Nathaniel A. Raymond, Daniel P. Scarnecchia, and Stuart R. Campo write: The news that a platform used by at least 11 major operational NGOs and UN agencies may be relatively easy to breach, potentially exposing the personal, location, and demographic data of tens of thousands of highly vulnerable people, is deeply disturbing but not surprising….
Category: Commentaries and Analyses
Superseding indictment filed in Justin Shafer case
As anticipated, federal prosecutors have filed a superseding indictment in their case against dental integrator and vulnerability researcher Justin Shafer. For those in a rush, the TL;DR version is that they have basically transformed a bullshit two-count indictment into a bullshit three-count indictment. [For the benefit of law enforcement in Texas, that preceding sentence is…
When Employees Go Rogue: Are Employers Vicariously Liable for the Privacy Breaches of Their Employees?
Sara D.N. Babich of McCarthy Tétrault LLP has a commentary on employer liability for employee wrongdoing under Canadian law. Her analysis includes discussion of the recent UK decision in the Morrisons data breach case. Here’s how Babich’s article begins: Although there has not yet been a definitive answer to this question in Canada, based on recent…
Inside the Stanford Breach: Sexual Assault, Disciplinary and Financial Data Exposed
A series of cybersecurity vulnerabilities at Stanford University exposed thousands of sensitive files containing details of sexual assault investigations, disciplinary actions and more. The details of what happened—and why it should be an object lesson for higher education. A special three-part blog series. Craig A. Newman of Patterson Belknap writes: Part 1 In three separate…
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Dawn Kawamoto reports: An attack on a single IV infusion pump or digital smart pen can be leveraged to a widespread breach that exposes patient records, according to a Spirent SecurityLabs researcher. Saurabh Harit, managing consultant with Spirent, will present his findings on flaws in IV infusion pumps and digital smart pens at Black Hat…
Poor incident response? Bad PR, Monday edition
If you can’t prevent a breach, can’t you at least fake genuine concern? You know, the “At <blahblahblah>, we take your privacy and security very seriously” bit? Mark Flamme reports on a Key Bank breach where the bank’s response to notification of a problem is at least as problematic as the breach itself. After a…