Troy Hunt writes: It’s a bit hard to even know where to begin with this one, perhaps at the start and then I’ll try and piece all the bits together as best I can. As you may already know if you’re familiar with this blog, I run the service Have I been pwned? (HIBP) which…
Category: Commentaries and Analyses
TalkTalk requiring upset customers pay contract termination fee after data breach
From the if-they-have-a-PR-firm-are-they-even-listening-to-them dept: TalkTalk is becoming the poster child for poor PR and how NOT to respond after a data breach. In today’s installment, the BBC reports that the firm will only waive contract termination fees if the customer has had money stolen from them. “In the unlikely event that money is stolen from…
UK: ICO confirms issue of data breach compensation a matter for consumers to pursue with companies or via the courts
From Out-Law.com: The Information Commissioner’s Office (ICO) in the UK cannot force companies to pay compensation to consumers affected by a data breach, the watchdog has confirmed. On Monday, the UK’s culture minister Ed Vaizey told MPs in the House of Commons that it would be “a matter for the Information Commissioner’s Office and TalkTalk to decide…
Target Court Upholds Attorney-Client Privilege in Cyber Investigations
Stuart Altman and Michelle Kisloff write: In a decision issued late last Friday, the United States District Court for the District of Minnesota rejected an effort by class action Plaintiffs to access materials created in the course of Target’s investigation of its 2013 payment card breach that Target claimed were protected by the attorney-client privilege and…
Hacking cars in the style of Stuxnet
Hacking cars in the style of Stuxnet András Szijj1, Levente Buttyán1, Zsolt Szalay2 1 CrySyS Lab, Department of Networked Systems and Service 2 Department of Automobiles and Vehicle Manufacturing Budapest University of Technology and Economics Overheads at http://www.hit.bme.hu/~buttyan/publications/carhacking-Hacktivity-2015.pdf
UK: Experian rules out GOV.UK Verify changes after T-mobile data breach
Neil Merrett reports: Experian has opted against making any immediate changes to the service it offers as a contracted identity provider for GOV.UK Verify following an unrelated data breach last month of one of its servers that contained some identifying information of T-Mobile customers in the US. Experian is among five companies currently accredited to…