Cybersecurity

Vendor involved in SolarWinds declined to share info, former CISA head says

Former US Cybersecurity and Infrastructure Security Agency director Chris Krebs has told Congress that a contractor involved in the SolarWinds hack declined to disclose information about the breach – illustrating how public contractual confidentiality requirements can block investigations into large-scale breaches.

11 February 2021

FTC acting chief hints at hardline enforcement approach

Acting US Federal Trade Commission chair Rebecca Kelly Slaughter has suggested the agency should use its full arsenal to tackle companies that have grown powerful off the back of troves of consumer data.

11 February 2021

Competing Facebook class action filed in the UK

A writer and campaigner has sued Facebook on behalf of individuals allegedly affected by the Cambridge Analytica scandal, potentially setting the stage for a clash with a similar class action filed two months beforehand.

09 February 2021

The BA class action in numbers

A recent ruling in the UK British Airways GDPR data breach class action shows that only a small fraction of potential claimants have signed up – but the lawsuit could still be worth tens or hundreds of millions of pounds.

08 February 2021

US court finds LabMD in contempt

A US federal judge has found medical research firm LabMD to be in contempt of court for failing to pay fees associated with a long-running legal battle against a cybersecurity firm.

08 February 2021

FTC stands by Zoom enforcement action

The US Federal Trade Commission has finalised its settlement with Zoom for misleading consumers about the company’s data security, despite criticism by the commission’s new acting boss.

02 February 2021

Data privacy will drive 2021 technology innovation

The covid-19 pandemic, changing perceptions and more are set to drive cybersecurity and AI innovation, say Forensic Risk Alliance partner Britt Endemann and chief innovation officer Harsh Sutaria.

01 February 2021

CNIL keeps hacked companies' identity secret

UPDATED on 28 January with CNIL response: France’s data watchdog has revealed it has fined a popular website and its processor over a credential-stuffing attack that led to the loss of customer data – but has chosen not to name either party.

27 January 2021

Trump mandates KYC for cloud providers

In one of his administration’s final acts, former US President Donald Trump issued an executive order requiring web service providers to verify the identity of foreign persons to whom they sell infrastructure-as-a-service (IaaS) products.

26 January 2021

Brazil mandates internet equipment security by design

Brazil’s telecommunications regulator has issued requirements for the country’s internet infrastructure to have built-in security features aimed at thwarting cyberattacks.

22 January 2021

Get unlimited access to all Global Data Review content