There’s really nothing new in here that regular readers of this blog won’t know already, but Karen Freifeld reports: A decade of lawmaking by U.S. states to ensure consumers are told when their data has been hacked still lets companies such as Target Corp wait weeks or even months to disclose security breaches. Forty-six of…
Category: Commentaries and Analyses
Starbucks caught storing mobile passwords in clear text
Evan Schuman reports: The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames…
New Hagens Berman Lawsuit: Target Was Informed of Data Vulnerability in 2007, but Ignored Danger
Press release: SEATTLE– January 14, 2014– Today consumers represented by law firm Hagens Berman Sobol Shapiro LLP filed a proposed class-action lawsuit against Target (NYSE: TGT) claiming the retail giant ignored warnings from as early as 2007 that the company’s point-of-sale (POS) system was vulnerable to attack, a move that put millions of Americans’ credit-cards…
Ruling delayed in FTC v. Wyndham (updated)
Over on phiprivacy.net, I had noted that Commissioner Julie Brill had recused herself from the LabMD case after they moved to disqualify her over public statements she made. Somehow I missed a development in the Wyndam case, even though Law360 had first reported it on January 2. Now Stacey Brandenburg of Zwillgen reports that Judge Salas agreed to…
Australian police investigating teen who found database flaw
Jeremy Kirk reports: An Australian teenager who notified a public transport agency of a serious database flaw is under police investigation. Joshua Rogers, 16, of Melbourne, found a SQL injection flaw in a database owned by Public Transport Victoria (PTV), which runs the state’s transport system. The flaw allowed access to a database containing 600,000…
INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent – GAO Report
From the summary of GAO’s findings in INFORMATION SECURITY: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent (PDF, 67 pp.) The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified…