The Massachusetts State Police Commonwealth Fusion Center (CFC) believes that cyber actors may use the current bank failures for future phishing and business email compromise (BEC) attacks. Cyber actors often use current events to mask their phishing campaigns to seem more believable and relevant. As everyone now knows, Silicon Valley Bank (SVB) became one of the largest banks to fail since the 2008 financial crisis. More recently, First Republic Bank also failed. … More
Tag Archives: hack
The SolarWinds Orion Hack: The Basics You Need to Know
By now, you have heard about the SolarWinds Orion hack. But what do you need to know about it?
First, if you want or need the technical details, the Cybersecurity and Infrastructure Security Agency (CISA) has them. In particular, on December 13, 2020, CISA released Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise, ordering federal civilian executive branch departments and agencies to disconnect affected devices.… More
A New Year’s Resolution: Wrap Your Car Fob in Foil!
Happy New Year! While you are making (and soon breaking) your resolutions, here’s another lifestyle change to consider for 2019: putting your car fob in foil at night before you go to sleep. Why? Because the fob’s signal can be hacked; thieves can hijack the signal to enter your car and steal it and/or its contents.
According to an article in the Detroit Free Press,… More
In Cybersecurity, No Harm Does Not Necessarily Mean No Foul
This article was originally published in Law360 with permission to reprint.
How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim.
Businesses confronting data breaches can face litigation from private consumers as well as from governmental entities. Managing litigation risk varies in these contexts because of the limitations of bringing private rights of action.… More
Target Data Breach Cases Progress, But Plaintiffs Face Uphill Battle
As previously discussed here, Target suffered a massive data breach at the end of last year that compromised the information of 70 million or more consumers. Within days of the announcement, class action lawsuits were filed against Target around the country, including in California, Massachusetts, Minnesota, Ohio, and Utah.… More
Rare Massachusetts Superior Court Decision Interpreting the CFAA Takes the Narrow View Without Squarely Addressing the Broad
This is a cross-post from our sister blog, Massachusetts Noncompete Law:
Judge Peter M. Lauriat of the Massachusetts Superior Court decided late last year that an employee who takes confidential documents from her employer’s electronic document system to use in a discrimination lawsuit against her employer is not liable to the employer under the Computer Fraud and Abuse Act (CFAA), especially when the employer knew about the lawsuit but nonetheless did not restrict the employee’s access to those documents while she was working for the employer. … More
Target Data Breach Escalates, Class Actions Begin
As previously discussed here, Target suffered a massive data breach that compromised the credit and debit cards of many of its customers. Now that the dust has started to settle, the extent of the breach is becoming clearer. In December, Target announced that 40 million credit and debit card numbers were stolen in this hack. Further investigation has uncovered that hackers also obtained the “names,… More
If You Haven’t Changed Your Password Since Our Last Blog Entry About Passwords, It’s Time You Did
In January, we provided some helpful hints about passwords, in our entry: Is Your Password Still "123456"? If So, It’s Time for a Change.
It’s been nearly a year, so it’s time to change your password again. In case you need some help, we liked the guidance provided by the public radio program, Marketplace, in a recent broadcast. Ironically, these recommendations come from an expert whose company’s password databases had just been hacked. … More
Cracking Down: FINRA Fines Blackmailed Brokerage Firm $375,000 for Violation of Reg S-P
On Monday, the Financial Industry Regulatory Authority (FINRA) announced that brokerage firm D.A. Davidson & Co. had consented to the imposition of a $375,000 fine for lax security measures that allowed hackers working for an “international crime group” to obtain personal information on thousands of customers.
The breach itself occurred in December 2007 when hackers used a “SQL injection” attack to obtain data on over 100,000 Davidson’s customers from the firm’s online account system. … More
Is Your Password Still “123456”? If So, It’s Time for a Change
If you or your co-workers use any of the passwords listed below, you are asking to be hacked. According to a report from the consulting firm Imperva, this list reflects an analysis of some 32 million passwords that an unknown hacker stole in December 2009 from RockYou, a company that makes software for users of social networking sites. Somewhat shockingly, the password “123456” was used by nearly 1% of all RockYou users;… More