In a session at RSA Conference 2021, three cybersecurity experts said top priorities among the U.S. Cyberspace Solarium Commission's recommendations that have not yet been carried out are adopting a federal data breach notification law and improving public-private partnerships.
Since the supply chain attack that targeted SolarWinds was uncovered in December 2020, some members of Congress have been pushing for a nationwide data breach notification law. In a panel discussion at RSA Conference 2021, federal officials and a legal expert offered insights on what such a law might require.
A data security incident involving a Canada-based insurer that provides comprehensive health coverage to students studying abroad shines a light on complex international regulatory issues companies can face in the wake of a data breach.
The ransomware attack against Colonial Pipeline, which has disrupted the flow of gasoline and other petroleum products throughout the eastern U.S. since Friday, is prompting members of Congress to call for new cybersecurity regulations and ask probing questions about regulators' scrutiny of security measures.
After a ransomware incident, Colonial Pipeline Co. has restored smaller pipelines that ship fuels to the U.S. East Coast, but its larger ones are still offline as it assesses safety. Citing U.S. officials, The Associated Press reports the company was infected by the DarkSide ransomware group.
The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools. Also featured: Report shows attackers' dwell times plummeting; a call for partnership with law enforcement.
SmileDirectClub, which sells teeth-straightening appliances, expects that a recent cyberattack, which disrupted the manufacturing of its products, will take a $10 million to $15 million bite out of its second-quarter revenue.
The American College of Emergency Physicians says a "malware" attack affected tens of thousands of the group's current and former members as well as members of three other emergency medical professional organizations.
The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government. The groups are exploiting vulnerabilities in Ivanti's Pulse Connect Secure.
U.S. insurance giant Geico says fraudsters stole driver's license numbers from its website after they supplied personal information that they had acquired elsewhere. The driver's license numbers are believed to have been used to fraudulently apply for unemployment benefits, the insurer says.
About 70 major health data breaches have been added to the federal tally in the last four weeks as ransomware attacks have persisted and breaches at vendors have affected clients.
The University of Hertfordshire has sustained a cyber incident that severely affected students' online classes and an assignment submission portal. The university, however, notes the incident did not lead to data theft.
Four editors at Information Security Media Group discuss important cybersecurity issues, including Facebook’s latest data leak and how adversaries continue to innovate and evolve.
The American Bankers Association and three other banking groups have voiced objections to provisions in a proposed federal cyber incident notification regulation. For example, they say the definition of a reportable "computer security incident" is too broad and would result in the reporting of insignificant events.
The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requiring prompt breach notification, several senators said at a Wednesday hearing.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.