Before 2000, Congress tried to address early versions of these issues with the Computer Fraud and Abuse Act, the Federal Trade Commission Act and the Gramm-Leach-Bliley Act. However, the passage of these laws seemed to only foreshadow the impending influx of hacks, leaks, breaches and other cybersecurity failures in the decades to come. While Congress has continued to amend and update these laws and others (albeit, quite slowly) in order to modernize them, it has not stopped or slowed the frequency of these cybersecurity events. Progress in this legislative area has not been assisted by states adopting their own specific cybersecurity laws.
"The Federal Trade Commission Act is the primary statute of the Commission. Under this Act, as amended, the Commission is empowered, among other things, to (a) prevent unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce; (b) seek monetary redress and other relief for conduct injurious to consumers; (c) prescribe rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices; (d) gather and compile information and conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and (e) make reports and legislative recommendations to Congress and the public."
"The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization, but fails to define what “without authorization” means. With harsh penalty schemes and malleable provisions, it has become a tool ripe for abuse and use against nearly every aspect of computer activity."
"The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data."
"Internet pirates are getting a taste of 2003's hottest game these days, but if the developer and publisher had anything to say about it, things would be quite different. A very early and limited build of "Doom III" has leaked onto the Internet and it's spreading like wildfire."
"SB 1386 went into affect on July 1, 2003. Under the law, covered parties must disclose any breach of the security of personal data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person"
"15 September 2003 The Pirate Bay was founded by Swedish pro-culture organization Piratbyrån (The Bureau of Piracy). Since there was no filesharing network in Sweden at the time, Piratbyrån decided to launch one, using the relatively new BitTorrent protocol."
"As the weeks passed, Gembe realised that nobody at Valve had noticed he was inside the company's network. He began to push a little harder. That's when he found the ultimate prize: the source code for the game he had been waiting to play for so many years. The temptation was too great. On September 19, 2003, Gembe downloaded the unfinished game's code and made off with Valve's crown jewels."
"'Halo 2,' the sequel to Microsoft Corp.'s best-selling game for its Xbox video console, has leaked onto the Internet nearly four weeks before its planned sale, the world's largest software maker said Friday."
"The Identity Theft Enforcement and Restitution Act of 2008 allows federal courts to order a defendant to pay restitution for “the value of the time reasonably spent by the victim” trying to repair “the intended or actual harm” that he or she suffered."
"The four co-founders of website The Pirate Bay have been found guilty of assisting the distribution of illegal content online by a Swedish court today and have been sentenced to a year in jail and a $3.6m (£2.4m) fine."
"Earlier today news spread that social application site RockYou had suffered a data breached that resulted in the exposure of over 32 Million user accounts. To compound the severity of the security breach, it was found that RockYou are storing all user account data in plain text in their database, exposing all that information to attackers. RockYou have yet to inform users of the breach, and their blog is eerily silent – but the details of the security breach are going from bad to worse"
The bill was placed on the legislative calendar in 2010 and never moved forward to be ratified into law.
"The legal action by a PSN user claims Sony did not do enough to protect the private data of its customers... In a statement posted on the official PlayStation blog, the company said user account information for the PlayStation Network and Qriocity services had been compromised following an 'illegal and unauthorized intrusion into our network.' The company posted an apology for the security breach and ongoing disruption to the PSN and Qriocity services."
"The highly anticipated "Gears of War 3" game isn't supposed to hit the streets until September 20 ... and yet some players have already got their hands on the game. Or rather, they've got their hands on an early version of the game."
"Mass Effect 3's three campaign modes were revealed over the weekend after an early version of the game was accidentally published to some Xbox 360 owners. Microsoft published the Mass Effect 3 beta to those who were in the new Xbox Live dashboard preview. The beta was quickly removed, but not before gamers published spoiler-filled gameplay videos via NeoGAF."
'In a statement, the company warns that 100 million users appear to be affected by the hack, which compromised not just passwords but email addresses as well. That's a massive chunk of LinkedIn's user base of 400 million. The data breach first happened in 2012, and at the time was thought to only affect some users' passwords. In response, LinkedIn issued a mandatory password reset for the accounts it thought were compromised. The company never publicly clarified how many users it believed were affected."
"In July 2012, Dropbox disclosed that more than 68 million accounts had been compromised due to a hacking incident. While Dropbox originally claimed than only email addresses were lifted, the latest news reveals the hackers also stole hashed and salted passwords. Dropbox says the problem was first brought to their attention in March 2013, when customers complained they were receiving spam through email addresses used exclusively for their Dropbox accounts. At the time, Vice President of Engineering Aditya Agarwal explained that only a small number of stolen usernames and passwords had been used to access user accounts. Four years later, however, the problem's true scale was revealed. Scarier still is that the information from the 68 million hacked Dropbox accounts is now available for free download online − following a near $1200 price tag for the data dump on the dark web."
"The software-maker said that it now believed usernames and encrypted passwords had been stolen from about 38 million of its active users. It added that the attackers had also accessed details from an unspecified number of accounts that had been unused for two or more years.The firm had originally said 2.9 million accounts had been affected. Adobe has also announced that the hackers stole parts of the source code to Photoshop, its popular picture-editing program."
"As the dwindling numbers trickled in over the weekend, studio executives privately pointed the finger at a leaked copy of the film that hit the internet three weeks before its debut and was seen by 2.2 million people."
"Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed."
"US coding site responds to flood of traffic following hacking attack, with reports claiming Chinese search engine Baidu was source"
“Specifically, Plaintiffs' claim does not assert that class members were necessarily harmed by the data breach, but that they overpaid for their premium LinkedIn subscription because they did not receive promised data security.” In re Linkedin User Privacy Litigation, Case No. 5:12-cv-03088-EJD, 13 (N.D. Cal. Sep. 15, 2015)
" Sony Pictures Entertainment Inc has agreed to pay up to $8 million to resolve a lawsuit by employees who claimed their personal data was stolen in a 2014 hacking tied to the studio's release of a comedy set in North Korea, 'The Interview.'"
"All the BBC's websites were unavailable early on Thursday morning because of a large web attack. The problems began about 0700 GMT and meant visitors to the site saw an error message rather than webpages. Sources within the BBC said the sites were offline thanks to what is known as a "distributed denial of service" attack"
"Time Inc., which bought the social networking site in February, said Tuesday names and passwords from more than 360 million Myspace accounts were compromised. According to Time, the data was limited to usernames, passwords and email addresses from the platform prior to June 11, 2013, when the site was relaunched with stronger account security.
"On October 21, 2016, the largest distributed denial of service (DDoS) attack took place, shutting down most of the Internet, including Twitter, Amazon, GitHub, and the New York Times."
"Adult dating and pornography site company Friend Finder Networks has been hacked, exposing the private details of more than 412m accounts and making it one of the largest data breaches ever recorded, according to monitoring firm Leaked Source."
"Walt Disney CEO Bob Iger revealed Monday that hackers claiming to have access to a Disney movie threatened to release it unless the studio paid a ransom. Iger didn’t disclose the name of the film, but said Disney is refusing to pay. The studio is working with federal investigators."
"Yahoo on Tuesday said that all 3 billion of its accounts were hacked in a 2013 data theft, tripling its earlier estimate of the size of the largest breach in history, in a disclosure that attorneys said sharply increased the legal exposure of its new owner, Verizon Communications Inc ."
"Cloudflare described an amplification vector using memcached over UDP in their blog post this week, “Memcrashed – Major amplification attacks from UDP port 11211”. "
"With last month’s passage of the Alabama Data Breach Notification Act of 2018 (SB 318), all 50 states will have laws requiring companies to notify individuals when their personal information is exposed as a result of a data breach. It has been 15 years since the first data breach notification law passed in California, and this milestone is worth celebrating as a strong statement from the people of the United States that we care about our privacy."
"In the first round, the hacker who goes by online alias "gnosticplayers" was selling details of 617 million accounts belonging to the following 16 compromised websites for less than $20,000 in Bitcoin on dark web marketplace Dream Market."
"Downdetector, a website that provides information on online outages, had received more than 7,300 reports of problems related to Disney+ by 7 a.m. ET. The number of reports then dropped before going up again, spiking at nearly 8,500 reports around 9 a.m. ET.
"Disney+ itself does not appear to have been hacked. Instead, Disney+ customers’ credentials were stolen in other security breaches. Many people use the same email logins and passwords for multiple accounts, including the streaming service, which have been stolen during previous security breaches."
"Two major drops of confidential Nintendo code and documentation — now popularly referred to as the Nintendo Gigaleak — have seemingly revealed previously unknown canceled games, prototypes, source code, development tools, internal communication, and more. It marks what may well be the largest leak of internal video game information ever released"
"Capcom announced that hackers accessed some of the company resources, including emails and file servers, and some operations have been halted. The first report would indicate a ransomware infection with Ragnar Locker."
Steps include: "Determine your legal requirements"; "Notify law enforcement"; "Did the breach involve electronic personal health records?"; "Notify affected businesses"; "If Social Security numbers have been stolen, contact the major credit bureaus for additional information or advice"; "Notify individuals."
"CD Projekt posted the ransom note it received in which the hackers claimed to have access to source code from its games including Cyberpunk 2077, The Witcher 3, and Gwent. The note also said the hacked data included details relating to its HR, accounting, and other internal operations."
"The owner of hacked infidelity website Ashley Madison will pay a sharply discounted $1.66 million penalty to settle an investigation by the U.S. Federal Trade Commission and several U.S. states into lax data security and deceptive practices, the company and authorities said on Wednesday."
"An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author."
"Meta, the company which owns Facebook, Instagram and WhatsApp, has been fined €265m (£228m) by the Irish Data Protection Commission (DPC). The fine is over a data breach that saw the personal details of hundreds of millions of Facebook users published online. Phone numbers and email addresses of up to 533m users appeared on an online hacking forum."
"Hackers stole the email addresses of more than 200 million Twitter users and posted them on an online hacking forum, a security researcher said Wednesday. The breach 'will unfortunately lead to a lot of hacking, targeted phishing and doxxing,' Alon Gal, co-founder of Israeli cybersecurity-monitoring firm Hudson Rock, wrote on LinkedIn. He called it 'one of the most significant leaks I've seen.'"
"Attackers have exploited a SQL injection vulnerability in file sharing software MOVEit Transfer that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database to steal sensitive data such as personal and financial information (e.g., national identity numbers and credit card data of customers). The zero-day vulnerability was discovered on 31 May 2023 (CVE-2023-34362) and two more were discovered later. At this time, there is only evidence that CVE-2023-34362 (i.e. the first vulnerability) was exploited by the threat actors."
"After being hacked for 'almost a year and a half', GSC Game World stated on Twitter that Russian hackers have been able to 'access and compromise some of our leaked information intended for internal testing'."
"MGM, which owns more than two dozen hotel and casino locations around the world as well as an online sports betting arm, reported on September 11 that a “cybersecurity issue” was affecting some of its systems, which it shut down to “protect our systems and data.” For the next several days, reports said everything from hotel room digital keys to slot machines weren’t working. Even websites for its many properties went offline for a while. Guests found themselves waiting in hours-long lines to check in and get physical room keys or getting handwritten receipts for casino winnings as the company went into manual mode to stay as operational as possible."
"The hacker, Arion Kurtaj, leaked 90 clips from Rockstar Games' forthcoming Grand Theft Auto VI and also launched cyberattacks on Uber, Nvidia and other corporations. A British jury in August convicted Kurtaj and another teen, who were members of the international hacking group Lapsus$, for hacking, fraud and extortion"
"The security researcher Bob Diachenko and investigators from Cybernews have discovered an open instance with more than 26 billion data records. These were mostly compiled from previous breaches, but likely also include new data. In total, 3,876 domain names were included in the exposed data set... Though we don’t know the exact data types, sensitive data is, by definition, more valuable to criminals than mere email addresses and passwords. Worryingly, it’s possible that the data set includes medical records. This information type is not only highly sensitive but also, in many cases, inalterable. This means that they tend to remain valid years and even decades down the line, and can be used in targeted social engineering attacks and/or for blackmail. Other types of sensitive data, such as personal or financial information, can also easily lead to identity theft, financial fraud, and reputational damage."
We'd love to hear from you. Please send questions or feedback to the below email addresses.
Before contacting us, you may wish to visit our FAQs page which has lots of useful info on Tiki-Toki.
We can be contacted by email at: hello@tiki-toki.com.
You can also follow us on twitter at twitter.com/tiki_toki.
If you are having any problems with Tiki-Toki, please contact us as at: help@tiki-toki.com
Close