National Consumers League

The #DataInsecurity Digest | Issue 96

Despite saber-rattling, U.S. woefully unprepared for cyber war with Iran

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s note: As the United States launches cyberattacks against Iran, the Department of Homeland Security (DHS) is warning that defenses against possible retaliation appear to be lacking. A bi-partisan Senate committee found that several high-profile agencies left Americans’ sensitive data vulnerable to hackers. Sen. Warner is one of several Senators asking for answers about the recent spate of healthcare data breaches. And Sen. Hassan could find herself in hot water if it’s found that she failed to notify constituents affected by a data breach in her office.             

And now, on to the clips! 

-----------------

U.S. military launches cyber strike against Iran. The cyberattacks were approved by President Trump and “specifically targeted Iran’s Islamic Revolutionary Guard Corps computer system.” The attacks “disabled Iranian computer systems that controlled its rocket and missile launchers. ...” (Source: The Associated Press)

DHS warns businesses that they will be targeted by Iranian hackers. In the wake of the U.S. cyberattacks, Chris Krebs, director of the Homeland Security Department’s cybersecurity division, warned that Iranian hackers have already begun “targeting U.S. companies with specialized malicious software designed to wipe the contents of their computer networks rather than to simply steal their data.” (Source: Washington Post)

Quick hit: DHS announces that it is unlikely to meet its cybersecurity goals. (Source: Department of Homeland Security)

Healthcare data breaches under new Congressional scrutiny. High-profile breaches at medical bill collectors and diagnostics companies that compromised 20 million consumer records are attracting attention from Congress. “I am concerned about your supply chain management, and your third-party selection and monitoring process,” wrote Sen. John Warner (D-VA) in a letter to Quest Diagnostics, one of the breached entities. (Source: Bloomberg)

Did Sen. Hassan violate breach notification laws? Right-wing media is abuzz over the sentencing of a former staffer for Sen. Maggie Hassan (D-NH) who engineered a massive breach of the Senator’s IT systems, compromising significant amounts of sensitive constituent data. Now questions are being raised about whether Hassan complied with relevant data breach notification laws related to the incident. “Hassan’s office provided no evidence to the Daily Caller News Foundation (DCNF) that it had disclosed its own breach, and several New Hampshire residents who had communicated with Hassan’s office told the DCNF they had not received any notification that their information could be in the hands of bad actors,” wrote @lukerosiak. (Source: Daily Caller)

EFF: Federal privacy bill should include a data security standard. The Electronic Frontier Foundation (EEF), a leading digital civil liberties group, is calling for stronger data security protections as part of its recommendations for comprehensive privacy legislation. “Also, where a company fails to meet this duty, it should be easier for people harmed by data breaches—including those suffering non-financial harms—to take those companies to court.” (Source: Electronic Frontier Foundation)

Bi-partisan Senate committee found that U.S. agencies left sensitive data vulnerable to breaches for decades. The Committee found that the Departments of State, Homeland Security, Health and Human Services, Transportation, Education, Agriculture, Housing and Urban Development, and the Social Security Administration left “Americans' personal information open and vulnerable to theft.” (Source: The Hill)

City of Baltimore approves additional $10 million in cyberattack relief. As the city moves into its 9th week since a ransomware attack, its water billing system remains offline. (ABC News)

Lawsuit against Facebook for compromising 29 million accounts allowed to move forward. A federal appeals court in San Francisco rejected Facebook’s attempt to block the lawsuit and allowed “claims against Facebook [to] proceed for negligence and for failing to secure users’ data as promised.” (Source: Bloomberg)

Stat du jour: 50 percent of manufacturers experienced a breach in the last 12 months. Of the breached entitles surveyed, @sikichllp found that 11 percent suffered a “major” breach. (Source: Industry Week)

National Consumers League
Published July 3, 2019