Darren Pauli reports: The Payment Card Industry Security Standards Council has created a taskforce charged with improving security among small businesses. The prodigious task will be tackled by encouraging small businesses to adopt security best practice and simplified Payment Card Industry Data Security Standards (PCI DSS). Barclaycard payment security manager and taskforce chair Phil Jones…
Category: Commentaries and Analyses
UK data watchdog: Massive fines won’t keep data safe
Jennifer Baker reports: The UK’s data protection watchdog has said issuing fines “left, right and centre” is not the way to ensure privacy. However, Information Commissioner Christopher Graham added that this doesn’t mean his office shouldn’t have those exact powers at its disposal. “The obligation laid on data protection authorities always to fine data controllers…
Epic played no part in Coast Guard health-data privacy shortcomings
Mark Sullivan reports: A new report from the Department of Homeland Security’s Office of Inspector General (OIG) says that the U.S. Coast Guard holds plenty of personally identifiable health information in its servers but lacks a strong approach to dealing with privacy issues. The report grew from a DHS audit that focused on practices and procedures for…
If the FTC comes to call
Mark Eichorn of the FTC writes: It’s a question we’re asked a lot. “What happens if I’m the target of an FTC investigation involving data security?” We understand – no one wants to get that call. But we hope we can shed some light on what a company can expect. First things first. All of…
Dentrix vulnerability still poses risk to patient data: researcher
In early 2014, and over on PHIprivacy.net, I published some posts expressing concern about a vulnerability in Dentrix software, Dentrix’s claims at the time that its G5 product incorporated “encryption,” and their subsequent decision that the firm would not individually notify all customers that what the customers had been sold as “encryption” was not encryption. Following up on the public posts,…
‘Millions’ of routers open to absurdly outdated NetUSB hijack
Darren Pauli reports: SEC Consult Vulnerability Lab Stefan Viehbock says potentially millions of routers and internet of things devices using KCodes NetUSB could be exposed to remote hijacking or denial of service attacks. The packet fondler says the vulnerability (CVE-2015-3036) hits the Linux kernel module in scores of popular routers which serves to provide network…