Data Breach

Nine Ways that Companies Get Hacked

This one page article explains the 9 most common ways your clients and companies get hacked — in a single page Palm Beach Bar article. Don’t know a DDOS from a SQL attack? Brute force or a reverse brute force. Read the kama sutra of hacking-for-lawyers, here.

Data Breach

The Government Can Sue Your Company For Negligent Cyber Security

The recent cases of FTC v. Wyndham and In Re TerraComm and YourTel America, we have seen that federal government agencies are pursuing companies who have negligent cybersecurity standards — and the government is winning. In fact, the government need not point to specific statutory violations to win these cybersecurity cases …

Data Breach

20+ Federal Government Agencies’ Standards for Cyber Security

In light of the rulings in FTC v Wyndham and In Re TerraCom and YourTel, it is evident that government agencies are taking the position that they can pursue “common law” cyber security negligence claims rather than relying on standards set by regulation or statute.  At least some of these …

Data Breach

Department of Defense: Interim Rule on CyberSecurity

The Department of Defense has issued an Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS). The specific focus is on new rules  which require contractor reporting on network penetrations. Additionally, this Rule implements DoD policy on the purchase of cloud computing services. The Interim Rule is here. According to …

Data Breach

NIST Draft Practice Guide: Securing Electronic Health Records on Mobile Devices

The National Institute for Standards and Technology issued a “draft” version of a Cybersecurity Practice Guide aimed at doctors, hospitals, and other health care providers. The 82-page Guide discusses how medical providers access patient data remotely and that “the use of mobile devices to store, access and transmit electronic health care …

Data Breach

Second Cir: Facebook Case Reveals Difference b/t CFAA & SCA Statute of Limitation Periods

The Second Circuit confirmed that the Computer Fraud and Abuse Act (18 USC 1030) and the Stored Communications Act (18 USC 2701) calculate the starting point of their two year statute of limitation differently.  If someone’s email and/or social media accounts are hacked, the statutory periods are calculated differently.  This …

Data Breach

Recent Government Guidelines on Data Breach / Cyber Security

Various federal agencies have been busy this Winter-Spring 2015 issuing various guidelines regarding data breach and cyber security: DOJ Best Practices for Victim Response and Reporting of Cyber Incidents (April 2015) – drafted “with smaller, less well-resourced organizations in mind…” Office of National Coordinator for Health Information Technology (April 2015) …

Data Breach

Storm v Paytime — Data Breach Case

According to Judge John E. Jones, III, “[t]here are only two types of companies left in the United States… ‘those that have been hacked and those that don’t know they’ve been hacked.’” Citing the now infamous USAToday article statistic that 43% of companies have experienced a data breach, the US …