Every state in the U.S. has data breach notification laws. In Delaware, for example, if a breach requires a certain number of residents to be notified, the organization must also provide notice to the attorney general. Some states require organizations to provide credit monitoring services to those affected by a breach of financial data.

“Curiosity killed the cat,” goes the old warning about being too inquisitive. An unusual new mobile phone phishing scam is apparently counting on victims to be a little too curious for their own good.

Cybercrime has always represented an existential threat to businesses — many companies go out of business within six months after a data breach. Following a record year for ransomware and other cyberattacks, organizations worldwide are reassessing their cybersecurity plans, priorities and budgets.

The notorious SolarWinds hack that compromised more than 30,000 public and private organizations in 2020 was the “most sophisticated attack the world has ever seen,” according to Microsoft President Brad Smith. However, there was nothing sophisticated about the flaw that allowed the attack — a weak password (solarwinds123) that exposed the company’s update server.