Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

House Passes Identity Theft & Restitution Act

Senate to consider bill that addresses data theft, use of keyloggers and spyware

After years of trying, it appears that Congress is close to finally passing a bill that would update and strengthen laws surrounding data and identity theft.

The new Identity Theft and Restitution Act was sponsored by Rep. Patrick Leahy (D-Vt.) and Rep. Arlen Specter (R-Penn.) and passed the House of Representatives late on Monday night.

Among other provisions, the new bill would:

  • Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft.

  • Make it a crime to threaten to steal or release information from a computer. Current law only permits the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer. Violators of this provision are subject to a criminal fine and up to five years in prison.

  • Make it a felony to employ spyware or keyloggers to damage 10 or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence.

  • Eliminate the requirement that damage to a victim’s computer exceed $5,000 before charges can be brought for unauthorized access to a computer. The provision protects innocent actors while punishing violations resulting in less than $5,000 in damage as misdemeanors.

  • Enable prosecution of those who steal personal information from a computer even when the victim’s computer is located in the same state as the thief’s computer. Under current law, federal courts only have jurisdiction if the thief uses an interstate communication to access the victim’s computer.

  • Add the remedies of civil and criminal forfeiture to the arsenal of tools available to federal prosecutors to combat cyber crime, and mandate that the U.S. Sentencing Commission review and update its guidelines for identity theft and other cyber crime offenses.

    The measure now moves to the Senate.

    — Tim Wilson, Site Editor, Dark Reading

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/9/2020
    Introducing 'Secure Access Service Edge'
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
    Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
    Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15001
    PUBLISHED: 2020-07-09
    An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when u...
    CVE-2020-15092
    PUBLISHED: 2020-07-09
    In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most T...
    CVE-2020-15093
    PUBLISHED: 2020-07-09
    The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A ...
    CVE-2020-15299
    PUBLISHED: 2020-07-09
    A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is execu...
    CVE-2020-4173
    PUBLISHED: 2020-07-09
    IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure l...