Zeljka Zorz reports: If your employees are using Google Groups to discuss issues and ideas, you might want to check whether the sharing setting for these groups is set to “Private”. According to RedLock researchers, many companies fail to do so, most probably by accident, and end up exposing messages containing sensitive information on the…
Category: Commentaries and Analyses
Microsoft opens up a new front in the battle against Fancy Bear
John E. Dunn reports: Can anyone – or anything – take on well-resourced nation state hacking groups? Protected by anonymity and plausible deniability, conventional wisdom says not, but conventional wisdom ignores a company like Microsoft wielding a secret weapon with the power to hinder even the cleverest hacking group: lawyers. This, it has emerged, is…
Stick with Security: FTC to Provide Additional Insights on Reasonable Data Security Practices
From the Federal Trade Commission: As part of its ongoing efforts to help businesses ensure they are taking reasonable steps to protect and secure consumer data, the Federal Trade Commission is publishing a series of blog posts using hypothetical examples based on lessons from closed investigations, FTC law enforcement actions, and questions from businesses. These…
D.C. District Court Expands Government Contractors’ Exposure to Consumer Data Breach Class Actions
Michael Breslin, Christian Henel, Jon Neiditz, and Gunjan Talati of Kilpatrick Townsend & Stockton LLP write: The United States District Court for the District of Columbia recently endorsed private citizens bringing data breach claims directly against a government contractor where the contractor failed adequately to safeguard the citizens’ personal information. In McDowell v. CGI Federal…
U.S. Dept. Of Education Encourages Indiana To Improve Data Security
Claire McInerny reports: The U.S. Department of Education (USED) sent a letter to Superintendent Jennifer McCormick this month outlining problems with the Indiana Department of Education’s security around student data. The state receives grant money from USED for implementing security systems, which opened the state up to an audit. According to the USED letter, the audit’s “objective…
Vendor Breached Your Company Data? Sorry, You’re Still Liable
Rhys Dipshan writes: Call it the summer of vendor security mishaps. In June, a data firm hired by the Republican National Committee inadvertently exposed the personal information of almost 200 million American voters by misconfiguring an Amazon cloud server. A month later, Verizon’s customer service vendor NICE Systems made the same mistake and exposed data…