CyberJudicata Weekly Debrief (1/27–31)
This week's Weekly Debrief covers a variety of issues, including the Wawa data breach, a Maryland judge's ruling on an insurance case regarding IT damages, ransomware targeting ICS and a US government contractor, Clearview AI, and building compliant data privacy systems.
"Customer data exposed during a malware attack against convenience store chain Wawa have appeared on Joker's Stash, a marketplace on the so-called dark web for stolen credit card information."
"A federal judge has ruled that an insurer providing a 'business owner's insurance policy' to National Ink & Stitch, which sustained a ransomware attack in 2016 and was forced to replace most of its IT infrastructure, must pay for the damages the security incident caused."
"An Israeli cybersecurity firm said it believes a new strain of ransomware was created by Iran and has the ability to lock up or even delete industrial control systems."
"A US government technology contractor has become the latest major target taken down by a ransomware attack. Electronic Warfare Associates (EWA) counts the Department of Defense, Department of Justice and Department of Homeland Security among its clients. It describes itself as a veteran-owned business with a track record dating back over four decades."
"Gary DeMercurio, 43 of Seattle, and Justin Wynn, 29 of Naples, Fla., are both professional penetration testers employed by Coalfire Labs, a security firm based in Westminster, Colo. Iowa’s State Court Administration had hired the company to test the security of its judicial buildings."
"The New York Times’ recent story on Clearview AI, maker of a secretive facial recognition app that markets its product to law enforcement, has raised critical questions about what can be done to protect our privacy online. Clearview claims to have amassed a dataset of over three billion face images by scraping websites like Facebook, YouTube, and Venmo."
"The landscape of data privacy law has changed significantly over the last five years. With the General Data Protection Regulation (GDPR) going into effect in the EU in May 2018, data privacy compliance obligations forever changed for companies around the globe. For the first time, companies had to recognize new rights for consumers regarding their personal and sensitive data or face serious penalties."
. . .