JPMorgan Chase has attempted to explain the delay in notification to Connecticut, but at least one Connecticut official is not satisfied. Ed Jacovino reports: JPMorgan Chase & Co. says it waited to determine what information could have been involved in an online security breach before telling officials this week that people with state-issued debit cards…
Category: Commentaries and Analyses
Statement on guilty pleas by Paypal13
Statement from the U.S. Attorney’s Office for the Northern District of California on the “Paypal13:” Thirteen defendants pleaded guilty in federal court in San Jose yesterday to charges related to their involvement in the cyber-attack of PayPal’s website as part of the group “Anonymous,” United States Attorney Melinda Haag announced. One of the defendants also…
JPMorgan Chase breach update: pile on…
The JPMorgan Chase Ucard breach reported previously on this blog affects residents of numerous states. As such, not only do I expect to see lawsuits filed, but state attorneys general will likely jump into the act to protect their respective residents. Did JPMorgan Chase promptly notify their residents and are they offering enough remediation and…
NYS Comptroller finds IT security deficits in towns of Babylon and Salina
Every so often I post audit reports from the NYS Comptroller’s Office. Last week, the office posted two completed audits worth noting here: The Town of Babylon was audited for the period January 1, 2011 — July 31, 2012. In addition to significant concerns about the town’s financial health conditions and other matters, one of…
Over half of Austin, Texas departments don’t even have policies on collecting, storing, or accessing PII – city auditors
Summary from Protection of Personally Identifiable Information (PII) Audit by City of Austin auditors (November 2013): The objective of this audit was to evaluate the process for protecting PII that is collected and/or stored by the City. The audit scope included the City’s policies and procedures related to the protection of PII for Fiscal Year…
Payment Card Industry Security Standards Council Issues Updates to Data Security Standard
Earlier this month, the Payment Card Industry Security Standards Council (PCI SSC) released Version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS), which includes several enhanced security requirements that will affect how businesses protect payment card data in their systems. The updated standard calls upon businesses to take a more active role in…