Default title

BREACH REPORTING

IN THE UNITED STATES REPORTING IS MANDATORY

In the US reporting is mandatory within 30 days of a data breach.

There are also certain laws requiring various notification methods to alert affected individuals given the scope of the release.

In Canada we have no such reporting requirements and therefore have no way of knowing how breaches that a Canadian Company may experience line up with the American experience.

Identity Theft Resource Center has released its 2015 Current Summary and the data we take from it is very interesting. The number of records released from Healthcare related organizations constitute the largest amount of released records however the Business Category represents the most breaches.

Canadians tend to follow closely with our neighbors to the South and as such it is suspected that our results would be similar if mandatory reporting existed here.

Official source ITRC Report

RECENT THREAT POSTS

- Elizabeth Montalbano
Cybergang Claims REvil is Back, Executes DDoS Attacks
Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.
- Nate Nelson
Link Found Connecting Chaos, Onyx and Yashma Ransomware
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.
- Sagar Tiwari
Zoom Patches ‘Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
- Elizabeth Montalbano
Verizon Report: Ransomware, Human Error Among Top Security Risks
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.
- Sagar Tiwari
Fronton IOT Botnet Packs Disinformation Punch
Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.
- Threatpost
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.
- Elizabeth Montalbano
Snake Keylogger Spreads Through Malicious PDFs
Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.
- Threatpost
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. 
- Elizabeth Montalbano
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
- Elizabeth Montalbano
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

Archives

Leave a Reply

Your email address will not be published.

three + eight =