Topic: cybercrime

Subscribe to cybercrime RSS feed

Singapore legal update: Firm warned for WhatsApp personal data disclosure

Singapore’s Personal Data Protection Commission has on 21 March 2017 issued a warning to a local firm for disclosing a former employee’s personal information in a company WhatsApp group. A director at the firm, Executive Coach International, had shared highly sensitive information about the former employee with 58 members of a chat group comprising staff … Continue reading

Legal Implications of DDoS Attacks and the Internet of Things (IoT)

Data Protection Report - Norton Rose FulbrightSeveral significant distributed denial-of-service (“DDoS”) attacks have taken place in the last few weeks, including a major event involving a domain name service provider (Dyn), which caused outages and slowness for many popular sites like Amazon, Netflix, Reddit, SoundCloud, Spotify, and Twitter. This significant attack came on the heels of two major DDoS attacks against … Continue reading

UAE Outlaws Sales of Personal Data and Increases Fines for Companies

Data Protection Report - Norton Rose FulbrightThe United Arab Emirates Penal Code was amended with effect from October 29, 2016 to outlaw the copying, distribution or disclosure of information that a person obtains in the course of their employment. This new offence will target company insiders (or service providers) unlawfully dealing in personal data. Other changes to the Penal Code will … Continue reading

Major DDoS Attacks Signal Need for Strengthened Cyber Defenses

Data Protection Report - Norton Rose FulbrightOn Friday, October 21, a series of Distributed Denial of Service (DDoS) attacks were launched against the servers of Dyn, a major DNS host. DNS hosts operate in a manner akin to a switchboard for the Internet, helping to route domain names (e.g., dataprotectionreport.com) to underlying IP addresses (e.g., 104.28.6.115). By attacking Dyn, hackers were … Continue reading

FTC Enforcement Possible for Failing to Guard Against Ransomware

Data Protection Report - Norton Rose FulbrightRecent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may … Continue reading

U.S. Government Announces Framework for Responding to Critical Infrastructure Cyber Incidents

Data Protection Report - Norton Rose FulbrightOn July 26, 2016, the White House issued the United States Cyber Incident Coordination Directive (Presidential Policy Directive PPD-41, including an Annex).  The Directive sets forth the principles governing the Federal Government’s response to cyber incidents, including incidents affecting private entities that are part of U.S. critical infrastructure.  The Directive is designed to improve coordination … Continue reading

The Intersection of Trademark Law and Cybersecurity

Data Protection Report - Norton Rose FulbrightEarlier this week, our colleague Sue Ross wrote on the intersection of trademark law and cybersecurity on Norton Rose Fulbright’s Brand Protection Blog. The post explains that by protecting its brand, a company can help to improve cybersecurity. For example, by seeking to recover “squatted” domain names and complaining to social networks about trademark infringement, a company … Continue reading

UAE Employees Jailed for Privacy Breach Before Ultimately Being Acquitted

Data Protection Report - Norton Rose FulbrightA recently-reported court case in the United Arab Emirates has highlighted the importance of establishing and implementing good privacy practices, even in the absence of specific data protection legislation. In late 2014, the UAE public prosecutor charged three officials from a federal authority – the general director, a branch manager and an IT manager – … Continue reading

Legal update: Security issue could impact ADP customers

Data Protection Report - Norton Rose FulbrightCyber criminals appear to have gained unauthorized access to ADP, Inc.’s self-service customer portal to file fraudulent tax returns for some ADP customer employees. ADP has reportedly confirmed that a subset of its customers have been the victim of tax fraud perpetrated by hackers posing as customer employees on ADP’s portal. We recommend that ADP … Continue reading

Ransomware Incident Response – Prevention, Readiness and Strategy

Data Protection Report - Norton Rose FulbrightLast week, the Hollywood Presbyterian Medical Center was able to successfully negotiate the release of a collection of system resources and data files that had been encrypted and held hostage by ransomware attackers. Ransomware is a peculiar type of malware that is not designed or intended to steal personal or confidential information. Rather, ransomware is … Continue reading

Council and European Parliament reach agreement on NIS Directive

Data Protection Report - Norton Rose FulbrightOn December 7, 2015, the Council of the European Union (the Council) reached an informal agreement with the European Parliament on a new EU directive on network and information security (NISD). The agreement marks the conclusion of two years of work, since the European Commission (the Commission) and the High Representative of the European Union … Continue reading

South Africa’s new Cybercrimes and Cybersecurity Bill

Data Protection Report - Norton Rose FulbrightThe South African Cybercrimes and Cybersecurity Bill expands on the original sections of the Electronic Communications and Transactions Act, 2002 (ECTA) with the creation of 20 new cybercrime offences.  This illustrates the extent to which technology is being used for unlawful purposes and the need to protect yourself in your activities online.  Comments on the Bill … Continue reading
LexBlog