The Risk Report - March 5

In his first State of the Union Address earlier this week, U.S. President Joe Biden made an enthusiastic push for new privacy protections for American children. Read on for details of what this could mean for the future of digital advertising, and what challenges such legislation might face.

‍

BREACHES OF THE WEEK

💻 Hack back?

Nvidia, the America computer chip manufacturer, has confirmed that it was hacked last week. The hacking group, Lapsus$, has been leaking stolen data since February 23rd, and has demanded that Nivida make its drivers open-source if they don’t want more data leaked. Nvidia hasn’t specified what sort of data was stolen, but Lapsus$ is saying that it’s 1 terabyte of schematics, source code, employee data, and other confidential information. Lapsus$ has reported that Nvidia hacked back in revenge and to reclaim their data, but Nvidia has denied that claim.

Read the full story

🇷🇺 Russian ties

At the end of last week, Conti, a notorious ransomware gang, expressed its support for Putin’s military agenda in Ukraine. Now, it’s paying the price. Two days after its pro-Putin messages, an anonymous hacker going by ContiLeaks released troves of Conti data to the public, including internal chat logs, source code, bitcoin addresses, and other private files. Perhaps unsurprisingly, the chat logs revealed a formal connection to Russian intelligence agencies. While it remains unclear who was behind this attack on the attackers, all signs are pointing to an individual Ukrainian security researcher.

Read the full story

⚖️ Passed the bar

The State Bar of California has suffered a data leak that disclosed 260,000 confidential attorney discipline cases, and it’s blaming it on an “unknown security vulnerability” in its database, maintained by outside vendor Tyler Technologies. The leak was first discovered on public records website, judyrecords.com, which aggregates court data from public sources. Bar officials say that that never should have happened. Judyrecords.com has since removed the information. The Bar continues to work together with Tyler Technologies on resolving the issue.

Read the full story

NOTEWORTHY OF THE WEEK

🇺🇸 State of the Union

In his first State of the Union Address, Joe Biden expressed his support for increased data privacy protections for children, saying that it is time to “ban targeted advertising to children, demand tech companies stop collecting personal data on our children.” The big question is how this will be enforced. If a ban of advertising to kids in enacted, won’t kids have to hand over personal information to prove their age? Could it all be a slippery slope?

Read the full story

💻 New rule?

The U.S. Senate unanimously passed the Strengthening American Cybersecurity Act this week, a package of three bills sponsored by Senator Gary Peters (D-Mich.). The legislation would enact new requirements for reporting cyber attacks to the Cybersecurity and Infrastructure Security Agency ("CISA"). The Department of Justice is criticizing the bill for leaving out the FBI in its proposed reporting requirements. The bill will now go to the House of Representatives for further deliberation and voting.

Read the full story

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.