Swati Khandelwal writes that when MLT (@ret2libc on Twitter) responsibly notified eBay of a bug that would allow the theft of eBay users’ passwords via phishing, eBay ignored the problem – until the media came knocking for a statement. Read more on The Hacker News and read MLT’s blog post about the eBay flaw.
Category: Commentaries and Analyses
Privacy Class Actions are on the Rise in Canada
Ira Nishisato and Éloïse Gratton of Borden Ladner Gervais LLP write: There is a new trend in Canada towards privacy class actions being launched following a cybersecurity breach or an improper disclosure of personal information. Indeed, privacy class actions triggered by data breaches are growing in popularity in Canada, with between twenty and thirty privacy…
Texas Broadens Unauthorized Access of Computer Law to Specifically Address Insider Misuse
Shawn E. Tuma writes that Texas just amended its unauthorized access of computers law to specifically address misuse by insiders. Here’s a snippet from his detailed post: Nothing was removed from the prior version of the law; the following language in blue italics was added as Section 33.02 (b-1)(2) of the Texas Penal Code: It is a crime for a…
U.S. Education Dept. ripe for breach more devastating than OPM’s
Teri Robinson reports: The Department of Education is primed for a large data breach that could eclipse the one experienced by the Office of Personnel and Management (OPM), House Oversight Committee Chairman Jason Chaffetz (R-Utah) said last week at a Brookings Institute function. With its rich set of data, including 139 million Social Security numbers and information…
Databases with voter information and the “database of ruin”
DataBreaches.net recently reported on two inadequately secured MongoDB databases that exposed voters’ information. The public’s reaction to these two incidents illustrated how little the majority of the public knows about what’s in a voter registration list and how such records are viewed by states. But the incidents also raise important questions as to whether existing laws provide adequate protection…
UK’s Information Commissioner repeats call for stronger sentences for data thieves
In the wake of another ridiculously light penalty for data theft, U.K.’s Information Commissioner, Christopher Graham, has repeated his call for stronger penalties. The comments come as an employee of a car rental company was sentenced for stealing customer information that accident claims companies could use to make nuisance calls. Sindy Nagra, 42, from Hayes, sold almost 28,000…