Help Net Security reports: A group of students from Saarland University’s Center for IT-Security, Privacy and Accountability (CISPA) have discovered tens of thousands MongoDB databases accessible to remote attackers, including a couple belonging to big companies and containing personal and financial information of millions of their users. MongoDB is a popular cross-platform, document-oriented NoSQL database,…
Category: Commentaries and Analyses
More Than 30% of Big Merchants Are Not PCI-Compliant – Study
Jim Daly reports: Fudging the numbers about their merchants’ compliance with the Payment Card Industry data-security standard (PCI) may be a common practice by merchant acquirers if findings from a new study about payment card data security are to be believed. The study by the Merchant Acquirers’ Committee, an association of more than 500…
Is It Time for a Wall of Shame for the Education Sector?
Over the past few months, SLC Security has been noting a lot of malware and botnet activity in the education sector – problems, they say, that the entities often don’t acknowledge when SLC Security attempts to alert them to problems. Yesterday, SLC Security wrote that they were seeing traffic from: New York University -Malicious Activity Princeton University – Malicious…
Jeb Bush probably won’t be running on a privacy platform after doxxing everyone
Maybe one of the qualifications for President in the Constitution should be: “Has the common sense not to expose everyone’s personal information to the world.” T.C. Sottek reports: Jeb Bush, a rumored 2016 Republican presidential candidate, just decided to publish hundreds of thousands of emails sent to him during his time as governor of Florida….
New Mexico needs a data breach notification law, but is this the right one?
Will New Mexico finally join the ranks of states that require data breach notification or will it remain one of only three holdouts? Dan Mayfield reports that Rep. Bill Rehm has introduced a bill to require businesses to notify consumers in the event of a breach. Rehm tried to pass a similar bill last year but got pushback from…
UK: A bad day in court for Medway Council
Jon Baines writes: If the Information Commissioner (IC) reasonably requires any information for the purpose of determining whether a data controller has complied or is complying with the data protection principles, section 43 of the Data Protection Act 1998 (DPA) empowers him to serve a notice on the data controller requiring it to furnish him with specified…