Liarna LaPorta of Wandera reports: Wandera’s threat research team has discovered a vulnerability affecting a number of airline e-ticketing systems that can expose passengers’ personally identifiable information (PII). This vulnerability can expose passenger data by using links that are easily intercepted by hackers. The intercepted and unencrypted links enable unauthorized third parties to view, and…
Category: Commentaries and Analyses
Schools Suffered at Least 122 Cybersecurity Incidents Last Year
Benjamin Herrold reports: The nation’s K-12 schools experienced 122 publicly reported cybersecurity incidents in 2018, more than half of which were caused or carried out by staff or students, and nearly 60 percent resulted in students’ personal data being compromised. And that’s likely just the tip of the iceberg, according to a report released Thursday by…
Cybersecurity for small business: Email authentication
Andrew Smith, Director, FTC Bureau of Consumer Protection, writes: As a business person, you know about phishing, of course. At first glance, the email looks like it comes from a recognized company, complete with a familiar logo, slogan, and URL. But it’s really from a cyber crook trying to con consumers out of account numbers,…
Stolen Credit Card Data from City Parking Systems Sold on the Dark Web
Bruno reports: The hackers of the city parking fine system in Saint John, Canada have been selling sensitive data on the dark web for over a year. The security breach in the system was not spotted for 15 months after the initial attack, which ultimately allowed the hackers to gain personal information and credit card…
Insurance Data Security Model Law Picks Up Steam
Andreas Kaltsounis and Shea M. Leitch of BakerHostetler write: Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance…
Danish Data Authority registers 2,780 privacy breach cases in last 7 months of 2018
Some Danish breach statistics, as seen at Telecompaper: The Danish Data Authority said 2,780 incidents of privacy breaches were reported to it from 25 May, when reporting such breaches became mandatory, and the end of 2018. It said approximately two thirds of these cases concerned information sent to the wrong recipient. Four out of five…