From the Office of the Privacy Commissioner of New Zealand: We think it is time to ‘name names’ where it is warranted. Our view is that in certain circumstances, the Privacy Act is better served by revealing the organisations that have breached the law. Up to now, we’ve rarely publicly named organisations. It was done…
Category: Commentaries and Analyses
UK: Repeated security failings lead to £180,000 fine for Ministry of Justice
Long-time readers of DataBreaches.net will recall that I’ve posted breaches involving the UK Ministry of Justice before (cf this post or this post about a monetary penalty involving an email breach at HMP Cardiff). Now there’s another monetary penalty, it seems: The Information Commissioner’s Office (ICO) has served a £180,000 penalty on the Ministry of Justice over…
UK: Customer data loss soars at financial firms
Tessa Norman reports: The number of customer data loss incidents reported to the FCA [Financial Conduct Authority] has increased significantly in the past year. A Freedom of Information request published by the FCA shows that in 2013, the regulator was notified of 13 incidents where firms have lost customer data or had it stolen. Some…
Colleges and universities among highest risk for data breaches
David Weldon writes: While retailers and healthcare organizations have dominated much of the data breach media attention in recent weeks, a new study finds that the nation’s colleges and universities are at even greater risk for cyberattacks. In an email to FierceCIO, the security firm BitSight Technologies shared highlights of its new research report, “Powerhouses and…
The FTC’s Controversial Battle To Force Companies To Protect Your Data
Kashmir Hill writes: Hacker conference Defcon has a long tradition of playing “spot the fed,” a game that involves outing government types who attend under the radar to learn about the latest hacking tricks and those who are expert at developing them. There was little challenge in the game this August when it came to…
Heartbleed Not Only Reason For Health Systems Breach
Community Health Systems’ bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say. Read more on Dark Reading. If HHS wants to go after CHS, this article certainly lays out the technical security safeguards that may not have been in place.