The highlights of a new GAO report, INFORMATION SECURITY: VA Needs to Address Identified Vulnerabilities: While the Department of Veterans Affairs (VA) has taken actions to mitigate previously identified vulnerabilities, it has not fully addressed these weaknesses. For example, VA took actions to contain and eradicate a significant incident detected in 2012 involving a network intrusion,…
Category: Commentaries and Analyses
Nearly a billion records were compromised in 2014
Steve Ragan reports: In first nine months of 2014, after 1,922 confirmed incidents, criminals managed to compromise 904 million records. Many of the incidents reported in 2014 were record setting, including twenty of them that resulted in the compromise of more than a million records each. In retrospect, it can be safely said that criminals…
Fix your security, don’t cover up breaches: AU privacy commissioner
Stilgherrian reports: Australian Privacy Commissioner Timothy Pilgrim has issued a strong warning to companies that attempt to cover up data breaches, or have failed to take a proactive approach toward ensuring that personal data is kept secure. Attempts to conceal a data breach “will not be looked well on by our office”, Pilgrim told the…
Retailers are skirting data security issue, NAFCU, trades tell Congress
The National Association of Federal Credit Unions writes: Retailer groups’ data security arguments are “inaccurate and misleading” given their members “are not covered by any federal laws or regulations that require them to protect data and notify consumers when it is breached,” NAFCU and six other financial trades told House and Senate leaders Wednesday. “National…
Interesting closing letter from FTC to Verizon concerning WEP default on older routers
From the FTC Ms. Dana Rosenfeld Kelley Drye Washington Harbour, Suite 400 3050 K Street, NW Washington, D.C. 20007 Dear Ms. Rosenfeld: UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION WASHINGTON, DC 20580 November 12, 2014 As you know, staff in the Division of Privacy and Identity Protection has conducted an investigation into possible violations of…
AU: Asylum seeker privacy breach due to copy and paste – OAIC. Okay, but where’s the breach mitigation?
In February, we learned of a horrific privacy breach involving almost 10,000 asylum seekers. This breach is on my personal Top 10 Worst Breaches of 2014 because of the risk of harm to those exposed. A detention file created by Australia’s Department of Immigration and Border Protection (DIBP) accidentally exposed detainees’ personal details and was subsequently downloaded in about 16…