From the Information Commissioner’s Office, an interesting report with data for Q1 of 2016/17 by sector and attack type. Not surprisingly, the greatest number of breaches were reported by the healthcare sector: Analysis of the types of health data security incidents revealed that the most common sources were errors involving paper records, such as mailing or faxing errors,…
Category: Commentaries and Analyses
Watchdog: IRS failed to notify over 1M people of identity theft
Naomi Jagoda reports: The Internal Revenue Service identified close to 1.1 million taxpayers who were victims of employment-related identity theft from 2011 through 2015, but almost none of the victims were informed, a Treasury Department watchdog found in a report made public this week. “Employment-related identity theft can cause significant burden to taxpayers, including the…
Study finds flaws in MedSec’s criticism of St. Jude cyber security
Ransdell Pierson reports: University of Michigan researchers on Tuesday said their own experiments undermine recent allegations of security flaws in St. Jude Medical Inc’s pacemakers and other implantable medical devices. Shares of St. Jude fell 5 percent on Thursday after short-selling firm Muddy Waters and its business partner, cyber security company MedSec Holdings Inc, alleged…
FBI’s Comey: Businesses need to tell us if they’ve been breached
Chris Bing reports: FBI Director James Comey wants to see private businesses report data breach incidents and other detected cyber intrusions directly to the Bureau more than they are already doing so. […] The FBI director explained that the Bureau’s strategy to increase cooperation will center on four missions: partner outreach and education, establishing trusted relationships, working to minimize…
Mass download of Poles’ personal data sparks fears
PAP reports: Downloading personal data from the national identification number (PESEL) database is well within the rights of bailiff offices, as a way of verifying if they are targeting the right person. But the sheer amount of downloads has raised concerns that the data may have been used for purposes other than intended. For example,…
The number of Texas companies held accountable for data breaches?
Shawn Shinneman reports: The Office of the Attorney General hasn’t disciplined a single Texas company for failing to notify customers of a data breach – and records show it is only directly notified of a small portion of the incidents, the Dallas Business Journal has learned. The issue could stem from the way Texas’ cybersecurity…