The best cyber story of January 2022
Morgan Stanley’s $ 60 million settlement for data breach
Financial services giant Morgan Stanley has agreed to pay $ 60 million to settle data security class-action lawsuits. The lawsuit, filed by about a dozen customers, claims that the company disclosed their personal information when on two occasions, it failed to properly retire the old information technology.
The breach was caused by the failure to remove the Personally Identifiable Information (PII) of about 15 million past and present customers from legacy systems in 2016 and 2019. Legacy systems were sold to third parties with encrypted data Morgan Stanley began informing customers about the breach in July 2020.
The company was fined $ 60 million by the Office of the Monetary Control (OCC) in October 2020 for the incident.
The White House memo instructed the adoption of the ‘Zero Trust’
The White House has launched a new cyber security strategy that seeks to reduce the threat of cyber attacks on government infrastructure. The strategy expresses the administration’s vision to move government agencies to a ‘zero-confidence’ cyber security model. Zero trust means devices and users will be allowed access to the network, limited to manual roles or tasks.
The initial document of the strategy was published by the Office of Management and Budget (OMB) as a memorandum addressed to the heads of all agencies and executive departments. Government agencies have 30 days to appoint an implementation leader and 60 days to file an implementation plan.
Cyber attacks in Ukraine
Amid growing military tensions between Russia on the one hand and Ukraine and NATO on the other, the Ukrainian government was the subject of a major cyber attack. It attacked about 70 websites, including the cabinet, the treasury, the state service, seven ministries and the national emergency service. Malicious malware was also planted in government agencies.
Hours after the attack, access to most of the affected sites was restored. The Ukrainian government has blamed Russia for the attack. According to a Ukrainian official, the hackers used the administrator credentials belonging to the website developer.
The fall of Reveal?
REvil was the target of a multi-government security operation led by the FSB, Russia’s domestic intelligence service, a criminal group linked to some of the most notable ransomware attacks in recent years. The raids led to the arrest of 14 people and the seizure of more than 1 1 million in assets.
Incidents involving the group include attacks in 2021 on the colonial pipeline, JBS USA and Kaseya. The FSB said it had broken the revelation and filed a complaint against members in response to information provided by the United States.
Cyber security review for Chinese companies before foreign IPOs
The Cyberspace Administration of China (CAC), the country’s cyberspace regulator, has announced that platform companies need to test their cybersecurity by holding the data of one million or more users before listing their shares abroad. Companies are expected to apply for review before submitting their listing application to foreign regulators.
The purpose of the test is to assess the risk of company data being accessed, controlled, manipulated or otherwise influenced by a foreign government. Companies deemed a threat to national security will be barred from being listed abroad. The new rules will be effective from February 15.