From the I-must-have-a-different-definition-of-‘robust’ dept.: Douglas Dahl writes: With the news of the recent cyber-attack and resulting data breach at health insurance giant Anthem Inc., the buzz around data security and privacy is again high. The Anthem breach serves as a reminder to those entities subject to the Health Insurance Portability and Accountability Act (HIPAA) that…
Category: Commentaries and Analyses
GAO: IRS Needs to Continue Improving Controls over Financial and Taxpayer Data
What GAO found in its new report on Information Security and the IRS: The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses limit their effectiveness in protecting the confidentiality, integrity and availability of financial and sensitive taxpayer data. During fiscal year 2014, IRS continued to devote attention to securing its…
Wyndham: A Case Study in Cybersecurity: How the cost of a relatively small breach can rival that of a major hack attack
Timothy Cornell of Clifford Chance US LLP has an interesting write-up on the Wyndham case that really details the time and labor costs of responding to a government investigation following a data breach. Here’s an example: On April 8, 2010, the FTC began to investigate Wyndham Worldwide and three of its subsidiaries (collectively “Wyndham”), sending Wyndham…
Ca: Office of Auditor General lost 120 encrypted USB drives: documents
Joanna Smith reports from Ottawa: An internal investigation at the Office of the Auditor General found that about 22 per cent of the encrypted USB drives entrusted to employees were lost, according to newly released documents. […] “The management of these USB drives was not strictly enforced. Employees were given IT Security information sessions on…
Data Breaches Hit Half of America: Verizon Report
David Morrison writes: Almost half of all American consumers (45%) said data security breaches have compromised their personal payment information or that of a household member, according Verizon’s 2015 PCI Compliance Report. The document suggested credit unions and other card issuers might suffer damage from card security breaches until consumers start using payment cards with embedded…
“University of Racism” hacked; will others go after U. of Oklahoma student records?
“Because none of them seem to give a shit…” – a hacker commenting on the lack of response to notifying the U. of Oklahoma that he had hacked them. This blogger has repeatedly lamented the generally inadequate data security in the education sector and the fact that no federal agency actually enforces data security at the post-secondary…