Under new U.S. Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. Alex Hamerstone, advisory solutions director at TrustedSec, discussed the challenges ahead.
An Ohio community college is notifying 290,000 people of a data theft breach this spring that may have compromised their personal and health information. Security researchers say small schools such as this are now favored targets. Some 80% of schools have reported hacking incidents in the past year.
The drumbeat for potential federal legislation to better protect sensitive health information - or at least new regulations - appears to be growing louder in Congress. One of the Senate's four lawmaker doctors is quizzing the healthcare industry on ways to safeguard health data.
Australia's information commissioner has urged organifzations to quicken the process of notifying those affected by data breaches instead of spending months analyzing each incident. Angelene Falk said it can take anywhere from 20 days to five months to notify breach victims, putting them at risk.
The new U.S. reporting requirements will force publicly traded companies in industries outside of financial services with fewer regulations to improve their security practices. Snyk CEO Peter McKay advised public companies in possession of credit card numbers or other PII to level up.
Cybersecurity doublespeak is never a good sign, especially when it comes in a letter this week addressed to half a million current and former employees of fast-fashion retailer Forever 21, warning them that their personal information was stolen in an eight-week breach discovered in March.
London's Metropolitan Police Service is investigating a serious data breach that may have exposed names, ranks and photographs for potentially all 47,000 personnel, after someone gained "unauthorized access to the IT system" of one of its suppliers.
The parent company of subprime lender TitleMax is warning nearly 5 million customers that a data breach affecting them is worse than was previously reported. In addition to names and Social Security numbers, TMX now reports attackers stole payment card data and card security codes.
A Georgia healthcare system is notifying over 180,000 individuals of a data compromise involving a hack first detected a year ago, in which attackers accessed and copied a range of patient information. The incident spotlights growing breach response and notification challenges some entities face.
The fallout from the Clop cybercrime group's mass theft of data from MOVEit servers continues to increase. Colorado's state healthcare agency alone is now notifying 4 million affected individuals. The latest tally of victims has reached 670 organizations and 46 million individuals.
Public companies disclosing a cyber incident under the new U.S. reporting requirements should focus on the business impact and stay away from the technical pieces, said Venable's Grant Schneider. The disclosure should examine how the incident will affect revenue, profitability and public perception.
A nonprofit firm that administers government dental programs in Canada paid a "substantial" ransom for a decryptor key and the destruction of data stolen in a recent ransomware attack. But the company is now notifying nearly 1.5 million individuals that the hack compromised their data.
Tampa General Hospital is facing at least three proposed federal class action lawsuits filed in recent days following the nonprofit Florida healthcare provider's disclosure late last month of a data theft incident that affected 1.3 million patients and employees.
Police officers in Northern Ireland are sounding alarms over their personal safety after a data breach revealed the surnames and locations where they serve for nearly 10,000 police officers and staff. Experts warn this could lead to "their death or injury" at the hands of criminals or terrorists.
Colorado's Department of Higher Education is warning that it suffered a ransomware attack in June, in which attackers stole personal data on current and past students and teachers, dating from 2004 to 2020. While the state has yet to wrap its probe, the victim count could be massive.