Verkada Data Breach Exposes Feeds of 150,000 Security Cameras; Targets Include Health Care Facilities, Schools, Police Stations and a Tesla Plant
Monday, March 15, 2021
Verkada, a major provider of surveillance cameras to a variety of facility types throughout the United States, suffered a data breach that exposed the contents of many of its live camera feeds. A hacktivist group was able to access over 150,000 Verkada cameras simply by taking control of a corporate “super admin” account via credentials that they say were publicly posted on the internet.
Ilia Kolochenko, founder and CEO at ImmuniWeb, provided some further insight on how specific state laws might impact for Verkada: “This incident will likely trigger an avalanche of legal and judicial costs for the affected companies as the leak of such data is a reportable security incident under many state and federal laws. Moreover, individual notifications to the exposed victims filmed by the compromised cameras, or even notifications by a press release, may be required as a matter of law depending on the specific usage and location of the branched cameras … The US has already enacted a federal law to prevent insecure IoT devices from being supplied to the Federal government via the “IoT Cybersecurity Improvement Act” in 2020. States like California and Oregon also pioneered state regulation of IoT security by enacting state laws. The California law is quite comprehensive from a technical viewpoint but is comparatively toothless: individuals cannot sue under the law and there are no fixed monetary penalties like under CCPA/CPRA that serve as a formidable deterrence for those who misuse personal data of the state citizens.”
Verkada has notified its customers of the data breach via email and has made a “help hotline” available for any who have questions. Read Full Article
Dark Reading: Microsoft Reports 'DearCry' Ransomware Targeting Exchange Servers
IT World Canada: Exchange Server vulnerabilities being exploited with ransomware, says Microsoft