Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

House Passes Identity Theft & Restitution Act

Senate to consider bill that addresses data theft, use of keyloggers and spyware

After years of trying, it appears that Congress is close to finally passing a bill that would update and strengthen laws surrounding data and identity theft.

The new Identity Theft and Restitution Act was sponsored by Rep. Patrick Leahy (D-Vt.) and Rep. Arlen Specter (R-Penn.) and passed the House of Representatives late on Monday night.

Among other provisions, the new bill would:

  • Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft.

  • Make it a crime to threaten to steal or release information from a computer. Current law only permits the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer. Violators of this provision are subject to a criminal fine and up to five years in prison.

  • Make it a felony to employ spyware or keyloggers to damage 10 or more computers regardless of the aggregate amount of damage caused, ensuring that the most egregious identity thieves will not escape with a minimal, or no, sentence.

  • Eliminate the requirement that damage to a victim’s computer exceed $5,000 before charges can be brought for unauthorized access to a computer. The provision protects innocent actors while punishing violations resulting in less than $5,000 in damage as misdemeanors.

  • Enable prosecution of those who steal personal information from a computer even when the victim’s computer is located in the same state as the thief’s computer. Under current law, federal courts only have jurisdiction if the thief uses an interstate communication to access the victim’s computer.

  • Add the remedies of civil and criminal forfeiture to the arsenal of tools available to federal prosecutors to combat cyber crime, and mandate that the U.S. Sentencing Commission review and update its guidelines for identity theft and other cyber crime offenses.

    The measure now moves to the Senate.

    — Tim Wilson, Site Editor, Dark Reading

    Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 10/30/2020
    6 Ways Passwords Fail Basic Security Tests
    Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
    'Act of War' Clause Could Nix Cyber Insurance Payouts
    Robert Lemos, Contributing Writer,  10/29/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    How to Measure and Reduce Cybersecurity Risk in Your Organization
    In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-27652
    PUBLISHED: 2020-10-29
    Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
    CVE-2020-27653
    PUBLISHED: 2020-10-29
    Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
    CVE-2020-27654
    PUBLISHED: 2020-10-29
    Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
    CVE-2020-27655
    PUBLISHED: 2020-10-29
    Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
    CVE-2020-27656
    PUBLISHED: 2020-10-29
    Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.