CyberJudicata Weekly Debrief (12/23–27)
Welcome to the first installment of the CyberJudicata Weekly Debrief!
In each Weekly Debrief, we will provide a snapshot into some of the week's news and insights in and around the cybersecurity and privacy space.
"Wawa has been hit with a wave of lawsuits claiming the company failed to protect consumers from a massive data breach that exposed their credit and debit card information. At least six lawsuits, seeking class-action status, have been filed in federal court in Philadelphia. They allege that Wawa failed to adequately secure its computer systems from hackers who installed malware affecting potentially all of its stores. The breach compromised cardholder names, numbers, and expiration dates used in-store and at gas pumps. The cyberattack went undetected for nearly nine months."
"Sizable fines assessed for data breaches in 2019 suggest that regulators are getting more serious about organizations that don’t properly protect consumer data. In the UK British Airways was hit with a record $230 million penalty, followed shortly by a $124 million fine for Marriott, while in the US Equifax agreed to pay a minimum of $575 million for its 2017 breach.
"Warning: Attackers wielding LockerGoga and MegaCortex ransomware have been hitting large corporate networks, sometimes lingering for months before deploying crypto-locking malware. That's according to a recent FBI flash alert, marked "TLP:AMBER" - restricted to receiving organizations. It was issued to certain U.S. businesses by the FBI, Bleeping Computerreports."
"New malware distribution techniques and functionality updates are sure to put more pressure on enterprise organizations in 2020. The surge in ransomware attacks on cities, municipalities, schools, and healthcare organizations this year is just a foretaste of what is likely come in 2020."
"Democrats and the Republicans introduced a number of proposed bills in 2019 designed to create a federal privacy law. But will Congress be able to achieve a compromise in 2020? Reece Hirsch, a partner who heads the privacy practice at the law firm Morgan, Lewis and Bockius, says that while there is an increased interest in comprehensive federal privacy legislation in the wake of the passage of the California Consumer Privacy Act, Congress appears very far from reaching a consensus."
"The most sweeping data-privacy law in the country kicks in Jan. 1. The CCPA, short for the California Consumer Privacy Act, gives residents of the Golden State the right to learn what data companies collect about them. It also lets Californians ask companies to delete their data and not to sell it."
"A sweeping new law that aims to rewrite the rules of the internet in California is set to go into effect on Jan. 1. Most businesses with a website and customers in California — which is to say most large businesses in the nation — must follow the new rules, which are supposed to make online life more transparent and less creepy for users. The only problem: Nobody’s sure how the new rules work."
"In November 2018, OneTrust DataGuidance and FPF partnered to publish a guide to the key differences between the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA). Since then, a series of bills, signed by the California Governor on 11 October 2019, amended the CCPA to exempt from its application certain categories of data and to provide different requirements for submission of consumer requests, among other things. The Guide has been updated to take into account these amendments."
. . .