Tag Archive for: lawsuit

Orrick Herrington Hit with Another Lawsuit from Hacker Attack

/in


Orrick, Herrington & Sutcliffe LLP was sued Monday for a second time arising from a springtime data breach that allegedly allowed personal information including Social Security numbers of nearly 153,000 individuals to be accessed.

The US District Court for the Northern District of California lawsuit said hackers on March 13 “infiltrated and accessed the inadequately protected computer systems” of the international law firm and “stole the sensitive personal information” of over 152,818 people, including names, addresses, and birth dates.

“In short, thanks to Defendant’s failure to protect the Breach Victims’ Personal Information, cyber criminals were able to steal everything they could possibly need to commit nearly every conceivable form of identity theft and wreak havoc on the financial and personal lives of potentially millions of individuals,” the lawsuit said.

The filing alleges Orrick failed to create and implement reasonable data security practices, including training employees and others who accessed the information. It also alleges that the firm didn’t tell individuals their data had been compromised for four months after the incursion.

Accusing the firm of negligence, breaches of fiduciary duty, confidence, and implied contract, and invasion of privacy, the plaintiff Robert Jensen seeks certification of a class of those who received letters notifying them of the breach.

Firm representatives didn’t immediately respond to a request for comment.

The firm Aug. 11 was sued, also in San Francisco federal court, brought by the same law firms, Green & Noblin PC and Federman & Sherwood.

The case isJensen v. Orrick, Herrington & Sutcliffe, LLP, N.D. Cal., No. 3:23-cv-04433, filed 8/28/23.

Source…

In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks

/in


SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:

Researchers analyze satellite security

Researchers in Germany have analyzed several satellites and discovered various types of vulnerabilities, as well as the lack of protection mechanisms such as encryption and authentication. They showed how an attacker could disrupt communications with ground control, and take control of a satellite’s systems. 

However, satellite hacking is not easy and manufacturers are counting on security through obscurity in hopes of preventing hacker attacks. The researchers worked with the European Space Agency, universities involved in the development of satellites, and a commercial company to conduct their work. 

Advertisement. Scroll to continue reading.

Microsoft expands Security Service Edge (SSE), renames Azure AD

Microsoft has added two new identity-centric capabilities to its Security Service Edge (SSE) solution. The new Entra Internet Access and Entra Private Access will secure access to internet, SaaS and Microsoft 365 applications, and private apps and resources. In addition, to simplify naming, the tech giant is renaming Azure AD to Entra ID, without changing APIs, capabilities, licensing, or sign-in URLs. 

Introducing passwordless authentication on GitHub.com

GitHub this week announced the public beta availability of passkey authentication on GitHub.com, allowing users to sign in with biometric credentials, without having to enter their password. Users can enable passkeys authentication from the Settings menu, by navigating to the ‘feature preview’ tab.

Two-factor authentication vulnerability patched in Drupal 

A vulnerability affecting a two-factor authentication…

Source…

Google settles location tracking lawsuit for only $39.9M • The Register

/in


in brief Google has settled another location tracking lawsuit, yet again being fined a relative pittance.

Washington State Attorney General Bob Ferguson’s office announced the $39.9 million fine last week, along with news that Google will have to implement several state-ordered tracking reforms that clarify what data is being gathered and for what purposes. 

“Today’s resolution holds one of the most powerful corporations accountable for its unethical and unlawful tactics,” Ferguson said in a statement. 

The lawsuit is similar to others filed across the country last year, with attorneys general in Indiana, Texas and Washington, DC joining Washington state in suing Google over claims it used “dark patterns” to trick users into allowing location tracking and data collection, while also making it difficult to opt out. 

In January, Washington DC and Indiana announced a joint settlement with Google that netted the pair $9.5 million and $20 million respectively, which the Washington state AG’s office said it chose not to sign onto in a bid to earn more money for state coffers. 

“Instead of joining a multistate settlement, Ferguson’s office independently filed its own lawsuit and obtained this resolution. The Attorney General’s Office estimates Washington received more than double the amount it would have received under the wider multistate settlement,” the Ferguson’s office said. 

While it’s true that Washington state earned itself considerably more than DC or Indiana, it’s worth noting, as we so often have to do at El Reg, that even a $40m settlement is unlikely to make Alphabet accountants take pause.

In Q1 of this year, Google’s parent company announced [PDF] it had made $15.05 billion in net profit.

Ferguson’s office said it intends to use its Google fine to continue enforcing the Consumer Protection Act. Its enforcement body, the Consumer Protection Division, receives minimal cash from the government and is largely funded by recoveries in cases like this one.

Critical vulnerabilities of the week: KeePass edition

Users of password manager KeePass, beware: it contains a nasty vulnerability that could be used to retrieve all but the first character of a user’s…

Source…

LabMD loses lawsuit accusing FTC of conspiring in hacking

/in


(Reuters) – A federal judge has dismissed a lawsuit by defunct medical testing company LabMD Inc accusing the U.S. Federal Trade Commission of aiding a data security company in an illegal “shakedown.”

U.S. District Judge Michael Brown in Atlanta ruled Thursday that the 2021 lawsuit was filed too late, and was barred by the government’s sovereign immunity.

The FTC declined to comment. A lawyer for LabMD did not immediately respond to a request for comment.

The allegations in the case go back to 2008, when Pennsylvania-based Tiversa Holding Corp told Georgia’s LabMD that it had found a document containing patient information on a peer-to-peer network and offered its services to address the leak.

LabMD claimed that Tiversa itself hacked LabMD’s files using tools it obtained after being hired by federal investigators to go after child pornography. It said that Tiversa fabricated evidence that LabMD data had been stolen by a third party and had spread across the internet, and passed the fabricated evidence on the FTC, which launched an investigation.

Latest Updates

View 2 more stories

LabMD further claimed that the FTC knew or should have known about the false evidence, and was participating in a “shakedown” with Tiversa.

Tiversa, which was acquired by corporate intelligence firm Kroll Inc in 2017, has flatly denied all of these allegations.

The FTC’s case against LabMD was ultimately dismissed for reasons unrelated to LabMD’s claims, but LabMD went out of business in the course of defending the case.

LabMD and its CEO, Michael Daugherty, have been pressing their shakedown conspiracy allegations in several lawsuits, including a now-dismissed case against two FTC attorneys filed in 2015, and a defamation lawsuit against Tiversa, which was recently revived by an appeals court.

LabMD also filed an administrative complaint with the FTC in September 2020, and filed its case against the agency in the Georgia court after that complaint was rejected.

Brown said in Thursday’s order that the case against the government must be time-barred because it made essentially the same claims as the 2015 lawsuit against the FTC lawyers, meaning LabMD knew of the alleged conduct by 2015. Tort claims against the…

Source…