Last week, Quinn Norton wrote a disturbing and thoughtful essay. Those of us who conduct research or investigate and report on breaches generally share her concerns, if not her decision to withdraw from security journalism. The Barrett Brown case, and the prosecution’s attempt to criminalize linking to publicly available data may lead others, too, to…
Category: Commentaries and Analyses
Boomerang continues to demonstrate how NOT to handle a possible breach
On January 13, I wrote: And for Tuesday’s edition of “How Not to Handle a Reported Breach,” we give you….. (drum roll)…. Boomerang Rentals. Although Boomerang has continued to investigate claims of a breach resulting in fraudulent charges, and have brought in a third party to assist in their investigation, they still haven’t notified consumers…
Court Rules in Favor of Breached Retailer
Tracy Kitten reports: A breached retailer has won a court ruling against its payments processor and merchant bank, setting a $500,000 cap on how much it must pay for a point-of-sale breach it suffered in late 2012. Now the processor and bank must pick up the rest of the breach-related tab. […] On Jan. 15,…
All Verizon Customer Emails Were Opened Up To Hackers Thanks To Glaring Bug
Thomas Fox-Brewster reports: US telecoms giant Verizon has had a bad couple of years from a privacy point of view, from revelations of unrestrained NSA access to its’ customers call metadata or “permacookies” that could have permanently tracked users web activity. It could do without any other embarrassment, but on Sunday a researcher revealed a glaring vulnerability related…
President Obama’s Security Breach Notification Bill Needs Work
Elizabeth H. Johnson and Lynn C. Percival IV of Poyner Spruill have their own objections to the President’s proposal for a federal data breach notification law. You can read their analysis and comments here.
5 Colleges With Data Breaches Larger Than Sony’s in 2014
Kyle McCarthy points out that there were at least five colleges that had breaches larger than Sony’s breach in 2014. So he made a list? Why is there absolutely NO mention of the fact that no federal agency enforces data security in the education sector? Isn’t THAT the bigger atory?