Commentaries and Analyses – Page 524

House Draft Data Security Bill Preempts Stronger State Safeguards

Posted on February 17, 2018 by Dissent

From EPIC.org: Rep. Luetkemeyer (R-MO) and Rep. Maloney (D-NY) circulated a draft bill, the “Data Acquisition and Technology Accountability and Security Act,” that would set federal requirements for companies collecting personal data and require prompt breach notification. The Federal Trade Commission, which has often failed to pursue important data breach cases, and state Attorneys General…

‘BuckHacker’ Search Engine Lets You Easily Dig Through Exposed Amazon Servers

Posted on February 16, 2018 by Dissent

Joseph Cox reports: Contractors, governments, and telecom giants have all previously left data on exposed Amazon Web Services (AWS) servers, meaning anyone can access them without a username or password. Now, a search engine makes combing through leaky AWS datasets that much easier. Think of it as a barebones Google, but for info that the…

UK and US blame Russia for ‘malicious’ NotPetya cyber-attack

Posted on February 15, 2018 by Dissent

BBC reports: The Russian military was directly behind a “malicious” cyber-attack on Ukraine that spread globally last year, the US and Britain have said. The White House said June’s NotPetya ransomware attack caused billions of dollars in damage across Europe, Asia, and the Americas. UK Defence Secretary Gavin Williamson said Russia was “ripping up the…

Hack the Air Force 2.0 uncovers over 100 vulnerabilities

Posted on February 15, 2018 by Dissent

Charlie Osborne reports: The second Hack the Air Force bug bounty challenge, Hack the Air Force 2.0, has resulted in 106 vulnerabilities being reported and fixed. On Thursday, bug bounty platform HackerOne revealed that the 20-day competition to find vulnerabilities in federal systems resulted in $103,883 in payouts, bringing the total amount of financial rewards…

Consequences for HIPAA violations don’t stop when a business closes

Posted on February 13, 2018 by Dissent

There’s a new settlement announcement from HHS OCR that makes clear that even if an entity closes its doors, any HIPAA enforcement action continues: A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the U.S. Department of Health and Human Services (HHS) Office…

UK: ICO releases Q3 data security incident trends

Posted on February 13, 2018 by Dissent

The Information Commissioner’s Office has released Q3 statistics on data protection incidents reported to their office. Not surprisingly, reports were up. Some of their key statistics: Central government sector reports rose by 178% from Q2 (from 9 to 25). Incidents involving a failure to redact data increased from 1 to 11. Education sector incidents rose by…