Paul Woolverton reports: Retired Army Maj. Veronica Carter is furious with the USAA. She says the financial services company failed to warn her when an identity thief or thieves called three times over the past month to try to persuade a customer service representative to withdraw money from her account. On Oct. 6, someone made…
Category: Commentaries and Analyses
X-Ray Scans Expose an Ingenious Chip-and-Pin Card Hack
Andy Greenberg reports: In a so-called “chip-and-PIN” system, a would-be thief has to both steal a victim’s chip-enabled card and be able to enter the victim’s PIN. But French forensics researchers have dissected a real-world case in which criminals outsmarted that system with a seamless chip-switching trick—and pulled off the feat with a slip of plastic…
Years of poor network security at State predated a hack linked to Russia
Ken Dilanian of AP reports: The State Department was among the worst agencies in the federal government at protecting its computer networks while Hillary Rodham Clinton was secretary from 2009 to 2013, a situation that continued to deteriorate as John Kerry took office and Russian hackers breached the department’s email system, according to independent audits…
Disclosing a breach? Coordinate it with release of good news – study
Christopher Escobedo Hart writes that a well-handled breach can actually improve a company’s bottom line. A recent study goes a step further, suggesting that if handled well a data breach can actually help the bottom line. This counter-intuitive conclusion, conducted by Sebastian Gay at the University of Chicago, is based on data from breaches occurring between 2005-2014. …
Threat of Data-Privacy Litigation Fuels District Insurance Purchases
Malia Herman reports: .. It’s unclear how many districts have purchased cyberpolicies. Laubmeier said Aon covers several districts but declined to say exactly how many. “We are seeing a very large uptick in the number of school districts that have inquired about the possibility of cyberinsurance,” he said. Mr. Gambale also declined to say how many…
Atlassian’s tips for effective breach disclosure
Andrew Sadauskas reports: In the immediate aftermath of a security breach, companies should ensure they don’t use weasel words and have in place strong internal communications and clearly-defined staff guidelines, according to Atlassian head of security intelligence Daniel Grzelak. Read more at ITNews. Why? Because I actually agree with pretty much everything he advises, and if…