Jack Moore reports: After a wildfire tears through your community, the last thing you may be worried about is having your identity stolen or your personal information breached. But maybe you should be. A new inspector general report finds the Federal Emergency Management Agency still struggles to properly handle the safeguarding of personally identifiable information,…
Category: Commentaries and Analyses
How Hired Hackers Got “Complete Control” Of Palantir
William Alden reports: Palantir Technologies has cultivated a reputation as perhaps the most formidable data analysis firm in Silicon Valley, doing secretive work for defense and intelligence agencies as well as Wall Street giants. But when Palantir hired professional hackers to test the security of its own information systems late last year, the hackers found…
Screwing up the basics of incident response, Friday edition
For today’s object lesson (and maybe abject lesson), I give you FIS Global and Guaranty Bank and Trust. I’ve written up the incident in more detail over on the Daily Dot, but the short version is a hacker (@1×0123) found a vulnerability in FIS Global’s client portal login and tweeted about it. FIS didn’t respond to him directly. Instead, they…
Computer Crash Wipes Out Years of Air Force Investigation Records
Marcus Weisgerber reports: The U.S. Air Force has lost records concerning 100,000 investigations into everything from workplace disputes to fraud. A database that hosts files from the Air Force’s inspector general and legislative liaison divisions became corrupted last month, destroying data created between 2004 and now, service officials said. Neither the Air Force nor Lockheed Martin, the defense…
Boards ready to fire over bad security reporting
Maria Korolov reports: If CISOs don’t do a good job of communicating, 59 percent of board members said that the security executives stand to lose their jobs, according to a new survey released today. “If they’re not up to par in the minds of the board, there will be action taken,” said Ryan Stolte, co-founder and…
Tennessee Breach-Notification Law Indicative of Data-Security Regulators’ Lack of Creativity
David Zetoony of Bryan Cave writes: There is no shortage of data-privacy and security laws in the United States. By our count there are now about 300 state and federal statutes. They include breach-notification laws, data-disposal laws, data-safeguard laws, payment card information-protection laws … the list goes on and on. Many of these laws, and…