Organizations need to develop "a friendly business relationship" with law enforcement so they can share information about a data breach to help with the investigation, says Luis Cerritos of the Royal Canadian Mounted Police.
Richard Smith has exited the Equifax building. Following in the footsteps of the CIO and CSO, Richard Smith - Equifax's embattled CEO and board chairman - has "retired" following the company suffering a massive breach that has left millions of Americans at risk of identity theft.
The chairman of the Securities and Exchange Commission, Jay Clayton, promised the Senate banking committee Tuesday that his agency is pursuing numerous cybersecurity improvements in the wake of a May 2016 breach.
Researchers investigating the CCleaner malware outbreak have had a lucky break: The attackers' backup server shows that they pushed secondary malware onto systems at Intel, VMware, Fujitsu and Asus, among others, as part of what appears to be a very targeted attack campaign.
"Big four" accounting firm Deloitte suffered a breach last year that may have exposed 5 million internal emails as well as usernames and passwords, client information and health details, the Guardian reports.
Organizations that must comply with Europe's GDPR need to identify gaps in their ability to meet various requirements, including making prompt breach notifications and gaining consumers' consent to store their data, says Sunil Chand of Grant Thornton.
All the key players of a company's management group, including the CISO, need to be involved in the decision about whether to invest in cyber insurance, says Greg Markell of Ridge Canada Cyber Solutions, a cyber insurer.
Summit Credit Union of Wisconsin is seeking class-action status for a lawsuit against credit bureau Equifax. The credit union contends it will have to bear the fraud costs resulting from Equifax exposing a massive amount of U.S. consumer data in one of the worst data breaches ever seen.
An attack campaign involving a trojanized version of the CCleaner Windows utility, built and distributed by British developer Piriform, was much more extensive than it first appeared and may have installed backdoor software on endpoints at hundreds of large technology firms.
The chairman of the U.S. Securities and Exchange Commission will face the Senate Banking Committee next week following the agency's belated disclosure that in May 2016, hackers stole secret market data from the SEC's systems and apparently used it for "illicit gain through trading."
Canada had been lagging behind the U.S. and some other nations in terms of breach notification regulations, but now it's catching up, says attorney Imran Ahmad, who explains new regulations that are going into effect.
The deadly hurricane season has prompted federal regulators to issue several specific HIPAA waivers in recent weeks. But are such waivers really necessary? And what actions can healthcare providers take during a crisis even without a waiver?