A number of commenters on this blog have raised concerns about giving their identity information to a firm that has been contracted to provide identity theft protection in the wake of a breach. The recurring theme is, “Why should I trust yet more people with my SSN?” And for how long will that firm retain…
Category: Commentaries and Analyses
GDPR: potential fines for data security breaches more severe for data controllers than processors, says expert
Have I mentioned recently how much I appreciate columns or posts by lawyers that help educate us non-lawyers? A post in Out-Law.com points out something that is significant for those involved in IT security or advising clients: One of the many changes that the new Regulation will deliver when it comes into force on 25 May 2018 is…
FTC To Study Mobile Device Industry’s Security Update Practices
In order to gain a better understanding of security in the mobile ecosystem, the Federal Trade Commission has issued orders to eight mobile device manufacturers requiring them to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices. The eight companies receiving orders from the FTC…
The Scariest Hack So Far
Jane Brown of Lane Powell PC writes that hackers have upped the ante from the “good old days:” …. A case with espionage, extortion and pseudonyms is a sign of things to come. Wire Swiss GmbH (Wire Swiss) is currently seeking a declaratory judgment and alleges civil extortion against its competitor, Quiet Riddle Ventures…
UK: Employers vicariously liable for data breaches caused by rogue employees
Tim Hickman and Stephen Ravenscroft of White & Case LLP write: In April 2016, the High Court of England and Wales issued its judgment in Axon v Ministry of Defence [2016] EWHC 787 (QB). The court emphasised (albeit obiter) the fact that employers can be liable for data breaches caused by rogue employees (in the present case,…
I never meant harm, says student who hacked Canada Revenue to show vulnerability to Heartbleed virus
There’s an update to the hack of the Canada Revenue Agency, first disclosed in April 2014 and the young man who was charged in the case. Jane Sims reports: A student computer whiz who stole 900 social insurance numbers from the files of the Canada Revenue Agency to demonstrate its online vulnerability pleaded guilty and apologized on…