So it seems live event ticketing service Vendini sent out a press release about how they’ve joined the PCI Security Council and how they’ve hired someone new to innovate security techniques. I’d have been more impressed if they had done that before their massive breach – or at least acknowledged that their new involvement and commitment is…
Category: Commentaries and Analyses
Goldilocks and the three data breach estimates
Estimate in haste, repent in leisure? Over on PHIprivacy.net, I recently reported on a breach in Jersey City involving patient records stolen from a shed behind a doctor’s office. The first media report, on NJ.com, said Dr. Nisar A. Quraishi told police that 40,000 patients’ records had been stolen. At 40,000, that incident would qualify as the second largest breach…
Should the FTC Be Regulating Privacy and Data Security?
Daniel Solove and Woodrow Hartzog write: This past Tuesday the Federal Trade Commission (FTC) filed a complaint against AT&T for allegedly throttling the Internet of its customers even though they paid for unlimited data plans. This complaint was surprising for many, who thought the Federal Communications Commission (FCC) was the agency that handled such telecommunications issues. Is…
New GDPR Data Breach Notification Agreement Sparks Debate
Neil Ford writes: The slow, stately progress of European data protection law continues: last month in Luxembourg, ministers in the Justice and Home Affairs Committee of the EU’s Council of Ministers reached partial agreement on reforms to the General Data Protection Regulation (GDPR). (The GDPR, you’ll remember, will replace the EU Data Protection Directive with a…
68% of Healthcare Data Breaches Due to Device Loss or Theft, Not Hacking
Jasmine Pennic reports: 68 percent of all healthcare data breaches since 2010 are due to device theft or loss, according to the 2014 Healthcare Breach Report from Bitglass. Despite the recent headlines of hacker attacks to hospitals, only 23 percent of healthcare data breaches were a result of cybercriminals compromising networks and exfiltrating data. The findings come…
ND: Audit: Not making security top concern led to NDUS breach
Tu-Uyen Tran reports that an audit conducted in the wake of NDUS’s breach earlier this year found major problems that went far beyond the few employees who were eventually fired: An email a stranger sent to the North Dakota University System’s computer security officer on the morning of Feb. 7 was the first sign that…