Commentaries and Analyses – Page 685

Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach

Posted on February 6, 2015 by Dissent

Steve Bellovin explains: Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this, it’s not going to help. If your OS is secure, you don’t need the crypto; if it’s not, the crypto won’t protect your data. In a case…

BakerHostetler’s 2014 Year-End Review of Class Actions

Posted on February 3, 2015 by Dissent

BakerHostetler’s 2014 Year-End Review of Class Actions (and what to expect in 2015) is available online. It includes discussion of data breach class actions as well as privacy class actions, and covers theories of liability, standing, and other issues raised in recent and ongoing cases.

The FTC’s requested budget: implications for data security enforcement cases?

Posted on February 3, 2015 by Dissent

I was never good with budgets, but damned if I can figure out FTC’s budget request to Congress for Fiscal 2016. Is it seeking funds to expand the number of data security enforcement cases it undertakes or is the budget based on simply maintaining the current level(s)? So when @FTC didn’t respond to my tweeted inquiry,…

Tweets that give me a knot in my stomach, Monday edition

Posted on February 2, 2015 by Dissent

32 edu sites all vuln to the same sql injection vuln….. this is going to be fun — abdilo (@abdilo_) February 2, 2015 and .@jessysaurusrex@g33kspeed@sambowne to put your mind at ease here is the amount in all the dbs together from the 0day sqli: 9,468,248 — abdilo (@abdilo_) February 2, 2015 If/when he posts a…

Experian ProtectMyID didn’t protect him from ID theft – Target customer

Posted on January 31, 2015 by Dissent

As this blogger and Brian Krebs have both pointed out on a number of occasions, Experian’s ProtectMyID may only monitor Experian’s own credit reports and not those of Equifax, TransUnion, or Innovis. Now one consumer seems to have learned that lesson the hard way. Consider the offer Target made to its customers following their massive breach…

Justice Department IG disputes Attkisson hacking claims

Posted on January 30, 2015 by Dissent

Erik Wemple reports: Many of the allegations made by former CBS News reporter Sharyl Attkisson regarding alleged computer intrusions by the U.S. government are disputed in a report by the Justice Department’s inspector general. “The OIG’s investigation was not able to substantiate the allegations that Attkisson’s computers were subject to remote intrusion by the FBI, other…