Overnight Cybersecurity: Court dismisses OPM hack lawsuits | Head of voter fraud panel defends use of private email | Trump reportedly using RNC funds for Russia probe lawyers
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
–MARCH EQUIFAX BREACH WAS NO SECRET: A Monday night Bloomberg story claimed that Equifax did not notify the public of a breach in March. But, in fact, the breach was widely reported in security-related media and the company contacted both affected users and the government. The March breach occurred months before the recently announced breach that may have impacted as many as 143 million Americans. Bloomberg’s story claimed “Equifax has yet to disclose that March breach to the public,” suggesting the nondisclosure would “complicate the company’s efforts to explain a series of unusual stock sales by Equifax executives,” leaving them “vulnerable to charges of insider trading.” In fact, not notifying the public about an earlier breach that retrieved personal information would also run afoul of several state breach notification laws. Equifax, however, appears to have complied with those laws. The breach referred to in the Bloomberg story appears to be one at the Equifax subsidiary TALX. In May, several security publications, including widely read reporter Brian Krebs and blogger Graham Cluley reported on the breach. Those reports were based on the breach notifications sent to people affected. The company also sent a letter to the attorney general of New Jersey describing the breach, which the state’s Department of Justice posted to its website.
To read the rest of our piece, click here.
–…MEANWHILE, MASSACHUSETTS FILED SUIT AGAINST EQUIFAX: Massachusetts Attorney General Maura Healey filed suit against Equifax on Tuesday, alleging that the credit reporting company ignored obvious cybersecurity vulnerabilities for months before hackers breached the company. Healey, a Democrat, said Equifax “utterly failed to keep the personal information of nearly three million Massachusetts residents safe from hackers” and waited too long to disclose the hack. “We are suing because Equifax needs to pay for its mistakes, make our residents whole, and fix the problem so it never happens again,” Healey said.
To read the rest of our piece, click here.
{mosads}
–…ONE, OH, OH, OH ,OH, OH, CANADA: Equifax’s Canada division has revealed that as many as 100,000 Canadian consumers may have had their personal information compromised by hackers in a massive security breach that the credit reporting firm disclosed earlier this month. Equifax revealed the breach on Sept. 7, saying that hackers gained unauthorized access to Social Security numbers, birth dates and other personal information belonging to as many as 143 million Americans. Thousands also had their credit card numbers compromised. While the company initially said that some customers in the U.K. and Canada were affected, Equifax released more definitive information on Tuesday. The company said an investigation has indicated that roughly 100,000 Canadian consumers may have had their personal information accessed — including their names, addresses, Social Insurance Numbers and some credit card numbers.” We apologize to Canadian consumers who have been impacted by this incident,” Equifax Canada president and general manager Lisa Nelson said in a statement.
To read the rest of our piece, click here.
AN AGENCY UPDATE:
OPM LAWSUIT DISMISSED:
A District of Columbia court has dismissed two lawsuits over the Office of Personnel Management (OPM) data breach disclosed in 2015.
The American Federation of Government Employees, the largest federal workers union, filed the class action lawsuit against the OPM in June 2015, alleging that the breaches stemmed from gross negligence on the part of federal officials.
The lawsuit was one of two consolidated complaints related to the OPM breach that the U.S. District Court for D.C. dismissed on Tuesday, ruling that both sets of plaintiffs lacked the standing to bring their cases.
In 2015, the OPM disclosed two related cybersecurity breaches in which data on more than 20 million Americans, most of them federal workers, was stolen by hackers.
To read the rest of our piece, click here.
A LIGHTER CLICK:
EVERY $100 IS AN EXTRA LIFE. The Navy is replacing $38,000 joysticks used in Virginia-class ships with $30 XBox controllers the crews prefer.
THE MOSCOW MILE:
— ‘TRUMP’S PIT BULL’ DENIES COLLUSION IN STATEMENT BEFORE SENATE INTERVIEW: President Trump’s personal lawyer, Michael Cohen, emphatically denied any involvement with Russian attempts to meddle in the 2016 election in a public statement on Tuesday. “I’m certain that the evidence at the conclusion of this investigation will reinforce the fact that there was no collusion between Russia, President Trump, or me,” he said in a written statement made public shortly after he arrived for what was scheduled as a closed-door interview with Senate Intelligence Committee staff. That interview never took place, according to Cohen. After spending almost two hours in the committee’s offices, he told reporters that the committee had decided to postpone the meeting.
To read the rest of our piece, click here.
–…WHY THE INTERVIEW NEVER TOOK PLACE: The Senate Intelligence Committee on Tuesday postponed a hotly anticipated interview with President Trump’s personal lawyer, Michael Cohen. The leaders of the committee said they were calling off the session because Cohen ignored their request to avoid speaking with the press about his testimony. “We were disappointed that Mr. Cohen decided to pre-empt today’s interview by releasing a public statement prior to his engagement with Committee staff, in spite of the Committee’s requests that he refrain from public comment,” Chairman Richard Burr (R-N.C.) and Vice Chairman Mark Warner (D-Va.) said in a statement. “As a result, we declined to move forward with today’s interview.” The committee will seek to reschedule Cohen’s appearance in an open setting “in the near future,” they said. Tuesday’s original interview, with staff, was slated to be behind closed doors.
To read the rest of our piece, click here.
— TRUMP USING RNC CAMPAIGN FUNDS TO PAY RUSSIA LEGAL BILL: President Trump is reportedly using money from the Republican National Committee (RNC) and his reelection campaign to pay some of the legal costs surrounding the federal probe into Russian interference in the 2016 election. Reuters reported Tuesday that the payments from the RNC of unknown amounts have already been made and would be disclosed on federal election forms. Trump has also used money from his campaign coffers for lawyer costs associated with the Russia investigation being run by former FBI director Robert Mueller, the report said. Lawmakers and political officials can use their campaign accounts to pay for attorneys, as long as it stems from any work related to being a public official.
To read the rest of our piece, click here.
WHO’S IN THE SPOTLIGHT:
KRIS KOBACH: Kansas Secretary of State Kris Kobach on Tuesday defended his use of a personal email address to conduct business in his role as vice chairman of President Trump’s voter fraud commission, saying that using his Kansas state email would be a “waste of state resources.”
Kobach said in an email to ProPublica that he plans to continue using his personal Gmail account for commission business, because he is serving on the panel as a private citizen and not in his official capacity as Kansas secretary of state.
According to ProPublica, in order for members of the Presidential Advisory Commission on Election Integrity to comply with federal records retention laws, they must either use government email accounts, copy a government account on messages sent from a private account or send messages from their private accounts to a government account within 20 days.
“Secretary Kobach is serving as Vice Chairman of the Presidential Advisory Commission on Election Integrity in his personal capacity. Commission members are considered ‘Special Government Employees’ under federal law,” said Samana Poette, a spokeswoman for Kobach, in a statement to the Huffington Post.
“The members of the Commission were never issued federal email accounts, but they received ethics training and were instructed that they could continue to use personal email accounts as long as they ensure that all emails relating to commission business are copied or forwarded to a federal government email account.”
To read the rest of our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
President Trump’s choice to serve as U.S. ambassador to Russia, said Tuesday that there is “no question” that the Kremlin interfered in the 2016 presidential election. (The Hill)
McAfee calls Avril Lavigne the most dangerous celebrity online, based on malicious search results. (The Hill)
APROPOS OF NOTHING: Avril sang international versions of songs for foreign markets. Here’s “Girlfriend” in Mandarin. (Spotify)
An FEC vice commissioner predicted the 2016 election hacks in 2014. Naturally, everyone made fun of her. (Quartz)
‘Hacking back’ is definitely illegal and probably ineffective. (The Daily Beast)
The American Association of University Professors is rounding up profs who had phones searched at the border, fearing the searches are a threat to academic freedom. (AAUP)
Twitter suspended nearly 300,000 accounts flagged as terrorists since March. (ZDNET)
The white extremist approved Twitter foe Gab is losing its domain name. (Ars Technica)
If you’d like to receive our newsletter in your inbox, please sign up here.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..