Macon-Bibb County officials said Tuesday that they have fixed a website security breach that exposed potentially thousands of people’s personal information, including Social Security numbers, drivers licenses, and birth certificates. The security breach appears to be contained to people who have applied for jobs with the government going back about four years, according to a…
Category: U.S.
Federal court denies Wyndham Hotels & Resorts’ motion to dismiss FTC’s complaint
Ashkan Soltani has uploaded an important ruling in FTC v. Wyndham, a case discussed many times on this blog. The short version of the ruling is that Wyndham went 0 for 3 on its challenges to the FTC’s authority to enforce data security under the FTC Act, to enforce data security in the absence of regulations that…
Neiman Marcus Data Breach Said Work of Russians Who Eluded U.S.
Michael Riley reports: Hackers who raided the credit-card payment system of Neiman Marcus Group Ltd. belong to a sophisticated Russian syndicate that has stolen more than 160 million credit-card numbers from retailers over seven years, according to people with knowledge of the matter. The Russian group is well known to U.S. authorities, who have indicted…
IL: New teacher licensing system full of glitches, hitches
Diane Rado reports: Just hours after the state launched a new, multimillion-dollar teacher licensing system last year, an educator logging in was shocked to find a serious security breach. “I discovered that by doing a public search using any educator’s name, ALL of our personal information is available to everyone. This is alarming!” the educator…
Is delaying notification for law enforcement purposes ever unreasonable?
Over on Security Bistro, Linda Musthaler discusses the recently disclosed Spec’s breach and the fact that Spec’s knew about the breach but was asked not to disclose it by law enforcement. We’ve seen this many times – delays in notification so as not to interfere with a law enforcement investigation. But should there be some…
Federal court ruling in Carnegie Strategic Design Engineers v. Cloherty applies narrow interpretation of CFAA
Robert R. Baron, Jr., David S. Fryman, Corinne Militello, and Philip N. Yannella of Ballard Spahr write: A Pennsylvania federal magistrate judge has tossed an employer’s claims under the Computer Fraud and Abuse Act (CFAA), holding that the CFAA does not extend to punish employees for the misuse of information that was accessed with permission….