Back in March, I blogged about the question as to whether a ransomware attack needed to be reported to HHS as a HIPAA breach. In that post, I quoted an HHS spokesperson who informed DataBreaches.net that a ransomware situation was an impermissible disclosure (because the attacker had access to the data even if the data weren’t…
Category: Commentaries and Analyses
Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data – GAO
From a new GAO report: The Securities and Exchange Commission (SEC) improved its information security by addressing weaknesses previously identified by GAO, including separating the user production network from the internal management network. However, weaknesses continue to limit the effectiveness of other security controls. In particular: While SEC had issued policies and implemented controls based…
Amazon denies Movimiento Cuidadano’s claim that they were “hacked”
DataBreaches.net is not alone in being outraged that in response to a massive data leak that put the information of 87 million Mexican voters at risk, Movimiento Ciudadano appears to be falsely claiming that the voter data list they stored on Amazon cloud was “hacked.” The political party has been repeating that false claim on Twitter and in…
Movimiento Ciudadano admits it was their copy of the Mexican voter list on AWS, tries to deflect blame to researcher
A reader kindly informed me that Movimiento Ciudadano, one of the political parties that had legitimate access to Mexico’s voter data list, has admitted it was responsible for the leak on Amazon. Except that as I read more, I realized they weren’t really admitting they were responsible for the leak. I’ve been trying to read/translate a number…
Retailers battle financial sector over lame data breach legislation that they think is too strong?
Cory Bennett reports: Retailers on Tuesday doubled down on their opposition to a data breach notification bill favored by financial firms. The Retail Industry Leaders Association (RILA), one of the sector’s largest trade groups, argued in a letter to House leadership that the measure would be unfair to large swaths of the economy. The bill,…
Verizon’s 2016 Data Breach Investigations Report finds criminals continue to exploit human nature
Cybercriminals are continuing to exploit human nature as they rely on familiar attack patterns such as phishing, and increase their reliance on ransomware, where data is encrypted and a ransom is demanded, finds the Verizon 2016 Data Breach Investigations Report. This year’s report highlights repeating themes from prior year’s findings and storylines that continue to…