Key points:
- Data breaches have caused increased scrutiny on cybersecurity measures, leading to stricter regulations and a rise in cyberattacks.
- The US now requires companies to report data breaches to the Securities and Exchange Commission within four business days.
- A recent cyberattack on MongoDB’s corporate IT systems resulted in the theft of customer contact information, prompting a warning for administrators to be vigilant against phishing attacks.
In recent cybersecurity news, a significant update to American cybersecurity regulations requires publicly traded companies to report any data breaches to the Securities and Exchange Commission within four business days, as of December 18th, 2023. Smaller companies will be compelled to follow these regulations from June 15th, 2024. However, firms can request delays to this if they believe disclosure poses a significant risk to national security or public safety.
Moreover, administrators managing a MongoDB database have been warned to stay alert for potential signs of cyberattack. Recently, an unauthorized access to MongoDB’s corporate IT systems led to the theft of customer account metadata and associated contact information. While no evidence suggests customer data stored on the Atlas developer platform was compromised, users and administrators should be alert for phishing and social engineering attacks nonetheless.
Utah is implementing a new data privacy law on December 31st, 2023, which mandates business to establish data security practices to shield users’ privacy. It also provides consumers the right to instruct firms to discontinue using their data in advertising. Additionally, this law makes Utah the first US state to confer social media privacy rights to minors and is the fourth state to pass a broad consumer data protection law.
In California, companies may soon be subject to more restrictive data collection practices following a vote from the California Privacy Protection Agency. If a new law is passed, companies would have to allow California residents the option to deny any business the right to sell or share their personal data.
Lastly, cybersecurity experts repeatedly urged developers to exercise caution before downloading anything from open-source project repositories due to malicious packages containing malware targeting Windows and Linux systems. The US Cybersecurity and Infrastructure Security Agency also reminded hardware and software manufacturers to desist from using default passwords in their products following alerts that an Iranian-backed group was exploiting default passwords for network access.