By Dr. Thomas Nietsch and Andreas Müller
On July 24, 2024, the OLG Hamm ruled that claims for moral damages under Art. 82 GDPR are generally assignable (case number: 11 U 69/23).
Read MoreBy: Dr. Thomas Nietsch and Andreas Müller
On 31 July 2024 the Higher Regional Court of Koblenz (Oberlandesgericht Koblenz) has rejected an appeal to a verdict of the Regional Court of Koblenz (Landgericht Koblenz) for deletion of an interview published on YouTube, due to lacking a prospect of success (case number 4 U 238/23).
Read MoreBy: Cameron Abbott and Rob Pulham
In their recent article available here, Joseph Wylie, Kenn Brotman, and J. Morgan Dixon from our Chicago office discuss what changes to privacy law in Illinois will mean for company’s collecting or sharing individual’s biometric data.
In November 2020, accounting and consulting firm Nexia Australia (Nexia) was alerted to a “REvil” ransomware attack taking place within its system. The attackers threatened to post personal information of Nexia’s clients, customers and staff online unless it paid a $1m ransom within 72 hours.
It was reported that the hackers appeared to have posted Nexia’s confidential files onto the dark web; however, further investigation revealed that the hackers had merely posted screenshots of Nexia’s files. Realising this, Nexia dismissed the threat and refused to pay the ransom.
But it didn’t end there.
Shortly after the attack, a news service found the Nexia file screenshots on the dark web and publicised that the company’s confidential information had been stolen and shared. Not only did Nexia have to reassure panicking clients that their confidential information remained uncompromised, it had to convince the Australian Securities and Investments Commission, the Australian Federal Police and the Privacy Commissioner that nothing of concern had been taken.
It doesn’t help that ransomware-as-a-service is becoming an increasingly lucrative business for cybercriminals to launch this type of attack. All that is needed is off-the-shelf malware, a wallet of cryptocurrency and it’s ready to deploy against an unsuspecting organisation.
The attack on Nexia demonstrates that even if there is no evidence that confidential information has been leaked, organisations can still suffer significant damage. The cost of reassuring stakeholders and mitigating reputational harm can almost match the consequences of a full blown attack.
As Warren Buffet famously quoted, “It takes 20 years to build a reputation and 5 minutes to ruin it”. While Nexia recovered valiantly, this serves as a lesson that even when unsuccessful, the public ramifications of a ransomware attack are not to be underestimated.
By Cameron Abbott, Rob Pulham, Stephanie Mayhew, Dadar Ahmadi-Pirshahid and Lauren Hrysomallis
A new Cyber Security Act is set to be unveiled in Parliament’s next sitting from 12 August, as reported by the ABC. The proposed Act would require Australian businesses and government bodies to disclose when they make a ransom payment to cybercriminals in the event of a hack, or face penalties of up to AU$15,000 for failing to notify.
Read MoreBy Paul R. Haswell and Cameron Abbott
As much as artificial intelligence (AI) remains a hot topic to companies and individuals alike, there remains limited detailed regulation in place. The European Union published its Artificial Intelligence Act on 12 July 2024, but other jurisdictions have been slow or piecemeal in its regulation of AI.
Read MoreBy Cameron Abbott and Rob Pulham
In their recent article available here, Katie Staba and Corey Bieber from our Chicago office discuss emerging advertising technology issues, including new applications of the California Invasion of Privacy Act and the Video Privacy Protection Act.
By Cameron Abbott, Rob Pulham, Damien Timms, Dadar Ahmadi-Pirshahid and Adam Asadurian
Some key compliance dates approach for responsible entities of critical infrastructure assets under the Security of Critical Infrastructure Act (SOCI Act).
Read MoreBy Cameron Abbott, Rob Pulham, Stephanie Mayhew and Jordan Booth
Cybernews has reported on its researchers’ discovery of what could be the largest leaked password compilation of all time, with a record 9,948,575,739 plaintext passwords in a file called “rockyou2024.txt” (see article).
Read MoreBy: Cameron Abbott, Rob Pulham, Dadar Ahmadi-Pirshahid, and Adam Asadurian
Astonishingly (…or perhaps not, for anyone who’s answered a phone call recently), “imposter calls” are the number one offender of spam calls in the United States, amounting to 33% of all phone calls according to a recent study by QR Code Generator.
Read MoreCopyright © 2024, K&L Gates LLP. All Rights Reserved.