Attorney Advertising

Articles Tagged with Cybersecurity

by

butterfly-1427284-m.jpgMost people by now have heard of the Heartbleed bug. It’s the programming flaw in one of the most common encryption methods on the internet: OpenSSL. It makes what should be secure websites, and the personal information they contain, vulnerable to hackers. It is more important, though, than just another internet threat. Every business should consider whether it can be liable for depending on the vulnerable encryption software in the first place. This is especially important in light of the Federal Trade Commission’s efforts to ensure that businesses take reasonable precautions to protect their customers’ digital data.

The same day the Heartbleed bug was announced, April 7, 2014, Federal District Court Judge Esther Salas, upheld the Federal Trade Commission’s right to police corporate cybersecurity practices. As we previously mentioned, the court denied Wyndham Worldwide Corp.’s motion to dismiss a suit the FTC brought against it which arose out of three separate alleged hacking incidents that occurred over a two year period.

According to a story by Matt Egan published on April 8, 2014 in Fox Business.com, the FTC sued Wyndham Worldwide Corp. and three subsidiaries, alleging that Wyndham, unreasonably and unnecessarily, exposed consumers’ personal data to unauthorized access and theft that resulted in hundreds of thousands of customers having their payment card account information exported to a domain registered in Russia and a fraud loss of more than $10 million. The suit reportedly alleged that, among other things, Wyndham:

  • Failed to use readily available security measures like firewalls;
  • Allowed software to be configured inappropriately;
  • Failed to ensure hotels implemented adequate information security policies;
  • Failed to remedy known security vulnerabilities.

[Emphasis supplied]

What makes the ruling especially relevant to the Heartbleed bug is the way that the encryption software the bug affects is developed and maintained.
Continue reading

by

classified-1432995-m.jpgThere are a few recent developments in the field of cybersecurity that businesses, individuals, and fraud investigators alike should take note of. One is a recent case which, if followed, could expand a business’ liability for security breaches and the others are new tools businesses possibly could use to protect against that same liability.

Digital information, including how to protect it and prevent fraud, is always a fascinating topic. New advances in digital security go hand in hand with ingenuous ways to steal digital information. It is fun to follow, in the same way it is fun to watch Wile E. Coyote chase the Roadrunner: the chase never really ends, they always come back for more, and they use bigger and better gadgets every time.

Cybersecurity, though, is more than just a fun-read. It has real-world implications. According to a report published in the Wall Street Journal, Federal District Court Judge Esther Salas, on Monday, April 7, 2014, upheld the Federal Trade Commission’s right to police corporate cybersecurity practices to ensure businesses take reasonable precautions to safeguard their customers’ data. The FTC reportedly sued Wyndham Worldwide Corp. and three subsidiaries, in 2012, after hackers broke into the company’s corporate computer system and the systems at several individual hotels, between 2008 and early 2010, and allegedly stole credit and debit card information from hundreds of thousands of customers. The FTC alleged that Wyndham did not take reasonable measures to protect its customers’ information from theft. It cited what it alleged were wrongly configured software, weak passwords and insecure computer servers. Wyndham argued that the FTC did not have the statutory authority to police corporate cybersecurity. The FTC argued that its authority came from its 100 year old statutory power to protect consumers from businesses that engage in unfair or deceptive trade practices. There was no finding of liability, but the court reportedly upheld the FTC’s right to bring the suit. The lawsuit reportedly seeks to have the court order Wyndham to improve its security measures and fix whatever harm its customers suffered.

With the possibility of federal enforcement of what amounts to a “reasonable-precautions” cybersecurity standard, businesses, not just fraud investigators, should pay attention to the potential tools at their disposal to protect their clients’ information.

The technological advances in keeping things secret are ingenuous. Much like the mythical jackalope, or my favorite, the basselope, they use things that do not seem to have anything to do with each other, to come up with something better: A more effective lock and key to turn away prying eyes from private information they should not see.
Continue reading

Contact Information