Default title

BREACH REPORTING

IN THE UNITED STATES REPORTING IS MANDATORY

In the US reporting is mandatory within 30 days of a data breach.

There are also certain laws requiring various notification methods to alert affected individuals given the scope of the release.

In Canada we have no such reporting requirements and therefore have no way of knowing how breaches that a Canadian Company may experience line up with the American experience.

Identity Theft Resource Center has released its 2015 Current Summary and the data we take from it is very interesting. The number of records released from Healthcare related organizations constitute the largest amount of released records however the Business Category represents the most breaches.

Canadians tend to follow closely with our neighbors to the South and as such it is suspected that our results would be similar if mandatory reporting existed here.

Official source ITRC Report

RECENT THREAT POSTS

- Tara Seals
FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks
The infamous Carbanak operator is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure "pen-testing" company.
- Lisa Vaas
REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say
A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.
- Tara Seals
Cisco SD-WAN Security Bug Allows Root Code Execution
The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
- Elizabeth Montalbano
Threat Actors Abuse Discord to Push Malware
The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.
- Becky Bracken
U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn
Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said.
- Tara Seals
TA551 Shifts Tactics to Install Sliver Red-Teaming Tool
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.
- Lisa Vaas
Gigabyte Allegedly Hit by AvosLocker Ransomware
If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.
- Nate Warfield
Why is Cybersecurity Failing Against Ransomware?
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
- Elizabeth Montalbano
Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween
Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production.
- Lisa Vaas
Google Crushes YouTube Cookie-Stealing Channel Hijackers
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels. 

Archives

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen − three =