There’s a follow-up to a Palm Springs Federal Credit Union breach reported last year. The Credit Union National Association (CUNA) writes: The National Credit Union Administration’s Office of the Inspector General (OIG) has released a review regarding a data breach that occurred late last year. The agency confirmed that an external flash drive containing personal information for approximately…
Category: Commentaries and Analyses
IRS’s Top Ten Identity Theft Prosecutions
Continuing its enforcement push against refund fraud and identity theft, the Internal Revenue Service announced the Top Ten Identity Theft Prosecutions for Fiscal Year 2014 (FY14). The ongoing efforts to bring identity thieves to justice remains a significant priority as part of the IRS’s comprehensive identity theft strategy focusing on preventing, detecting and resolving identity…
US watchdog: Anthem snubbed our security audits before and after enormous hack attack
Shaun Nichols reports: A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed. And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s…
The Daily Mail did what U.S. media didn’t do: FOI the U.S. Education Department for Insider Breaches
From the good-for-them dept.: The Daily Mail in the U.K. filed a Freedom of Information request with the U.S. Education Department and obtained over 100 pages of responsive documents to their request for records relating to employee misuse of department computers. They have made the entire file available on their site. Note that this is…
Complicated relationships and breach notification requirements
A notification to the New Hampshire Attorney General’s Office from McDermott Will & Emery LLP provides a useful illustration of how some organizations may be struggling to determine their notification obligations to states as a result of the Anthem breach: If a law firm has trouble figuring out their obligations, can you imagine what others are struggling with? Coincidentally, perhaps, an attorney at…
Who ‘owns’ an investigation into a security breach?
Taylor Armerding writes: The last things an organization needs when launching an investigation into any kind of security breach are confusion and disorganization. If it is not clear who is really in charge, or what responsibilities fall to what departments, that is adding trouble to trouble. But that, according to the Security Executive Council (SEC),…