Telecompaper reports: Dutch ISP XS4ALL and the law firm Brinkhof have awarded their annual Internet Thesis prize to a masters student researching required disclosure of data breaches. The research found that any such legal requirement would likely not meet its objectives. The thesis was based on the number of disclosures in the US before and…
Category: Commentaries and Analyses
Attorney General seeks national standard to protect against identity theft
Peter Cooney reports: Attorney General Eric Holder, citing the recent massive data theft at retailer Target Corp, urged Congress on Monday to enact a national standard for notifying consumers about such breaches. “This would empower the American people to protect themselves if they are at risk of identity theft,” Holder said in a statement urging…
C’mon, FTC, when will you do something? (update 2)
It has now been about two years since I filed a complaint with the FTC to alert them to all the data security breaches involving Experian’s credit report database. And while I continue to wait to see the FTC take action against Experian over their numerous breaches involving misuse of clients’ login credentials, Experian…
2013 Exposed Records Sets the Stage for Massive Identity Theft
From Risk Based Security: We are pleased to release our Data Breach Quick view report that shows 2013 broke the previous all-time record for the number of exposed records caused by reported data breach incidents. The 2,164 incidents reported during 2013 exposed over 822 million records, nearly doubling the previous highest year on record (2011). Although overshadowed…
Hackers post hundreds of thousands of user credentials on web
Doug Drinkwater reports: Swiss infosecurity and computer forensics company High-Tech Bridge carried out the research recently and found that 311,095 user credentials – comprising log-in and password pairs – for various services, websites and emails have been compromised on Pastebin. Read more on SC Magazine. Interestingly, their analysis of data leaked on Pastebin does not suggest a…
What is “Expedient” Notification of a “Data Breach?”
Craig Hoffman and Charlie Shih write: One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states that require notification to occur no later…