South Dakota Senate Panel Approves Data Breach Legislation

US News reports: “A legislative panel has approved a bill that would require companies to inform South Dakota residents whose personal information was taken in a data breach,” and that “the state needs a fair reporting law that requires consumers to be notified about the loss of their information.”

In a final appeal to the Supreme Court, CareFirst warns of a ‘flood’ of data breach lawsuits

Defining the threshold for actionable harm continues to be a moving target. reported this week, “In one last effort to convince the Supreme Court to hear its data breach case, attorneys with CareFirst warned that without the high court’s review, companies in any industry would be inundated with class-action lawsuits” because “any individual whose information was exposed in a data breach could sue the company ‘even if the plaintiff suffered no harm whatsoever.’”

Wall Street Has a $1.7 Billion Bet on the Rising Risk of Grid Attacks

Bloomberg Technology reports, “Investors including banks and venture capital firms more than doubled their financing last year to private companies focused on developing cyber-security solutions for power-grid operators, utilities and other industrial businesses, a Bloomberg New Energy Finance analysis shows. The $1.7 billion of funding since 2010 is a bet that the industry’s rush into the Internet-of-things era will raise the risk of cyber-attacks on grids and demand for services that fight them.”

NonPetya ransomware forced Maersk to reinstall 4000 servers, 45000 PCs

ZDNet reports, “Maersk has revealed that a devastating ransomware attack which struck businesses across Europe in 2017 required close to a ‘complete infrastructure’ overhaul and the reinstallation of thousands of machines….Maersk, a container ship and supply vessel operator, previously warned that the ransomware attack would cause losses of up to $300 million due to ‘serious business interruption.’”