Tag: data breach

Categories
Life with GDPR

Life With GDPR: Episode 104 – Solar Winds and Your Mother – Tell The Truth

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they look at the continued fallout from the Solar Winds data breach.

In the complex world of data protection, the General Data Protection Regulation (GDPR) has placed a spotlight on the importance of transparency, honesty, and corporate responsibility. Experts Tom Fox and Jonathan Armstrong bring their unique perspectives to this topic, shaped by their extensive experience in compliance and data protection. Fox emphasizes the potential legal consequences for corporate leaders who fail to disclose vulnerabilities or engage in dishonest practices, while Armstrong highlights the increasing pressure on individuals and corporations to disclose data breaches, with regulators focusing more on individual liability. Both stress the importance of transparency, the potential for litigation, and the role of whistleblowers.

Join Fox and Armstrong as they delve deeper into these issues on this episode of the Life with GDPR podcast.

Key Takeaways:

  • The Importance of Truthfulness in GDPR
  • The Importance of Transparency in Data Breaches
  • Legal risks in data breaches and cybersecurity
  • The Impact of Budget Constraints on Vulnerability Fixes

 Resources:

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here. Check out the Cordery Data Breach Academy here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
Life with GDPR

Life With GDPR: Critical Perspectives on Big Law Firm Cybersecurity

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they look at a breach of a big law.

In the wake of a recent spearphishing attack and data breach at a UK law firm, the legal community is abuzz with discussions on the responsibility of lawyers to prevent such attacks. Tom Fox, known for his critical perspective on big law firms, highlights the mistakes made by the firm in question, emphasizing the increasing concern over cyber-attacks targeting law firms and the need for timely reporting to regulatory authorities. Jonathan Armstrong, on the other hand, underscores the importance of proactive cybersecurity measures and timely reporting, commending the firm for taking immediate action but criticizing the delay in reporting the breach. Both Fox and Armstrong bring their unique perspectives shaped by their experiences in the field. Join them on this episode of the Life with GDPR podcast as they delve deeper into this topic.

Key Takeaways:

  • A spearphishing Attack Leads to Data Breach
  • Cybersecurity Measures for Law Firms
  • The Power of Dedicated Data Protection Training

 Resources:

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here.

Also, check out the GDPR Navigator, one of the top resources for GDPR compliance, by clicking here. Check out the Cordery Data Breach Academy here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
Life with GDPR

Life With GDPR – Lessons Learned from The Singtel Opus Data Breach

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, they look at litigation over a data breach against Singtel Opus in Australia and the fallout from an investigation report.

The recent data breach at Intel Optus, affecting 1.2 million individuals, has brought to light the critical role of strategic communication in managing cybersecurity breaches. Tom and Jonathan Armstrong, offer their unique perspectives on this issue. Fox emphasizes the inevitability of cybersecurity breaches and the need for a comprehensive strategy, including effective communication, to manage them. He warns against the potential consequences of mishandling communication during a breach, such as jeopardizing insurance coverage.

Armstrong highlights the complexity of maintaining privilege in a global corporate structure and the importance of careful language to avoid invalidating insurance or causing unnecessary speculation. He also underscores the need for a holistic approach to cybersecurity, encompassing prevention, detection, remediation, and crisis communication. Join Tom Fox and Jonathan Armstrong as they delve deeper into this topic in the latest Life with GDPR podcast episode.

  •  Key Takeaways:
  • Implications of Language in Data Breach Reporting
  • Navigating CEO Communication and Insurance Coverage
  • Navigating Insurance Coverage in Data Breaches

 Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance, News Section. For more information on Cordery Compliance, go to their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here. Check out the Cordery Data Breach Academy here.

Connect with Tom Fox:

Connect with Jonathan Armstrong:

●   Twitter

●   LinkedIn

Categories
Compliance Into the Weeds

Compliance into the Weeds: MGM Grand Data Breach

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the recent MGM Reports data breach and what it may mean for CCOs and Danny Ocean.

The MGM Grand data breach, a significant cyber-attack that disrupted MGM Resorts’ operations across the U.S., has raised serious concerns about cybersecurity and regulatory requirements. Tom and Matt discuss the potential financial impact and regulatory investigations that may arise from the breach, emphasizes the severity of the situation and the potential consequences for MGM.

They also question MGM’s disaster recovery and business continuity plans and raises concerns about the network design vulnerabilities that allowed the attack to have such a widespread impact. He also discusses the implications of the breach in relation to new SEC rules mandating the disclosure of material cybersecurity events by public companies. Join Tom Fox and Matt Kelly as they delve deeper into these issues in this episode of the Compliance into the Weeds podcast.

 Key Highlights

·      MGM Grand Cyber Attack Disrupts Operations

·      Understanding the Impact of Qualitatively Material Cybersecurity Incidents

·      Navigating Material Cybersecurity Event Disclosure Requirements

·      Inadequate backup plans leading to operational disruptions

·      MGM’s Ransomware Attack and Business Continuity

 Resources

Matt in LinkedIn

Matt on Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Adventures in Compliance

Adventures in Compliance – Compliance Lessons from The Adventure of the Beryl Coronet

The story begins with a respected banker, Alexander Holder, who comes to Sherlock Holmes for help. Holder tells Holmes that he was entrusted by a client with a precious artifact, the Beryl Coronet, which is studded with valuable jewels. Holder, fearing the artifact might get stolen, took it home and locked it in his safe.

The following morning, Holder finds the coronet damaged, and three beryls are missing. Holder immediately suspects his son Arthur, as he was found with the artifact in the middle of the night in a frantic state. Although he claims innocence, Arthur refuses to provide any alibi. Holder, devastated and confused, seeks Holmes’ help in solving the mystery.

After examining the scene, Holmes infers that the intruder was an amateur. He notices footprints that lead to and from a garden window. Holmes suspects Arthur’s cousin, Mary, after discovering that she had been out walking late that night and received a sizable payment from a mysterious source.

Holmes eventually identifies the true culprit as Sir George Burnwell, a man of questionable character who had been romantically involved with Mary. Mary had been paying Burnwell to keep quiet about their relationship, using money she received from pawning her own jewelry.

Holmes manages to recover the stolen jewels from a pawnbroker. It is revealed that Arthur was indeed innocent and had taken the blame to protect Mary, whom he loved. The story concludes with Holder expressing relief at the solution, but also sorrow that Mary had been led astray by Burnwell.

Compliance Lessons 

Due Diligence: The plot revolves around a precious beryl coronet that is partially stolen. The owner, Mr. Holder, fails to exercise due diligence in securing the coronet, leading to the theft. This highlights the importance of thorough risk assessment and due diligence in compliance, particularly regarding asset security.

Confidentiality: The coronet is a state secret. Its value is immense, and it is given to Holder to be used as a security against a loan. This underscores the importance of safeguarding sensitive or proprietary information and the responsibility individuals and organizations have in maintaining confidentiality.

Insider Threat: The theft is carried out by a trusted individual within the household. This reflects real-world scenarios where individuals within an organization pose significant risks. It’s crucial to establish systems that can detect and prevent insider threats.

Crisis Preparation: Holder makes an immediate decision to approach Sherlock Holmes when the theft is discovered. This can be related to the crisis training that should be followed when a breach or issue is detected within an organization, including notifying the relevant authorities or consulting professionals to handle the situation. You should game out and plan your cyber breach responses.

Trust and Transparency: The conclusion of the story reveals a complex web of familial relationships and a severe lack of trust and transparency within the Holder household. This emphasizes the significance of fostering a culture of openness, trust, and transparency within an organization. Honest communication and transparency can prevent misunderstandings and miscommunication that might lead to non-compliance issues.

Unintended Consequences: The impulsiveness and rash decisions of characters in the story lead to unintended consequences, such as Arthur’s unjust imprisonment. This is a reminder that organizations must think through the potential outcomes of their actions, especially with regards to compliance and regulatory matters, to avoid unexpected negative impacts.

Resource

The New Annotated Sherlock Holmes

Categories
Life with GDPR

Life With GDPR: Exposed – The Shocking PSNI Data Release

Tom Fox and Jonathan Armstrong, renowned experts in cyber security, co-host the award-winning Life with GDPR. In this episode, Tom and Jonathan discuss a troubling inadvertent data release by the Police Service of Northern Ireland (PSNI).

The release occurred when a document containing sensitive information about PSNI employees was mistakenly uploaded to a public site, putting officers at risk. The document, inadvertently released based upon a valid FOIA request, wrongfully included the names, ranks, locations, and even surveillance and intelligence details of the Northern Ireland constabulary. This inadvertent release highlights how the bypassing of security checks caused the breach, emphasizing the real-world impact of data breaches on individuals. Tom and Jonathan also discuss the use of spreadsheets in data breaches and express frustration with the lack of attention given to these incidents. Overall, the conversation stresses the importance of data protection and compliance and the urgent need for improved measures to address this issue.

 Key Takeaways:

  • Data release at PSNI
  • Data release implications
  • Regulator’s Call for Improved Data Protection
  • Spreadsheets are evil

 Resources:

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Connect with Tom Fox

●      LinkedIn

Connect with Jonathan Armstrong

●      Twitter

●      LinkedIn

Categories
Daily Compliance News

January 12, 2023 – The Spies Cash in Corruption Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories today include:

  • The ex-Austrian minister was found not guilty of corruption. (Reuters)
  • The coinbase compliance team won’t be whacked. (WSJ)
  • SEC sues Covington over a hack. (Reuters)
  • EU corruption investigation looks at Morocco. (FT)
Categories
Life with GDPR

Sullivan Conviction from GDPR Perspective

Jonathan Armstrong and Tom Fox return for another episode of the award-winning Life with GDPR. In this episode, we discuss the recent conviction of Joe Sullivan, former CISO at Uber, for his role in hiding a data breach that hit the company. Sullivan was convicted in the US in October 2022 in connection with an investigation into a ransomware attack on Uber in 2016. However, we look at the conviction from the GDPR and UK perspective and ask whether it portends potential liability for CISOs and CCOs in the EU and UK. For instance, does this mean there are likely to be more prosecutions against executives? And could we see similar prosecutions in Europe? For a more detailed discussion and links to the case, check out the Cordery Compliance News Alert on the case, which you can find in the link below.

Some of the highlights include:

1.     What were the facts?

2.     Was Sullivan guilty of negligence or intentional conduct?

3.     Why were prior Uber convictions so significant?

4.     What happens next?

5.     Could this lead to more prosecutions of executives?

6.     What does this mean under GDPR and in the UK?

Resources

For more information on the issues raised in this podcast, check out the Cordery Compliance News Section. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Categories
Daily Compliance News

August 4, 2022 the Bain Barred edition

In today’s edition of Daily Compliance News:

  • What’s the cost of a data breach? (Third-Party Trust)
  • AG to investigate companies that evaluate ESG. (Reuters)
  • Bain was barred from working for the UK government. (FT)
  • Former Mexico President under investigation for money laundering. (France24)
Categories
Life with GDPR

Tuckers Enforcement Action


Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we consider the UK Data Protection Authority, the Information Commissioners Office (ICO) recent announcement that it had fined a law firm, Tuckers Solicitors LLP for GDPR breaches.  Tuckers was fined £98,000 after being hit by a ransomware attack.

  1. Law firms are not unique.
  2. What about other legal regulations and regulatory bodies?
  3. The background facts.
  4. What did the ICO say?
  5. Lessons learned.

Resources
For more information on the Tuckers enforcement action, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.