On July 31, after reading a news story about a breach involving a school district, I emailed the FTC to ask for clarification on FACTA: I have searched and searched but cannot find a definitive answer to the following: Are k-12 public school districts covered by FACTA? Assume for purposes of my question that there…
Category: Commentaries and Analyses
US-CERT’s do’s-and-don’ts for after the cyber hack
Jason Miller reports that US-CERT is offering best practices for after an attack. Here’s a bit of what he reports: Hacked organizations shouldn’t automatically initiate reactive measures to the network without first consulting incident response experts. Barron-DiCamillo said US-CERT and a host of other companies do incident responses for a living as opposed systems administrators…
What did CSU do to verify vendors’ data security – and what might FTC do?
When California State University decided to purchase a We End Violence program, Agent of Change, they reportedly did consider data security. The Press-Telegram reports: Laurie Weidner, spokeswoman for the Chancellor’s Office, said CSU has not terminated its relationship with We End Violence, which administered the training program called Agent of Change. The vendor was one of…
Records: Energy Department struck repeatedly – and successfully – by cyber attacks
Steve Reilly reports: Cyber attackers successfully compromised the security of U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, according to a review of federal records obtained by USA TODAY. Incident reports submitted by federal officials and contractors since late 2010 to the Energy Department’s Joint Cybersecurity Coordination Center shows a near-consistent…
UK Tops European Data Breach Table
Phil Muncaster reports: The UK suffered the most data breaches in Europe during the first half of 2015, coming second globally only to the United States, according to new data from Gemalto. The digital security and SIM card vendor claimed in its latest Breach Level Index (BLI) report that there were 63 data breaches in the UK…
A quick note on the Heritage Foundation leak
As reported on this site, The Heritage Foundation leaked a ton of information about donors and others. In light of that, you may be wondering whether the FTC will go after them for unreasonable data security. The answer to that is probably “no,” because the FTC doesn’t have authority to enforce Section 5 when it…