Hackers gain access to over 150 000 security cameras
Friday, March 12, 2021
Ilia Kolochenko, founder and CEO at ImmuniWeb, commented: "This incident will likely trigger an avalanche of legal and judicial costs for the affected companies as the leak of such data is a reportable security incident under many state and federal laws. Moreover, individual notifications to the exposed victims filmed by the compromised cameras, or even notifications by a press release, may be required as a matter of law depending on the specific usage and location of the branched cameras.”
He says the US has already enacted a federal law to prevent unsecured IOT devices from being supplied to the Federal government via the “IOT Cybersecurity Improvement Act” in 2020. States such as California and Oregon also pioneered state regulation of IOT security by enacting state laws. The California law is quite comprehensive from a technical viewpoint, but is comparatively toothless: individuals cannot sue under the law and there are no fixed monetary penalties like under CCPA/CPRA, which serve as a formidable deterrence for those who misuse personal data of the state citizens.
"In Europe, ENISA recently published a standard for the security of IOT devices; however, it has no legally binding power. To avoid domino-effect hacks of this nature, we urgently need a harmonious IOT data security legislation both in the US and EU.
“The current 'patchwork' of disjoint laws is confusing, burdensome and inefficient,” Kolochenko ended. Read Full Article
Forbes: EU Banking Authority Hacked As Microsoft Exchange Attacks Continue
ComputerWeekly: Qualys caught up in Accellion FTA breach