Tanya Forsheit and M. Scott Koller of BakerHostetler have a good write-up of the new provisions in California law and how the language of AB 1710 has led to some confusion as to whether California now requires breached entities to offer free credit monitoring protection for 12 months if certain types of personal information are…
Category: Commentaries and Analyses
On Accuracy in Cybersecurity
Derek Bambauer writes: I have a new article on how to address questions of accuracy in cybersecurity up on SSRN. It’s titled Schrödinger’s Cybersecurity; here’s the abstract: Both law and cybersecurity prize accuracy. Cyberattacks, such as Stuxnet, demonstrate the risks of inaccurate data. An attack can trick computer programs into making changes to information that are…
California Amends Data Breach Notification Law, Does Not Require Mandatory Offering of Credit Monitoring
Andrew Hoffman writes: California Governor Jerry Brown signed into law an amendment to California’s data breach notification law on Monday. Although at least one news outlet has reported that the law requires a company to offer credit monitoring services, this interpretation is misguided. Rather, the law only places restrictions on certain companies if they choose to offer identity theft prevention and…
Over 90 million hacker attacks registered in Russian Internet since 2010
TASS reports: More than 90 million hacker attacks have been registered in the Russian segment of the Internet since 2010, Secretary of the Russian Security Council Nikolay Patrushev said on Wednesday. “There have been 57 million attacks since 2014 and approximately 90 million attacks since 2010,” Patrushev told journalists. Russia’s Security Council did not discuss nationalization…
Hacked security plugin firm stored customer passwords in plaintext. Seriously?
Graham Cluley writes: … from time to time, firms find themselves in the position of admitting that they have messed up massively with potentially disastrous consequences for their business and their innocent customers. What makes it even worse, however, is when the company that has fallen woefully short really should have known better. One such company which…
The Maricopa County Community Colleges District data breach investigation they didn’t want us to see
In January 2011, DataBreaches.net reported that login credentials for the Maricopa County Community Colleges District (MCCCD) were up for sale on the black market. That month, the FBI also contacted Maricopa to alert them to the breach. In response to the incident, MCCCD brought in Stach & Liu (now Bishop Fox) to investigate and make recommendations. Following…