June 19, 2021

Volume XI, Number 170

Advertisement

June 18, 2021

Subscribe to Latest Legal News and Analysis

June 17, 2021

Subscribe to Latest Legal News and Analysis

June 16, 2021

Subscribe to Latest Legal News and Analysis

Privacy Tip #287 – Double Down on Passwords

It has been reported by Bloomberg Law that the Colonial Pipeline ransomware attack was caused by a “single compromised password.” The Colonial Pipeline ransomware attack had consumers hoarding gasoline and disrupted distribution of gas along the east coast. One single compromised password.

Colonial Pipeline paid $4.4 million in ransom following the attack, although the Department of Justice (DOJ) was able to recover $2.3 million of that payment  by seizing the crypto wallet used by the attackers. A payment of $4.4 million because of one single compromised password.

What is worse is that the account the password was connected to was not an active account, but could still be used to access the network. I am surmising, but this usually happens when someone leaves the company and the account and access is not terminated. The initial user may have used the password across platforms, the password was compromised and obtained by DarkSide on the dark web, and presto!, they can go into Colonial’s system with the valid password undetected.

We constantly are told how important passwords are. I like to use long passphrases. We are told not to use the same passwords across platforms. We are told not to use passwords that are related to anything we post on social media or online platforms. We are told all of this for a reason. Because one compromised password can cause a gas shortage, a meat shortage, contaminated water, millions of dollars paid in ransom, and disruption to our lives. Do your part and focus on password management for yourself personally, as well as for your employer.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 161
Advertisement
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement