions of the software that…

Disruptive cyber-attacks aimed at supply chains are on the rise, as the recent SolarWinds security breach has so prominently brought to light. While your immediate IT infrastructure may not have been directly impacted by that breach, now may be a good time to check-in with you key service providers. If they host or in any way process digital assets on your behalf, there is reason for concern in light of the devastating SolarWinds security breach.…

Brian Hengesbaugh is joined by Jessica Nall, partner in Baker McKenzie’s San Francisco/Palo Alto office. Jessica and Brian discuss the series of cybersecurity incidents former giant Yahoo experienced in 2013 and 2014, and Jessica’s lessons learned as a lead attorney representing individuals in those cases in the following government investigations in 2016. Listen in to hear: What went wrong in the case, and why those failures remain relevant todayHow companies can avoid becoming a target…

The UK data protection regulator, the Information Commissioner’s office, has issued three significant monetary penalties over recent months focusing on cyber security issues. The most recent enforcement was a monetary penalty of £1.25 million on Ticketmaster in connection with an incident which occurred during February 2018 and June 2018 (although the enforcement only relates to the period after 25 May 2018 when the GDPR came into force). In the ICO’s view there was a failure…

The UK data protection regulator, the Information Commissioner’s Office, has issued a monetary penalty to £20m on British Airways in connection with a cyber-attack which took place in 2018. In the ICO’s view there was a failure to process personal data in a manner that ensured appropriate security, as required under Articles 5(1)(f) and Articles 32 of the GDPR. The incident commenced with a “supply chain attack” where BA’s network was accessed by an attacker…

On January 7, 2020, the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) announced its 2020 Examination Priorities that included cybersecurity practices. Soon after the publication of the OCIE Examination Priorities, on January 27, 2020, OCIE followed-up with a report entitled Cybersecurity and Resiliency Observations These two OCIE releases, along with prior SEC alerts and actions, provide strong indications that the SEC, in 2020, will be ramping up its focus…

As part of the Cyberspace Administration of China (CAC)’s recent push to accelerate formulation of the implementation rules of the China Cybersecurity Law (CSL), it published the draft Measures for Security Assessment of Export of Personal Information (for public consultations) on 13 June 2019 (“Draft Security Assessment Measures”). As the CAC appears to propose adopting two separate sets of rules and requirements on the security assessment of outbound provision of personal information and important data,…

Effective January 1, 2020, according to a new Cal. Civ. Code § 1798.91.04(a), manufacturers of connected devices offered for sale or sold in California must equip such devices with reasonable security features to protect the device and any information contained in them from unauthorized access, destruction, use, modification, or disclosure. Unlike the GDPR and other data privacy laws, which impose obligations on data controllers and processors, the Californian law applies to organizations irrespective of whether…

Taiwan’s Legislative Yuan recently in May 2018 passed the Cybersecurity Management Act (the Act, 資通安全管理法), and now awaits its implementation schedule (including effective date), which will be decided by the competent authority for the Act (Administrative Yuan) in the near future.In addition to government agencies, the Act also requires Providers of Critical Infrastructure (關鍵基礎設施提供者) to establish and maintain a safe, stable and secure cyber environment.Who is a Provider of Critical Infrastructure?The Act applies to providers…

Japanese cryptocurrency exchange CoinCheck confirmed on 26 January 2018 that it has been the victim of a massive hack, resulting in what would appear to be the largest cryptocoin theft of all time. In a press conference CoinCheck admitted that the current understanding was that the hackers had stolen around 523 million of the exchange’s NEM coins which, at the time of detection, were worth around $534 million. This would surpass the $400 million worth of…