Papa John’s Case, Third-Party Risks and More: Cyber News Bytes

Papa John’s vs BIPA

It’s not every day we kick this newsletter off with a story involving pizza, but Papa John’s could be forced to shell out some major dough as the pizza giant finds itself in the middle of a hotly debated privacy conflict. A new case alleges that Papa John’s violated the Illinois Biometric Information Privacy Act (BIPA) by improperly scanning workers’ fingerprints (biometric data). While this case is not the first of its kind, given the size of the potential damages (billions) and the continued development of similar privacy legislation across the globe, it will be an important one to monitor.

“Third-Partying” too Hard?

Is your business “third-partying” too hard? Well, it might be time to turn down the music and pump the breaks. A new article from ITBrew outlines the risks of having too many third-party vendors, suppliers and partners. According to a survey by the Cyentia Institute, 98% of the 230,000+ surveyed organizations have reported a relationship with at least one vendor that has experienced a breach in the past two years. On average, each company had 10 third-party partners, with some having up to 25. To mitigate potential risks, organizations can proactively monitor their third-party partners by conducting regular check-ins and asking relevant questions to identify potential risk indicators.

The Threat of Stolen Credentials: What Organizations Need to Know

The threat of a cyberattack is always looming, and a new Beazley article dives deep into some important security techniques that should be implemented at your organization. The article outlines concerns about passwords usage due to insufficient security awareness and how easily they can be compromised. The article also outlines several ways that organizations can protect against this problem, which include the implementation of multi-factor authentication (MFA). Security awareness and password hygiene, including monitoring leaked credentials, are also essential. It is always worth the time and effort to understand the latest risks and important steps that can be taken to mitigate the chance of a cyberattack.  

Oakland Ransomware Attack

Advisen recently released an article covering the Oakland ransomware attack.  While our readers are familiar with the elements of a ransomware attack and understand that a governmental entity is a prime target for a hacker group, there are a few important items to take away from this incident.  First, the timeline. As the article mentions, city officials first confirmed the attack in February. Months later, the attack appears to still be unfolding, leading to continued disruption within the community. This exemplifies the fact that these events can drag on and resolution is rarely immediate.  This also highlights the importance of proactive incident response planning, with the goal of developing resiliency to cyber risk.  Second, the piece addresses another trend we are seeing unfold following similar attacks; litigation. The police union appears to be alleging the city failed to implement reasonable standards to prevent the attack. As always with these types of cases, it will be another important piece of news to monitor as the year rolls on.

hbspt.forms.create({ region: “na1”, portalId: “5702639”, formId: “1576c62c-f31f-43ce-94f7-9eac30b710d0” });