Before 2000, Congress tried to address early versions of these issues with the Computer Fraud and Abuse Act, the Federal Trade Commission Act and the Gramm-Leach-Bliley Act. However, the passage of these laws seemed to only foreshadow the impending influx of hacks, leaks, breaches and other cybersecurity failures in the decades to come. While Congress has continued to amend and update these laws and others (albeit, quite slowly) in order to modernize them, it has not stopped or slowed the frequency of these cybersecurity events. Progress in this legislative area has not been assisted by states adopting their own specific cybersecurity laws. However, the impact of state data breach notification laws has positively impacted the public awareness of these events. This timeline will show both the cybersecurity events (though an emphasis will be placed on authenticated events and events that were not a pure accident or predominantly non-internet/cyber-based events) and the associated, relevant legal events.
"The Federal Trade Commission Act is the primary statute of the Commission. Under this Act, as amended, the Commission is empowered, among other things, to (a) prevent unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce; (b) seek monetary redress and other relief for conduct injurious to consumers; (c) prescribe rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices; (d) gather and compile information and conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce; and (e) make reports and legislative recommendations to Congress and the public."
"The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization, but fails to define what “without authorization” means. With harsh penalty schemes and malleable provisions, it has become a tool ripe for abuse and use against nearly every aspect of computer activity."
"The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data."
"Internet pirates are getting a taste of 2003's hottest game these days, but if the developer and publisher had anything to say about it, things would be quite different. A very early and limited build of "Doom III" has leaked onto the Internet and it's spreading like wildfire."
"SB 1386 went into affect on July 1, 2003. Under the law, covered parties must disclose any breach of the security of personal data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person"
"15 September 2003 The Pirate Bay was founded by Swedish pro-culture organization Piratbyrån (The Bureau of Piracy). Since there was no filesharing network in Sweden at the time, Piratbyrån decided to launch one, using the relatively new BitTorrent protocol."
"As the weeks passed, Gembe realised that nobody at Valve had noticed he was inside the company's network. He began to push a little harder. That's when he found the ultimate prize: the source code for the game he had been waiting to play for so many years. The temptation was too great. On September 19, 2003, Gembe downloaded the unfinished game's code and made off with Valve's crown jewels."
"'Halo 2,' the sequel to Microsoft Corp.'s best-selling game for its Xbox video console, has leaked onto the Internet nearly four weeks before its planned sale, the world's largest software maker said Friday."
"The Identity Theft Enforcement and Restitution Act of 2008 allows federal courts to order a defendant to pay restitution for “the value of the time reasonably spent by the victim” trying to repair “the intended or actual harm” that he or she suffered."
"The four co-founders of website The Pirate Bay have been found guilty of assisting the distribution of illegal content online by a Swedish court today and have been sentenced to a year in jail and a $3.6m (£2.4m) fine."
"Earlier today news spread that social application site RockYou had suffered a data breached that resulted in the exposure of over 32 Million user accounts. To compound the severity of the security breach, it was found that RockYou are storing all user account data in plain text in their database, exposing all that information to attackers. RockYou have yet to inform users of the breach, and their blog is eerily silent – but the details of the security breach are going from bad to worse"
The bill was placed on the legislative calendar in 2010 and never moved forward to be ratified into law.
"The legal action by a PSN user claims Sony did not do enough to protect the private data of its customers... In a statement posted on the official PlayStation blog, the company said user account information for the PlayStation Network and Qriocity services had been compromised following an 'illegal and unauthorized intrusion into our network.' The company posted an apology for the security breach and ongoing disruption to the PSN and Qriocity services."
"The highly anticipated "Gears of War 3" game isn't supposed to hit the streets until September 20 ... and yet some players have already got their hands on the game. Or rather, they've got their hands on an early version of the game."
"Mass Effect 3's three campaign modes were revealed over the weekend after an early version of the game was accidentally published to some Xbox 360 owners. Microsoft published the Mass Effect 3 beta to those who were in the new Xbox Live dashboard preview. The beta was quickly removed, but not before gamers published spoiler-filled gameplay videos via NeoGAF."
'In a statement, the company warns that 100 million users appear to be affected by the hack, which compromised not just passwords but email addresses as well. That's a massive chunk of LinkedIn's user base of 400 million. The data breach first happened in 2012, and at the time was thought to only affect some users' passwords. In response, LinkedIn issued a mandatory password reset for the accounts it thought were compromised. The company never publicly clarified how many users it believed were affected."
"In July 2012, Dropbox disclosed that more than 68 million accounts had been compromised due to a hacking incident. While Dropbox originally claimed than only email addresses were lifted, the latest news reveals the hackers also stole hashed and salted passwords. Dropbox says the problem was first brought to their attention in March 2013, when customers complained they were receiving spam through email addresses used exclusively for their Dropbox accounts. At the time, Vice President of Engineering Aditya Agarwal explained that only a small number of stolen usernames and passwords had been used to access user accounts. Four years later, however, the problem's true scale was revealed. Scarier still is that the information from the 68 million hacked Dropbox accounts is now available for free download online − following a near $1200 price tag for the data dump on the dark web."
"The software-maker said that it now believed usernames and encrypted passwords had been stolen from about 38 million of its active users. It added that the attackers had also accessed details from an unspecified number of accounts that had been unused for two or more years.The firm had originally said 2.9 million accounts had been affected. Adobe has also announced that the hackers stole parts of the source code to Photoshop, its popular picture-editing program."
"In January 2014, news broke of a hack that exposed details from 4.6 million Snapchat accounts. A gap in the company’s security was said to be responsible. The vulnerability allowed hackers to acquire the usernames and phone numbers of millions of users. The stolen information was reportedly downloaded by a site using the name SnapchatDB.info and was made publicly accessible."
"Snapchat, the developer of a popular mobile messaging app, has agreed to settle Federal Trade Commission charges that it deceived consumers with promises about the disappearing nature of messages sent through the service. The FTC case also alleged that the company deceived consumers over the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure. In fact, the case alleges, Snapchat’s failure to secure its Find Friends feature resulted in a security breach that enabled attackers to compile a database of 4.6 million Snapchat usernames and phone numbers."
"As the dwindling numbers trickled in over the weekend, studio executives privately pointed the finger at a leaked copy of the film that hit the internet three weeks before its debut and was seen by 2.2 million people."
"Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed."
"US coding site responds to flood of traffic following hacking attack, with reports claiming Chinese search engine Baidu was source"
"The International — the world championships for mega-popular online game Dota 2 with $18 million in prizes from developer Valve Software — was brought to a crashing halt in the middle of its very first round of the second day thanks to a distributed denial of service (DDoS) attack."
“Specifically, Plaintiffs' claim does not assert that class members were necessarily harmed by the data breach, but that they overpaid for their premium LinkedIn subscription because they did not receive promised data security.” In re Linkedin User Privacy Litigation, Case No. 5:12-cv-03088-EJD, 13 (N.D. Cal. Sep. 15, 2015)
" Sony Pictures Entertainment Inc has agreed to pay up to $8 million to resolve a lawsuit by employees who claimed their personal data was stolen in a 2014 hacking tied to the studio's release of a comedy set in North Korea, 'The Interview.'"
"All the BBC's websites were unavailable early on Thursday morning because of a large web attack. The problems began about 0700 GMT and meant visitors to the site saw an error message rather than webpages. Sources within the BBC said the sites were offline thanks to what is known as a "distributed denial of service" attack"
"'Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,' Snapchat explained in a blog post. 'Unfortunately, the phishing email wasn’t recognized for what it was — a scam — and payroll information about some current and former employees was disclosed externally.'"
"Time Inc., which bought the social networking site in February, said Tuesday names and passwords from more than 360 million Myspace accounts were compromised. According to Time, the data was limited to usernames, passwords and email addresses from the platform prior to June 11, 2013, when the site was relaunched with stronger account security.
"On October 21, 2016, the largest distributed denial of service (DDoS) attack took place, shutting down most of the Internet, including Twitter, Amazon, GitHub, and the New York Times."
"Adult dating and pornography site company Friend Finder Networks has been hacked, exposing the private details of more than 412m accounts and making it one of the largest data breaches ever recorded, according to monitoring firm Leaked Source."
"Walt Disney CEO Bob Iger revealed Monday that hackers claiming to have access to a Disney movie threatened to release it unless the studio paid a ransom. Iger didn’t disclose the name of the film, but said Disney is refusing to pay. The studio is working with federal investigators."
"Yahoo on Tuesday said that all 3 billion of its accounts were hacked in a 2013 data theft, tripling its earlier estimate of the size of the largest breach in history, in a disclosure that attorneys said sharply increased the legal exposure of its new owner, Verizon Communications Inc ."
"Cloudflare described an amplification vector using memcached over UDP in their blog post this week, “Memcrashed – Major amplification attacks from UDP port 11211”. "
"In late July, Snap’s director of engineering emailed the company’s team in response to an unfolding privacy threat. A government official from Dorset in the United Kingdom had provided Snap with information about a recent attack on the company’s users: a publicly available list, embedded in a phishing website named klkviral.org, that listed 55,851 Snapchat accounts, along with their usernames and passwords."
"With last month’s passage of the Alabama Data Breach Notification Act of 2018 (SB 318), all 50 states will have laws requiring companies to notify individuals when their personal information is exposed as a result of a data breach. It has been 15 years since the first data breach notification law passed in California, and this milestone is worth celebrating as a strong statement from the people of the United States that we care about our privacy."
"The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros."
"In the first round, the hacker who goes by online alias "gnosticplayers" was selling details of 617 million accounts belonging to the following 16 compromised websites for less than $20,000 in Bitcoin on dark web marketplace Dream Market."
"Unfortunately for Feige, the entirety of 'Endgame' ended up leaking online just a couple days after his comments about the first leak. 'Endgame' has opened in China (where it’s on track to smash the opening day record with $100 million), and Variety reports a copy of 'Endgame' recorded in a Chinese theater has surfaced online and on popular English-language torrent websites. The film became available on piracy networks sometime between 4pm and 5pm China Standard Time on April 24."
"Facebook, Inc. will pay a record-breaking $5 billion penalty, and submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy, to settle Federal Trade Commission charges that the company violated a 2012 FTC order by deceiving users about their ability to control the privacy of their personal information."
"High-profile YouTubers have been targeted by cybercriminals over the weekend in what appears to have been a highly coordinated and "massive" attack. The security warning was made by Catalin Cimpanu, a ZDNet reporter, who spoke to a member of an internet forum with a history of trading access to hacked accounts. Here's what we know so far and what you need to do to protect your own YouTube account."
"Downdetector, a website that provides information on online outages, had received more than 7,300 reports of problems related to Disney+ by 7 a.m. ET. The number of reports then dropped before going up again, spiking at nearly 8,500 reports around 9 a.m. ET.
"Disney+ itself does not appear to have been hacked. Instead, Disney+ customers’ credentials were stolen in other security breaches. Many people use the same email logins and passwords for multiple accounts, including the streaming service, which have been stolen during previous security breaches."
"Two major drops of confidential Nintendo code and documentation — now popularly referred to as the Nintendo Gigaleak — have seemingly revealed previously unknown canceled games, prototypes, source code, development tools, internal communication, and more. It marks what may well be the largest leak of internal video game information ever released"
"The security research team at Comparitech today disclosed how an unsecured database left almost 235 million Instagram, TikTok and YouTube user profiles exposed online in what can only be described as a massive data leak."
"Capcom announced that hackers accessed some of the company resources, including emails and file servers, and some operations have been halted. The first report would indicate a ransomware infection with Ragnar Locker."
Steps include: "Determine your legal requirements"; "Notify law enforcement"; "Did the breach involve electronic personal health records?"; "Notify affected businesses"; "If Social Security numbers have been stolen, contact the major credit bureaus for additional information or advice"; "Notify individuals."
"Online forum posts reviewed by CNN Business and vetted by an independent cybersecurity expert show that on June 6, hackers claimed to have obtained 780 gigabytes of data from EA (EA), including the Frostbite source code, which is the game engine that powers the FIFA, Madden, and Battlefield series of video games, among others."
"CD Projekt posted the ransom note it received in which the hackers claimed to have access to source code from its games including Cyberpunk 2077, The Witcher 3, and Gwent. The note also said the hacked data included details relating to its HR, accounting, and other internal operations."
"The owner of hacked infidelity website Ashley Madison will pay a sharply discounted $1.66 million penalty to settle an investigation by the U.S. Federal Trade Commission and several U.S. states into lax data security and deceptive practices, the company and authorities said on Wednesday."
We'd love to hear from you. Please send questions or feedback to the below email addresses.
Before contacting us, you may wish to visit our FAQs page which has lots of useful info on Tiki-Toki.
We can be contacted by email at: hello@tiki-toki.com.
You can also follow us on twitter at twitter.com/tiki_toki.
If you are having any problems with Tiki-Toki, please contact us as at: help@tiki-toki.com
Close