UIL Holdings in Connecticut is notifying customers of a breach involving one of their vendors. The contractor is not named in their notification letter of September 30, which begins: We are writing to inform you of an incident that involved your personal information. On or about September 13, 2014, a thief stole a laptop computer…
Month: October 2014
AT&T notifying customers of insider breach
AT&T is notifying customers after discovering that a rogue employee was accessing customer information improperly. The employee, who has since had their employment terminated, would have been able to access customers’ name, account information, including SSN and driver’s license number, and CPNI (Customer Proprietary Network Information). From the wording of the notification letter, it sounds as…
Hackers use Reddit to hijack 17,000 Apple computers (see update)
Sophie Curtis reports: Hackers are reportedly exploiting a flaw in Apple’s desktop operating system, Mac OS X, to take remote control of thousands of Apple computers around the world. Researchers at Russian antivirus company Dr Web said in a report that more than 17,000 Macs – 1,227 of which are in the UK – have been infected…
McCordsville teen among four accused in international computer hacking ring
WTHR reports: A McCordsville teenager is named as one of four gamers charged by a federal grand jury in a computer hacking operation. The four are accused of breaking into the networks of well-known tech companies – including Microsoft Corporation, Epic Games Inc., Valve Corporation, Zombie Studios – as well as the U.S. Army and stealing…
California’s Latest Amendments to Its Data Security Breach Notification Law – Much Ado about Nothing?
Tanya Forsheit and M. Scott Koller of BakerHostetler have a good write-up of the new provisions in California law and how the language of AB 1710 has led to some confusion as to whether California now requires breached entities to offer free credit monitoring protection for 12 months if certain types of personal information are…
On Accuracy in Cybersecurity
Derek Bambauer writes: I have a new article on how to address questions of accuracy in cybersecurity up on SSRN. It’s titled Schrödinger’s Cybersecurity; here’s the abstract: Both law and cybersecurity prize accuracy. Cyberattacks, such as Stuxnet, demonstrate the risks of inaccurate data. An attack can trick computer programs into making changes to information that are…