Kristin J. Mathews writes: In a draft research paper titled “Empirical Analysis of Data Breach Litigation”, three prominent scholars have collected and analyzed a sample of over 230 federal data breach lawsuits in order to deduce just what makes them tick. Romanosky, Hoffman and Acquisti examined, for example, what factual and legal characteristics made a company more likely to be…
Author: Dissent
Outsider Hacks Dominated 2011 Security Breaches
Kelly Jackson Higgins reports from RSA: More than 85% of the data breach incident response cases investigated by Verizon Business last year originated from a hack, and more than 90% of them came from the outside rather than via a malicious insider or business partner. Tuesday, Verizon published a snapshot of data from its upcoming…
UK: One member of staff sacked and another reprimanded after data breaches at Northampton General Hospital
Nick Spoors reports: One member of staff was sacked and another severely reprimanded for accessing details of Northampton General Hospital patients they were not treating, a new report reveals. The report on data breaches at NGH in 2011, said measures were now in place to guard against information falling into the wrong hands, but warned…
UK: ICO reveals four new undertakings following data breaches
From the ICO: Durham University breached the Data Protection Act after disclosing personal information in training materials published on its website, the Information Commissioner’s Office (ICO) said today. The personal data was contained in screenshots used to demonstrate the use of particular University systems and included details such as names, addresses and dates of birth…
Redhack hits Ankara police website
Another law enforcement site, this one in Turkey, hit. ANF reports: The website of the police headquarter in Ankara has been hacked by Redhack in the organization of ‘AntiSec’ formation. Panicked after the attack,the police shut down all their servers, writes the Redhack site, but they could not prevent Redhack from getting the files. Explaining…
Another week, another round of Congressional questions and posturing?
How many data breach investigations can one Congress initiate without actually doing anything? What is the point of asking Grindr questions about its security? Hasn’t Congress heard enough by now to know that most companies and apps do not implement adequate security despite what they say on their sites? What, if anything, does Congress intend…