The Irish Data Protection Commission has issued guidance on data breach notification under GDPR. Attorneys at Fox Rothschild have prepared a summary that begins: Key takeaways: A personal data breach is a security incident that negatively impacts the confidentiality, integrity, or availability of personal data, with the consequence that the controller is unable to ensure…
Category: Commentaries and Analyses
Senator Demands Review of How DHS Shares PII With Contractors
Akshaya Asokan reports: Sen. Maggie Hasan, D-N.H. is demanding that the U.S. Government Accountability Office review how the Department of Homeland Security shares personal data with third parties following several recent security incidents in which such information was exposed. In an Oct. 23 letter to the GAO, Hassan writes that recent “troubling” security incidents connected to…
Toronto needs to beef up cybersecurity to avoid ‘devastating’ data breach: auditor general
Lauren Pelley reports: Toronto’s auditor general is pushing the city to beef up cybersecurity to avoid a “devastating” data breach. In a report heading to council’s audit committee on Friday, Beverly Romeo-Beehler says the city needs to “strengthen” information technology and security controls, adding little has been done since she brought forward similar concerns three years ago….
NYS Comptroller releases IT audit of True North Rochester Preparatory Charter School
One day, I’ll read an IT audit from NYS Comptroller DiNapoli and will smile at the good report. Today is not that day, however. The following is a summary of the audit of of True North Rochester Preparatory Charter School. According to the state, “the School’s IT network and assets are managed by an IT…
Does improved infosec lead to delayed care and more fatal heart attacks in hospitals?
Nsikan Akpan has a report on PBS that is worth reading, especially now that I’ve gotten rid of their headline that I really really really didn’t think was accurate. Apkan starts by reminding us all how a ransomware attack on a hospital could have life-threatening consequences. But the main point of his piece is to…
A DDoS gang is extorting businesses posing as Russian government hackers
File this one under “Ooh, that’s clever!” Catalin Cimpanu reports. For the past week, a group of criminals has been launching DDoS attacks against companies in the financial sector and demanding ransom payments while posing as “Fancy Bear,” the infamous hacking group associated with the Russian government, known for hacking the White House in 2014…