A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly discloseThe Irish government fixed a vulnerability two years ago in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents.
But details of the vulnerability weren’t revealed until this week after attempts to coordinate public disclosure with the government agency stalled and ended.
Security researcher Aaron Costello said he discovered the vulnerability in the COVID-19 vaccination portal run by the Irish Health Service Executive (HSE) in December 2021, a year after mass vaccinations against COVID-19 began in Ireland.
Costello’s public disclosure marks more than two years since first reporting the vulnerability.
His blog post included a multi-year timeline revealing a back and forth between various government departments that were unwilling to take claim to public disclosure.
The SEC voted on Wednesday to require public companies to report a portion of their greenhouse gas emissions and their exposure to risks from climate change.
While the new rules do not apply to privately held companies like startups, they do create opportunities for those focused on the carbon tracking, accounting, and management space.
Some, like Amazon, Vanguard, Ralph Lauren, and Chevron, supported Scope 3 disclosures; already, many public and private companies voluntarily track those emissions.
In recent years, a number of startups have turned to AI to automate and improve Scope 3 estimates.
In adopting the new rules, the SEC is playing catch-up with other large economies, including China and the EU, which both have greenhouse gas reporting requirements.
As the SEC’s new data breach disclosure rules take effect, here’s what you need to know The controversial regulation represents a major shake-up for U.S. organizationsStarting from today, December 18, publicly-owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours.
In an 8-K filing, breached organizations must describe the incident’s nature, scope, timing, and material impact, including financial and operational.
In addition to the SEC’s new data breach disclosure rules, the regulator has also added a new line item called Item 106 to the Regulation S-K that will be included on a company’s annual Form 10-K filing.
In a recent interview with TechCrunch, Sullivan said he welcomed the SEC’s data breach reporting rules, saying: “We can nitpick the details as much as we want, but this is the right way to do it,” he said.
Until now, many organizations have taken months to report a breach and only did so after they had completed their investigation.
