On March 21, 2022, President Biden warned U.S. companies, particularly those operating in critical infrastructure sectors, that “[b]ased upon evolving intelligence, Russia may be planning a cyberattack against us.” See details here. The evolving intelligence appears to be based upon, among other things, a March 18th advisory from the FBI to U.S.
Colin Jennings
President Biden Calls upon Companies’ Patriotic Obligation to Prepare for Cyberattacks
On March 21, 2022, President Biden publicly recognized that, while his Administration is prioritizing modernizing the federal government’s cybersecurity practices, it is the patriotic obligation of the private sector to invest as much as it can in preparing for cyberattacks.
Over the course of the past month, media images of the war in Ukraine show…
New Law Requires 72-Hour Notice for Cyber Incidents
Background
President Biden has recently delivered on a long stated priority of his presidency: requiring the disclosure of cyber security incidents for companies that operate critical infrastructure. After announcing an executive order in May 2021 aimed at modernizing the federal government’s cybersecurity practices, the same sweeping changes will now effect private companies that operate critical…
A Case Study in Appropriately Responding to the Log4J Cybersecurity Vulnerability
Just in time for the holiday season, and at a time when cybercriminals are generally most active, industry experts discovered a critical vulnerability in a software commonly used by companies. The software, Apache Log4j, is a popular Java library for logging in applications. The vulnerability enables a remote attacker to take control of a device,…
Truth Alert: You Can’t Hide From A Cyber Breach. It Could Be Criminal If You Do.
Good morning, all. The Consumer Privacy World team is out there again sharing wise advice on how to handle a cyber breach. This time, the team discusses organizational risk of a data breach, and how companies can learn something from Uber’s recent data privacy missteps that ended in a criminal complaint. In “Executive Responsibilities…
District Court Decides Capital One Forensic Report Dispute
On June 25, 2020, the United States District Court for the Eastern District of Virginia upheld a Magistrate Judge’s order, compelling Capital One to produce the Mandiant Report at issue in the matter of In Re: Capital One Consumer Data Security Breach Litigation (See MDL No.1:19md2915).
The decision put to rest the month-long dispute over…
Capital One Objects to Magistrate Judge’s Ruling Its Forensic Report Discoverable: Here are the Practical Takeaways
As has been widely reported, a magistrate judge in the Eastern District of Virginia recently ordered Capital One to produce a forensic report prepared by the cybersecurity firm Mandiant, holding that the report was not protected as attorney work product despite having been prepared at the direction of outside counsel. On June 9, 2020, Capital…
Cybercriminals Are Beginning to Master the Exploitation of Public Entities
“Public service is a public trust”
In March, 2020, a smaller municipality of approximately 145,000 people fell victim to a sophisticated ransomware attack. When city officials issued statements to the public that personal information was not compromised, the cybercriminals retaliated. The bad actors flooded the internet and dark web with personal information…