US government departments targeted in suspected state-sponsored cyberattack
Key government departments in the US have been targeted in a major cyberespionage campaign . The suspected statesponsored attacks were directed at the networks of the treasury , commerce and homeland security departments .
Federal civilian agencies were told to disconnect from SolarWinds Orion following the breach by malicious actors .
Casey Ellis , the CTO , Founder and Chairman of Bugcrowd , said : “ The breach of SolarWinds Orion ’ s code poses a major threat to the Federal Civilian Executive Branch agencies that were using its software , as well as the 425 Fortune companies in their client list , and many other organizations worldwide .
“ Well-funded , talented , motivated nation-states exist as a crowd of potential adversaries with diverse skill sets , a variety of motivations and goals , and incentive to get results . A sufficiently motivated and resourced adversary will ultimately always achieve their goals , an army of allies stands ready to help raise the bar , increase the cost of an attack and route the adversary into places where they can be more easily detected .”
SolarWinds said all users of its Orion platform should upgrade immediately to address a security vulnerability . A statement from the company said : “ We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow , extremely targeted and manually executed attack , as opposed to a broad , system-wide attack .”
Twitter fined over a data breach in Ireland ’ s first major GDPR decision
Ireland ’ s Data Protection Commission ( DPC ) has fined Californiabased Twitter for infringements of the EU ’ s GDPR data protection laws . A statement from the DPC said : “ The DPC ’ s investigation commenced in January 2019 following receipt of a breach notification from Twitter and the DPC has found that Twitter infringed Article 33 ( 1 ) and 33 ( 5 ) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach . the law consistently positioned to be the reining baseline standard for international data privacy disputes .
“ This could certainly cause a potential shake up to international tech giants and set a new precedence on how they are doing business in the future .”
The DPC said its investigation commenced in January 2019 following receipt of a breach notification from Twitter . The organisation found Twitter infringed Article 33 ( 1 ) and 33 ( 5 ) of the GDPR in terms of a failure to notify the breach on time to the DPC and a failure to adequately document the breach .
“ The DPC has imposed an administrative fine of € 450,000 on Twitter as an effective , proportionate and dissuasive measure ,” said the DPC in a statement .
Chris Strand , Chief Compliance Officer at threat intelligence company IntSights , said : “ The decision to fine Twitter 450,000 euros for failing to notify a data breach in time shows the intent between member states within the EU to seek balance between ensuring the GDPR is properly enforcing the legal obligation on data controllers and to keep
16 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com