![]() ![]() In fact, the judge ruled, the language in the incident response contract between Capital One and Mandiant was nearly identical to the contract guiding the standard cybersecurity services that Mandiant provided dating back to 2015. “This type of directive from the judge could strike fear in the hearts of every company that’s ever hired a vendor to understand and improve their cyber posture,” said Norma Krayem, vice president and chair of the cybersecurity, privacy and innovation practice at Van Scoyoc Associates. In particular, the big companies that hire outside security firms will need to be more careful in how they set up those business relationships. ![]() Capital One had argued that the report should remain protected under legal doctrine.Īttorneys and legal experts who reviewed the May 26 ruling agreed it’s the kind of change that would shift the normally placid world of corporate cybersecurity law. Magistrate Judge John Anderson of the Eastern District of Virginia ruled that Capital One must provide a Mandiant report that’s likely to include “engagement activities, results and recommendations for remediation” in connection to the breach announced in July 2019. Typically, hacked organizations are able to keep incident response reports private and avoid costly suits by shielding the details under attorney-client privilege. It’s the kind of report that, if made public, could highlight technical and procedural failures that made it possible for a single suspect to allegedly collect gigabytes of data about 100 million people from a bank with $28 billion in revenue. The surprise decision, in effect, determined that Capital One would need to provide the forensic details - warts and all - about the hack to attorneys representing a group of customers suing the bank. When a judge ruled last month that Capital One must provide outsiders with a third-party incident response report detailing the circumstances around the bank’s massive data breach, the cybersecurity world took notice. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |