Commentaries and Analyses – Page 639

Breaches, traders, plain text passwords, ethical disclosure and 000webhost

Posted on October 28, 2015 by Dissent

Troy Hunt writes: It’s a bit hard to even know where to begin with this one, perhaps at the start and then I’ll try and piece all the bits together as best I can. As you may already know if you’re familiar with this blog, I run the service Have I been pwned? (HIBP) which…

TalkTalk requiring upset customers pay contract termination fee after data breach

Posted on October 27, 2015 by Dissent

From the if-they-have-a-PR-firm-are-they-even-listening-to-them dept: TalkTalk is becoming the poster child for poor PR and how NOT to respond after a data breach. In today’s installment, the BBC reports that the firm will only waive contract termination fees if the customer has had money stolen from them. “In the unlikely event that money is stolen from…

UK: ICO confirms issue of data breach compensation a matter for consumers to pursue with companies or via the courts

Posted on October 27, 2015 by Dissent

From Out-Law.com: The Information Commissioner’s Office (ICO) in the UK cannot force companies to pay compensation to consumers affected by a data breach, the watchdog has confirmed. On Monday, the UK’s culture minister Ed Vaizey told MPs in the House of Commons that it would be “a matter for the Information Commissioner’s Office and TalkTalk to decide…

Target Court Upholds Attorney-Client Privilege in Cyber Investigations

Posted on October 27, 2015 by Dissent

Stuart Altman and Michelle Kisloff write: In a decision issued late last Friday, the United States District Court for the District of Minnesota rejected an effort by class action Plaintiffs to access materials created in the course of Target’s investigation of its 2013 payment card breach that Target claimed were protected by the attorney-client privilege and…

Hacking cars in the style of Stuxnet

Posted on October 26, 2015 by Dissent

Hacking cars in the style of Stuxnet András Szijj1, Levente Buttyán1, Zsolt Szalay2 1 CrySyS Lab, Department of Networked Systems and Service 2 Department of Automobiles and Vehicle Manufacturing Budapest University of Technology and Economics Overheads at http://www.hit.bme.hu/~buttyan/publications/carhacking-Hacktivity-2015.pdf

UK: Experian rules out GOV.UK Verify changes after T-mobile data breach

Posted on October 26, 2015 by Dissent

Neil Merrett reports: Experian has opted against making any immediate changes to the service it offers as a contracted identity provider for GOV.UK Verify following an unrelated data breach last month of one of its servers that contained some identifying information of T-Mobile customers in the US. Experian is among five companies currently accredited to…