|
Cyber Daily: The Hack of Small Tech Vendor Accellion Casts a Wide Net | Internet Privacy Legislation Dies in Florida
|
|
|
|
|
|
Hello. The ripples from a hack late last year of a 20-year-old file-transfer tool from Accellion USA LLC continue to spread in courtrooms and at kitchen tables, WSJ Pro's David Uberti reports. The incident has led to extortion schemes against some Accellion customers, as well as lawsuits by several affected consumers, and left victims wondering how their own information could be used against them.
Also: Florida privacy bills are kaput. The so-called private right of action, which allows individuals to sue companies for misusing their personal data, has emerged as the key issue for many state lawmakers.
Other news: U.S. wants China to do more to protect intellectual property; venture capitalists continue to pour money into cybersecurity firms; fighting unemployment fraud that uses your stolen data; and more.
|
|
|
|
When Your Tech Vendor is Hacked
|
|
|
|
ILLUSTRATION: KELLI R. PARKER/THE WALL STREET JOURNAL
|
|
|
Collateral damage: The December breach of file-transfer tool from a Palo Alto, Calif.-based company called Accellion shows how the blast radius from a cyberattack on a tech firm can widen over time, hitting individuals and businesses that don’t interact directly with the vendor.
The more than two dozen organizations that say they were hit in the Accellion breach include the Reserve Bank of New Zealand, energy giant Royal Dutch Shell PLC, rail operator CSX Transportation Inc., cybersecurity firm Qualys Inc., and a string of U.S. universities and health insurance companies. A hacker gang known as “Clop” has posted stolen information online after extortion demands that victims say reach millions of dollars.
Read the full story.
|
|
|
|
Falling short: The U.S. criticized China’s intellectual property protections on Friday, saying measures in Beijing—some to comply with the 2020 U.S.-China trade deal—don’t go far enough. The Biden administration’s approach to China is under review, but officials have made clear they plan to continue or step up many of the Trump team’s critiques of China. (WSJ)
|
|
|
-
The Chinese embassy in Washington didn’t immediately respond to a request for comment.
|
|
$3.7 Billion
|
Amount invested by venture capitalists globally in cybersecurity companies so far this year, according to Crunchbase. It is on pace to beat 2020's record $7.8 billion.
|
|
|
Compromise at Illinois attorney general's office. The state's Office of the Attorney General said that on April 10 it had been hit by a ransomware attack. On April 21, the hacker group DoppelPaymer claimed it was behind the incident and posted a sampling of files it said it had stolen and hinted at more to come this week. (ThreatPost)
|
|
What to do about unemployment-benefits fraud. U.S. officials on March 31 estimated at least 10%, or more than $89 billion, of the $896 billion that the federal government has allocated to state unemployment programs since March 2020 might have been “paid improperly,” a big chunk because of fraud. (WSJ)
|
|
|
|
1.
|
Be wary of unsolicited communications. Look up your state Labor Department’s contact information to make sure it matches any letter, email or text you receive.
|
|
|
2.
|
Report suspected fraud. Start at IdentityTheft.gov, published by the Federal Trade Commission. Also notify your company.
|
|
|
3.
|
Assess the damage. Pull your credit reports and dispute suspicious activity with the reporting agencies. Freeze your credit.
|
|
|
|
|
|
Rep. Fiona McFarland, a Republican who sponsored the Florida House bill, called the efforts ‘strong first steps.’ PHOTO: WILFREDO LEE/ASSOCIATED PRESS
|
|
|
Maybe next time: Consumer privacy legislation in Florida died Friday, the last day of this year’s legislative session. The state Senate and House failed to reconcile competing bills that took different approaches to provisions such as whether individual residents could sue companies for misusing their personal information. The so-called private right of action has emerged as the key issue for many state lawmakers attempting to write new internet privacy rules in lieu of a federal standard. (WSJ Pro Cybersecurity)
-
While Florida House lawmakers had voted in favor of legislation with an expansive private right of action, which advocacy groups such as Consumer Reports support, state senators and business lobbyists have opposed the idea.
|
|
Less spying: U.S. agencies used foreign intelligence laws to eavesdrop on suspected spies and terrorists less frequently last year, officials said. A chief reason: The Covid-19 pandemic forced suspects to stay home by reducing travel, and canceled events with the potential for mass violence such as concerts. (WSJ)
|
|
|
👉 The number of people targeted by the Federal Bureau of Investigation for court-approved foreign intelligence wiretaps, which must be authorized under the FISA law, fell to 451 in 2020 from 1,059 a year earlier.
|
|
|
|
|
|
|