Andrew Hoffman writes: California Governor Jerry Brown signed into law an amendment to California’s data breach notification law on Monday. Although at least one news outlet has reported that the law requires a company to offer credit monitoring services, this interpretation is misguided. Rather, the law only places restrictions on certain companies if they choose to offer identity theft prevention and…
Month: October 2014
Cedars-Sinai revises breach estimate in stolen laptop case; over 33,000 patients impacted
Cedars-Sinai has updated its breach disclosure to indicate that 33, 136 patients had protected health information on a laptop stolen from an employee’s home this summer. Read more on Los Angeles Times.
Over 90 million hacker attacks registered in Russian Internet since 2010
TASS reports: More than 90 million hacker attacks have been registered in the Russian segment of the Internet since 2010, Secretary of the Russian Security Council Nikolay Patrushev said on Wednesday. “There have been 57 million attacks since 2014 and approximately 90 million attacks since 2010,” Patrushev told journalists. Russia’s Security Council did not discuss nationalization…
Hacked security plugin firm stored customer passwords in plaintext. Seriously?
Graham Cluley writes: … from time to time, firms find themselves in the position of admitting that they have messed up massively with potentially disastrous consequences for their business and their innocent customers. What makes it even worse, however, is when the company that has fallen woefully short really should have known better. One such company which…
UK: Northmavine parents lodge SIC privacy complaint
Neil Riddell reports: Parents in Northmavine have lodged a formal complaint about what they describe as a “blatant breach” of data protection during a school closure consultation, and are calling on Shetland Islands Council to “ensure our privacy is taken seriously”. Last week the local authority issued an apology after personal details relating to “a small number of…
California strengthens breach notification and mitigation requirements (update 1)
The wait is over. Governor Jerry Brown signed AB1710 into law yesterday. The law not only requires “reasonable security procedures and practices appropriate to the nature of the [personal] information” a business owns, licenses, or maintains, but it also requires identity theft protection and mitigation services under some conditions. If notification of a breach is required,…