Shawn E. Tuma

Posts Tagged ‘hacking’

Cybersecurity Lessons Learned from SecureWorld #SWDAL16 Conference

In Cybersecurity Law, Data Breach, Media on September 29, 2016 at 7:04 pm

secureworldFollowing an outstanding SecureWorld Expo – Dallas Conference, Courtney Theim posted a nice wrap up of the lessons learned as of the time of her post: #SWDAL16: What We’ve Learned So Far

I am going to give you the gist of it and encourage you to go check out the full post: Read the rest of this entry »

Shawn Tuma Discusses Yahoo Data Breach on KURV 710 News Talk Radio

In Data Breach, Media on September 28, 2016 at 7:22 pm


Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.


SecureWorld Presentation: Cybersecurity Legal Issues: What You Really Need to Know

In Corporate Governance, Cyber Issues, Cybersecurity Law, Data Breach, Privacy on September 27, 2016 at 10:23 pm

Shawn Tuma delivered the presentation Cybersecurity Legal Issues: What You Really Need to Know at SecureWorld Expo Dallas on September 27, 2016. The following are the slides from Tuma’s presentation.

Download: Cybersecurity Incident Checklist

Read the rest of this entry »

Yahoo Data Breach: US Senators Demand Answers – Still Think You Don’t Have to Disclose and Notify?

In Computer Fraud and Abuse Act, Cybersecurity Law, Data Breach, Privacy on September 27, 2016 at 6:45 pm

There is a grave and unfortunate misperception among many business leaders who believe that when their company has had a data breach, going through a response and notification of affected individuals is optional. To the educated readers of this blog, this sounds shocking. Sadly, it is something I see on a regular basis. What is worse is that there are far too many lawyers who do not practice in this area but, out of ignorance, advise such clients that it is really not as big of a deal as we are making out of it and that they can just ignore it.  Read the rest of this entry »

Yahoo Data Breach – Some Facts & Questions (i.e., was it really the Russians?)

In Cybersecurity Law, Privacy, Cyber Issues, Media on September 23, 2016 at 6:00 am

hacked-1The Basic Facts

Yahoo announced that it had a data breach in late 2014 and 500 million users’ account information was stolen. The account information may include names, email addresses, telephone numbers, date of birth, passwords (most encrypted with bcrypt, but apparently not all), security questions, and security question answers.

People who have Yahoo-based services should immediately change their passwords, change their security questions and answers, not use the same password on multiple accounts, and implement dual factor authentication where available.

The Message in the Message

In its notification message, Yahoo subtly invokes the “it’s not our fault, we were the victim of a state-sponsored actor attacking us” defense. I do not blame Yahoo, it works. It uses the words “state-sponsored actor” twice in the first paragraph and twice in the fourth paragraph: Read the rest of this entry »

%d bloggers like this: