CyberJudicata Weekly Debrief (12/23–27)

Welcome to the first installment of the CyberJudicata Weekly Debrief!

In each Weekly Debrief, we will provide a snapshot into some of the week's news and insights in and around the cybersecurity and privacy space.

Data Breach

  • Philadelphia Inquirer – Wawa faces wave of lawsuits in aftermath of massive data breach

  • ​"Wawa has been hit with a wave of lawsuits claiming the company failed to protect consumers from a massive data breach that exposed their credit and debit card information. At least six lawsuits, seeking class-action status, have been filed in federal court in Philadelphia. They allege that Wawa failed to adequately secure its computer systems from hackers who installed malware affecting potentially all of its stores. The breach compromised cardholder names, numbers, and expiration dates used in-store and at gas pumps. The cyberattack went undetected for nearly nine months."

  • CSO Online – The biggest data breach fines, penalties and settlements so far

  • "Sizable fines assessed for data breaches in 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. In the UK British Airways was hit with a record $230 million penalty, followed shortly by a $124 million fine for Marriott, while in the US Equifax agreed to pay a minimum of $575 million for its 2017 breach.


  • Data Breach Today – Ransomware Attackers May Lurk for Months, FBI Warns

  • ​"Warning: Attackers wielding LockerGoga and MegaCortex ransomware have been hitting large corporate networks, sometimes lingering for months before deploying crypto-locking malware. That's according to a recent FBI flash alert, marked "TLP:AMBER" - restricted to receiving organizations. It was issued to certain U.S. businesses by the FBI, Bleeping Computerreports."

  • DarkReading – Ransomware Situation Goes From Bad to Worse

  • ​"New malware distribution techniques and functionality updates are sure to put more pressure on enterprise organizations in 2020. The surge in ransomware attacks on cities, municipalities, schools, and healthcare organizations this year is just a foretaste of what is likely come in 2020."


  • Data Breach Today – Will the U.S. Get a Federal Privacy Law?

  • ​"Democrats and the Republicans introduced a number of proposed bills in 2019 designed to create a federal privacy law. But will Congress be able to achieve a compromise in 2020? Reece Hirsch, a partner who heads the privacy practice at the law firm Morgan, Lewis and Bockius, says that while there is an increased interest in comprehensive federal privacy legislation in the wake of the passage of the California Consumer Privacy Act, Congress appears very far from reaching a consensus."

  • CNET – CCPA: Everything you need to know about California's new privacy law

  • "The most sweeping data-privacy law in the country kicks in Jan. 1. The CCPA, short for the California Consumer Privacy Act, gives residents of the Golden State the right to learn what data companies collect about them. It also lets Californians ask companies to delete their data and not to sell it."

  • LA Times – California is rewriting the rules of the internet. Businesses are scrambling to keep up

  • "A sweeping new law that aims to rewrite the rules of the internet in California is set to go into effect on Jan. 1. Most businesses with a website and customers in California — which is to say most large businesses in the nation — must follow the new rules, which are supposed to make online life more transparent and less creepy for users. The only problem: Nobody’s sure how the new rules work."

  • FPF – Comparing Privacy Laws: GDPR v. CCPA

  • "In November 2018, OneTrust DataGuidance and FPF partnered to publish a guide to the key differences between the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA). Since then, a series of bills, signed by the California Governor on 11 October 2019, amended the CCPA to exempt from its application certain categories of data and to provide different requirements for submission of consumer requests, among other things. The Guide has been updated to take into account these amendments."

. . .

#cyberjudicata #cyber #privacy

Contact Matross Edwards
Search By Tags
No tags yet.
  • Matross Edwards
  • LinkedIn
  • Twitter