In February, we learned of a horrific privacy breach involving almost 10,000 asylum seekers. This breach is on my personal Top 10 Worst Breaches of 2014 because of the risk of harm to those exposed. A detention file created by Australia’s Department of Immigration and Border Protection (DIBP) accidentally exposed detainees’ personal details and was subsequently downloaded in about 16…
Category: Commentaries and Analyses
In Illinois– Identity Thieves Have an Ally
Like too many consumers, reporter Evelyn Wilkerson seems to have been living under a rock: Sometimes in journalism, a story appears right in front of you. That’s what happened with Eyewitness news Morning Anchor, Evelyn Wilkerson — when a family friend became a victim of identity theft after having a stroke. So, she dug into…
Federal workers weaken cyberdefense
Associated Press reports: A $10 billion-a-year effort to protect sensitive government data, from military secrets to Social Security numbers, is struggling to keep pace with an increasing number of cyberattacks and is unwittingly being undermined by federal employees and contractors. Workers scattered across more than a dozen agencies, from the Defense and Education departments to…
In wake of massive breach, Vendini Joins PCI Security Standards Council
So it seems live event ticketing service Vendini sent out a press release about how they’ve joined the PCI Security Council and how they’ve hired someone new to innovate security techniques. I’d have been more impressed if they had done that before their massive breach – or at least acknowledged that their new involvement and commitment is…
Goldilocks and the three data breach estimates
Estimate in haste, repent in leisure? Over on PHIprivacy.net, I recently reported on a breach in Jersey City involving patient records stolen from a shed behind a doctor’s office. The first media report, on NJ.com, said Dr. Nisar A. Quraishi told police that 40,000 patients’ records had been stolen. At 40,000, that incident would qualify as the second largest breach…
Should the FTC Be Regulating Privacy and Data Security?
Daniel Solove and Woodrow Hartzog write: This past Tuesday the Federal Trade Commission (FTC) filed a complaint against AT&T for allegedly throttling the Internet of its customers even though they paid for unlimited data plans. This complaint was surprising for many, who thought the Federal Communications Commission (FCC) was the agency that handled such telecommunications issues. Is…