Biden Administration Wants to Require Businesses to Disclose Ransomware Attacks

WASHINGTON - The Biden administration is throwing its support behind congressional legislation that would require companies to report major data breaches by hackers, including the ransomware attacks that are increasingly targeting U.S. critical infrastructure.

"The administration strongly supports congressional action to require victim companies to report significant breaches, including ransomware attacks," Richard Downing, a deputy assistant attorney general at the U.S. Department of Justice, told members of the Senate Judiciary Committee on Tuesday. "In particular, such legislation should require covered entities to notify the federal government about ransomware attacks, cyber incidents that affect critical infrastructure entities, and other breaches that implicate heightened risks to the government, the public or third parties," Downing said. The announcement came as members of Congress are advancing more than a dozen bills in response to a recent escalation in ransomware attacks, while the administration has taken a whole-of-government approach to respond to what it sees as a public safety, economic and national security threat.