Posts

Fallout From Hack of City Law Department Could Linger for Months

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Among the thousands of lawsuits New York City faces each year, this case was unexceptional — a man suing the city and several police officers over his arrest during a 2016 demonstration. But last week, the case hit a snag for an unusual reason: The city’s Law Department had been hacked, and lawyers were struggling to gain access to important documents.

“Practically all attorneys from the New York City Law Department still do not have remote access to electronic files,” wrote Jorge M. Marquez, a city attorney, to the judge on July 1, asking for an extension of deadlines in the false-arrest case.

Mr. Marquez noted that attorneys could enter the Law Department’s offices to review files but because of the pandemic, many attorneys, including himself, were not going into work. “It is currently unknown when this problem will be resolved,” he wrote, adding that the city hoped it would be in the coming weeks.

More than a month after hackers gained access to the Law Department’s computer system — which stores an untold amount of sensitive information — it is now apparent that the breach had a more profound effect than officials have publicly revealed. The department’s chief IT officer has been reassigned and replaced. And the fallout, as chronicled in internal communications obtained by The New York Times, may for months continue to affect the 1,000-lawyer agency that defends the city in court.

Many city Law Department employees have returned to the office on a limited basis, but the inability to retrieve documents remotely has slowed some of their work.

Laura Feyer, a spokeswoman for Mayor Bill de Blasio, said in a statement that the Law Department’s attorneys are “arranging on-site and remote work accordingly to ensure there is minimal impact to cases.”

Nick Paolucci, a Law Department spokesman, said that a majority of the department’s attorneys have been able to meet court deadlines and that the legal work of the city was moving forward.

But court records show the hack continues to complicate cases. In letter after letter to judges, the city’s attorneys have sought postponements in cases, saying that without access to electronic files, they could not prepare a…

Source…

Peel District School Board struggles with fallout from malware attack, leaving parents, teachers in the dark

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


The Peel District School Board is still unable to say when several of its key online resources will be back on track after they were hit by a malware attack that continues to paralyze a string of databases.

Last week, the board told staff in an email, the malware “resulted in the encryption of certain PDSB files and systems,” and after it was discovered, the board “took immediate steps to isolate the incident.”

The risk posed by unknown hackers is creating unease among the unions representing elementary and secondary school teachers, who claim they have been kept in the dark, and received just the most sparing details about the type and scope of attack more than a week since the board first admitted it was facing a “cyber security incident.”

Speaking to the Star Thursday, board spokesperson Tiffany Gooch said a cybersecurity firm, hired by the board has made significant progress in both the investigation and recovery efforts, but couldn’t say exactly when the systems would be back to normal.

“We hope to be able to provide a resolution timeline in the next few days,” said Gooch.

“We can confirm that the incident involved encryption malware.”

Gooch wouldn’t say if the hackers have attempted to extort the board by seeking payment to unlock the seized data portals, but she did say there is “no evidence that any personally identifiable or otherwise sensitive data was compromised because of the attack.”

Gooch was unable to say how the incident occurred and who might be responsible. These are things she says she hopes the continuing probe will reveal.

Of equal concern to the union is that the board faces this logistic hurdle in the days leading up to students’ anticipated return to the classroom for in-person learning the week of Feb. 16.

Representatives from both unions say the board has provided links for back-channel access, so some tasks can be completed.

The board remains partially locked out of the intranet used by staff because some functions cannot be accessed.

She said the malware has not affected virtual classrooms, but it did wipe out the website and with it applications accessed by families.

As a result, the board extended deadlines for Grade 1 French…

Source…

Legal recourse? Nissan balances competitive and security fallout from source code leak

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.

Nissan offerings associated with the leaked source code ran the gamut from Nissan North America mobile apps and Nissan’s internal core mobile library to some parts of the Nissan ASIST diagnostic tool and sales and marketing research tools and data. The Git server has since been taken offline, after data began to get shared on Telegram and hacking forums.

Based on discussions with intellectual property lawyers, Nissan may have some recourse in terms of filing injunctions and suing for damages under copyright, trade secrets and patent laws. To do so, the auto maker will have to expend a great deal of resources to track violators down and bring them to court. This assumes that the violators are in the United States and the company could take action under U.S. law.

Thomas Moga, a senior counsel and intellectual property attorney at Dykema, which has many automotive clients, said that according to the U.S. Copyright Office, laws protect original works of authorship “fixed in a tangible medium of expression.” Moga added that under that definition, source code can qualify for protection under the copyright laws.

“So it appears that Nissan owns a copyright in the source code and that it may well be in a position to bring an action against unauthorized users of its source code,” Moga said. “But it’s up to Nissan to pursue those actions; I think we can expect them to be very aggressive, as they should be.”

Jennifer DeTrani, general counsel and executive vice president of Nisos, added that Nissan could potentially file lawsuits as part of a legal strategy to repair the reputational damage from the leak, showing the public they are serious about protecting their vehicles. But legal remedies would not yield much.

“Collecting damages under copyright law assumes that there’s somebody with deep pockets to sue who would pay,” DeTrani said. “Any competent lawyer could get the…

Source…

Concern mounts over government cyber agency’s struggle to respond to hack fallout

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


With Microsoft acknowledging for the first time this past week that suspected Russian hackers behind a massive government security breach also gained access to its source code, pressure is mounting on US officials and cybersecurity experts to explain how the attackers infiltrated various US computer networks, what they did once inside and the steps that are being taken to mitigate the damage.

As US officials struggle with the fallout, questions are swirling about whether the agency tasked with protecting the nation from cyberattacks is up to the job.

On Wednesday, the Cybersecurity and Infrastructure Security Agency, (CISA) signaled it’s still working to patch the known vulnerabilities, advising agencies to update their software from SolarWinds, a private contractor attackers exploited to gain access into potentially thousands of public and private sector organizations.

Congressional Democrats and the Biden transition team are demanding more information about the massive hacking campaign, calling on the Trump administration to address concerns about its handling of the fallout and perceived lack of transparency in the weeks since the data breach was first discovered.

The Biden team in particular has stated that it’s been stonewalled by Trump officials in its effort to learn more about key national security issues, including the hack.

Trump administration officials say those accusations are exaggerated but have also acknowledged they are wary of any transition activity that could provide the Biden team a head start in dismantling the President’s priorities.

To date, the White House has offered few public details about what is believed to be the most significant cyber operation targeting the US in years. The lack of…

Source…