David Kitchen

Subscribe to all posts by David Kitchen

Dramatic Increase in the Number of Third-Party Vendor Incidents Emphasizes the Need for Better Vendor Due Diligence Processes

Photo of Sara GoldsteinBy Sara Goldstein and David Kitchen on Posted in Third-Party Vendor Incidents
As reflected in our 2021 Data Security Incident Response Report  2020 saw a sharp spike in the number of incidents involving vendors, which amounted to over 25 percent of the total incidents handled in 2020, and the trend is continuing well into 2021. This spike resulted from companies’ increased reliance on vendors to carry out … Continue Reading

Key Changes to New York Breach Notification and Data Security Protection Requirements from the New York SHIELD Act

Photo of Damon C. BarhorstBy David Kitchen and Damon C. Barhorst on Posted in Data Breach Notification Laws
The New York SHIELD Act,[1] officially titled the Stop Hacks and Improve Electronic Data Security Act, amends New York’s existing data breach notification law in several significant ways and adds a number of data security protection requirements. The amended data breach notification obligations went into effect on Oct. 23, 2019, with the data security requirements … Continue Reading

DSIR Deeper Dive: The Ransomware Epidemic

Photo of Anthony P. ValachBy David Kitchen and Anthony P. Valach on Posted in Data Security Incident Response
Ransomware is among the most common and persistent threats faced by organizations of all sizes. In 2019, the ransomware threat landscape worsened in several significant ways: (1) average demands increased more than tenfold; (2) all industry segments saw increases in attack frequency, with stark increases seen by education and government entities; and (3) several threat … Continue Reading

Deeper Dive: The Scourge of O365 Incidents

Photo of M. Scott KollerPhoto of BakerHostetlerBy David Kitchen, M. Scott Koller and BakerHostetler on Posted in Cybersecurity, Data Security Incident Response
A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved unauthorized access to an online email account. Phishing attacks continued to dominate the types of cyberattacks organizations experienced in 2018, owed, … Continue Reading

Deeper Dive: Take Action to Close the Largest Cause of Data Security Incidents – Your Employees

By David Kitchen on Posted in Data Security Incident Response
If you work at a typical company, employee actions and inadvertent disclosures present the greatest threat to the security of your data. Therefore, providing proper training and technical safeguards is one of the most important means to enhance your company’s security profile. In BakerHostetler’s newly-released 2018 Data Security Incident Response Report, we assisted our clients … Continue Reading

A New Tax Season, but the Same W-2 Spear Phishing Scam

By David Kitchen and David M. Brown on Posted in Phishing
According to the IRS, the IRS saw the number of businesses, public schools, universities, tribal governments and nonprofits victimized by W-2 scams increase to 200 in 2017 from 50 in 2016. Those 200 victims translated into several hundred thousand employees whose sensitive data was stolen. In some cases, the criminals requested both the W-2 information … Continue Reading

Oregon Expands Deceptive Trade Practices Act to Include Misrepresentations About PI Usage

By David Kitchen and Alan L. Friel on Posted in Enforcement, State Legislation
Effective January 1, 2018, Oregon will join Pennsylvania and Nebraska in expanding its definition of deceptive trade practices to explicitly include a material misstatement regarding the use of personal information. House Bill 2090 applies to statements “publishe[d] on a website … or in a consumer agreement related to a consumer transaction.” Like the other states’ … Continue Reading

Nevada Enacts Online Privacy Policy Law; Illinois ‘Right to Know’ Bill Carried Over

Photo of Melinda L. McLellanBy David Kitchen, Alan L. Friel and Melinda L. McLellan on Posted in Enforcement, Online Privacy, State Legislation
Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices. California was the first state to pass such a law in 2004, and Delaware enacted a similar law effective January 1, 2016.  Similar to its predecessors, the new Nevada … Continue Reading
LexBlog