In a data security enforcement action that some have characterized as a modern version of David vs. Goliath, David won today, and the FTC lost. It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating…
Category: Commentaries and Analyses
OPM’s $20M contract for ID theft protection violated federal rules
Can OPM do anything right? In this week’s installment of their totally infuriating breach and breach response saga, it appears that they didn’t follow proper procedures in awarding a contract for ID theft monitoring services for breach victims. Jack Moore reports: The inspector general of the Office of Personnel Management says a $20 million sole-source…
Beaches, carnivals and cybercrime: a look inside the Brazilian underground
Fabio Assolini authored an interesting report on Brazilian cybercrime that begins: The Brazilian criminal underground includes some of the world’s most active and creative perpetrators of cybercrime. Like their counterparts in China and Russia, their cyberattacks have a strong local flavor. To fully understand them you need spend time in the country and understand its…
Anonymous Exposes Identity of Alleged Halifax Rapist, Police Reopens The Case
If you’re going to publicly name and/or dox someone you suspect of sexual assault, you’d better be right, as the potential harm to them is enormous. And if you’re going to publicly name and/or dox someone you suspect of sexual assault, should it matter whether the victim has decided not to pursue the matter? Could…
Q3 2015 Data Breach QuickView Report – A Record Breaking Year in the Making
From Risk Based Security: Risk Based Security is pleased to announce the release of the Q3 Data Breach QuickView report. It has been a busy year in terms of activity, with over 3,000 data breaches reported in the first three quarters of 2015. The higher than usual breach activity began early with the first quarter…
E-health opt-out records a ‘huge invasion of privacy’
Corinne Reichert reports: The Australian Privacy Foundation has accused the Senate of being “dangerously naive” in thinking that opt-out e-health records could be secured against breaches of privacy. Bernard Robertson-Dunn, a member of the Privacy Foundation who has also constructed IT systems for several government departments, said it is “patently absurd” for the Senate inquiry…