May Cyber update from the Office of Rob Kleeger
May 04, 2022 1:31 pm
I hope this email finds you and your loved ones safe, secure, and healthy. This year seems to be flying bye and it's been great seeing many people over the past month or two. Reach out to me if you'd like to catchup in the flesh so we can pickup the relationship we had started.
All the best,
Words of Wisdom:
“Winners focus on winning. Losers focus on winners.” – Conor McGregor
CURRENT DATA SECURITY NEWS:
N.D. Cal. Judge Refuses to Let Mint Mobile Off the Hook in Users’ Stolen Crypto Suit
Judge William Alsup issued an opinion in a case brought by a subscriber against his wireless carrier, Mint Mobile LLC, for cryptocurrency losses he attributes to the “mobile virtual network operator.” According to the opinion, Daniel Fraser sued after $466,000 worth of cryptocurrency was drained from his Ledger account following both a data breach impacting Mint and after his SIM was fraudulently ported-out.
As to the plaintiff’s Computer Fraud and Abuse Act (CFAA) claim, the court ruled that it failed for the “fundamental reason that the pleading does not adequately allege harm recognized under the Act.” The loss of Fraser’s cryptocurrency is not a loss related to a computer or system, as required by the CFAA, Judge Alsup concluded.
Employees Move SDNY Court for Initial Settlement Approval in Altice Data Breach Class Action
In February 2020, Altice had announced that unauthorized access had occurred. Specifically, inboxes of victims were compromised and “within one of the compromised mailboxes was a password-protected file that contained the names, employment information, dates of birth, Social Security numbers, and in some instances, driver’s license numbers of current employees and some former employees of Altice."
In early April 2020, a Class Action by the employees was consolidated and begun taking on Altice USA Inc., a cable TV and communications provider used by nearly 5 million subscribers across 21 states through its Altice, Optimum, Suddenlink, and other brands. Parties recently have filed an unopposed motion for preliminary approval of their settlement. If approved, it will compensate individuals for time spent dealing with fallout from the data breach, reimburse them for expenses incurred, offer them credit monitoring, and mandate that Altice bolster its cybersecurity practices. For example, Altice will submit itself to yearly penetration testing, provide anti-phishing training, and maintain a company-wide encryption protocol to ensure that all personally identifying information is secure. (No duh! - FYI - We handle proactive - reasonable and defensible cyber security routinely... don't hesitate to call me!)
CURRENT LEGAL CASE UPDATES:
Protege Biomedical LLC v. Duff & Phelps Sec. LLC, 8th Cir., No. 21-01368, 4/4/22.
Sometimes the unexpected happens in corporate deals. Protege sued the potential buyer, a competitor called Z-Medica, alleging it stole trade secrets and violated non-disclosure agreements. Once Z-Medica settled that case, Protege filed claims against Duff & Phelps Securities LLC, the consultant that had identified the potential buyer.
Protege argued primarily that Duff & Phelps had breached a contract when it failed to prevent Protege from disclosing its own proprietary information during a call with Z-Medica, but the appeals court said the contract only required Duff & Phelps to be responsible for its own conduct.
New York Bar Issues Ethics Opinion on Protecting “Confidential” Client Identity Information on Smartphones
On April 8, 2022, the New York Bar issued an opinion to protect “confidential” client identity information stored on an attorney’s smartphone. In particular, the opinion prohibits an attorney who stores “confidential” (as defined under Rule 1.6 of the New York Rules of Professional Conduct) client identity information in the attorney’s “contacts” folder on the attorney’s smartphone from consenting to share their “contacts” with a smartphone app, unless certain criteria are met.
A Not So “Ethical Hacker” Stole Half a Million in Crypto Form Elderly Person
The victim had hired the “ethical hacker” Aaron Daniel Motta to install a security system in their residence. The alleged IT expert and certified ethical hacker was arrested by police in Pinellas Park, Florida, for stealing cryptocurrency worth approximately $600,000 from an elderly client’s Trezor hardware wallet.
CYBER SECURITY TIPS OF THE MONTH:
Cyber hygiene refers to the practices businesses and organizations perform regularly in order to maintain the security of their users and lower their vulnerability to cyberattacks.
You brush your teeth twice a day, wash your hands after using the restroom and shower daily; but when is the last time you focused on your cyber hygiene?
Building a culture of cyber readiness is critical to awareness and response. Understanding the potential risks, educating employees, and having a response plan are key steps to prevention and recovery.
- Build a culture of cyber readiness – Don’t make precautionary efforts the exception. Make them routine. That means scanning for viruses, updating systems regularly and using strong passwords. You should invest the time and the resources to make it the norm.
- Implement an employee awareness and training program – Teach your staff what to recognize, how to react and why it’s important everyone works together.
- Develop a cyber governance and event response plan – No matter how good you think your cyber hygiene may be, you’re coming up short if you don’t plan for contingencies. Game plan worst-case scenarios and know the steps you need to take to resolve the issue.
Three main areas companies should examine to improve their cyber hygiene.
1. Get serious about password management
Weak passwords are still the most common threat across all industries. Utilizing password managers can help companies set stricter, more secure parameters for their passwords while still keeping the log-in process convenient for employees. Multi-factor identification should also be implemented; which authenticates the identity of employees beyond their passwords in order for them to access company software and systems.
2. Utilize VPN services
VPNs, or virtual private networks, should be an integral part of any business network — especially if you have remote employees. VPNs allow users to connect to a business’ network through a private portal, rather than just using the internet at-large.
3. Make sure your cloud is secure
With much of our data now stored in the cloud, businesses must take great care to ensure that information is only available to authorized users and out of the reach of those who could misuse it to carry out cyberattacks. This can be done by using a cloud service that encrypts your data, using strong passwords and implementing two-factor identification.
Did you know that Digital4nx Group was recognized by Enterprise Security as one of the top ten digital forensics companies in 2022.
If you are an attorney who litigates, know one, or are a responsible business executive that's ass is on the line if a data breach occurs, I would love to have a call or introduction!
Please share the above information along to those people or arrange an introduction. Look forward to seeing you in the flesh!
DON'T FORGET ABOUT US:
Digital4nx Group provides a blend of legal and technology services where we systematically identify, preserve, extract, analyze, and interpret digital evidence.
Our services are commonly used to:
- React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
- Proactively identify and provide insights on how to better secure your confidential data, technology, and compliance.
Cyber Security Services
Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services... Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as:
- Advanced “Ethical Hacking”
- Cyber Risk and Compliance Assessments
- Incident Response to Cyber Incidents or Data Breaches
- Cyber Security Awareness Training