NYS DFS Publishes its Investigative Report of the Twitter Hack of July 2020

Hinshaw & Culbertson - Consumer Crossroads
Contact

Hinshaw & Culbertson - Consumer Crossroads

The New York State Department of Financial Services issued a press release on Thursday announcing the publication of its investigative report of the July 2020 Twitter hack. The exhaustive report reviews the facts surrounding the hack, provides a visual timeline, and explores the cybersecurity weaknesses at Twitter that made the hack possible, including a lack of leadership, vulnerability to social engineering, and a failure to address the new vulnerabilities caused by the pandemic-driven shift to mass remote working.

A few key report findings we are highlighting: (1) the hackers accessed Twitter’s systems by calling employees and claiming to be from the IT department; (2) the hackers duped four employees into providing log in credentials which enabled them to hijack Twitter accounts of politicians, celebrities, entrepreneurs, and several DFS-regulated crypto currency firms; (3) the hackers engaged in Bitcoin fraud causing at least $118,000 in losses; and (4) the DFS-regulated crypto currency firms – all subject to the DFS Part 500 cybersecurity regulation – responded quickly to block attempted transfers to the Bitcoin addresses used by the hackers.

At the time of the attack Twitter did not have a CISO, nor did it have adequate access controls and identify management, or adequate security monitoring. The Report identifies best practices that address the weaknesses the hack exposed and recommends, among other things, that large social media companies be designated as systemically important institutions and be subjected to prudential regulation to manage their heightened cybersecurity risk.

A copy of the release and report is available at the links below.

https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202010141

https://www.dfs.ny.gov/Twitter_Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Hinshaw & Culbertson - Consumer Crossroads

Written by:

Hinshaw & Culbertson - Consumer Crossroads
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Hinshaw & Culbertson - Consumer Crossroads on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide