As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product helps organizations manage their networks, servers and networked devices. The product is not only used by government agencies, but is widely used in both the public and private sectors. Whether or not you are one of the impacted customers, the SolarWinds attack is a reminder of the importance of conducting incident response and risk assessments under privilege whenever possible, performing due diligence before engaging vendors, and implementing procedures to minimize information disclosed to or accessed by vendors.

Read the full post on Proskauer’s Privacy Law blog.

Tags: computer hacking, cyber-attacks, cybersecurity, data breach, Dual-Purpose Risk Assessments, FRCP 26(b)(4)(D), incident response, malware, NSA’s Cybersecurity Advisories & Technical Guidance, Orion, Risk Assessment, SolarWinds, Vendor Supply Chain Attack