Daniel Mayer writes: A class action was recently allowed to proceed in Ontario against a major bank after one of its employees admitted to accessing and disclosing to third parties confidential information of the bank’s customers. While this case is not a final decision as to whether the bank was actually liable for its employee’s…
Category: Commentaries and Analyses
Government itself tries to hack HealthCare.gov
Associated Press reports: The government’s own watchdogs tried to hack into HealthCare.gov earlier this year and found what they termed a critical vulnerability — but also came away with respect for some of the health insurance site’s security features. Those are among the conclusions of a report released today by the Health and Human Services…
CFPB Must Improve Financial Data Security: GAO
Mike Muckian reports: If you’re one of the 25 million to 75 million U.S. credit cardholders whose account information has been gathered by the CFPB, your financial data may not be as safe as it should be. The U.S. Governmental Accountability Office recently analyzed the bureau’s data security practices and was not pleased with the…
On the Front Lines: The FTC’s Role in Data Security
Keynote Address by FTC Commissioner Julie Brill on September 17 at the Center for Strategic and International Studies (CSIS) Workshop on Stepping Into the Fray: The Role of Independent Agencies in Cybersecurity. (pdf)
Failure to patch Oracle leaves students and kids at risk of info theft
Jake Tapper reports that some organizations still haven’t patched Oracle, leaving sensitive information at risk of hacking: This month, [researchers] found that a weakness in Oracle’s software – that the company discovered in 2012 and provided a patch for – still remains a huge vulnerability to any customer that missed or ignored that news. Seely…
Education And Information Sharing: Underutilized Tools In FTC’s Data Security Work
Glenn G. Lammi of the Washington Legal Foundation writes: The Federal Trade Commission (FTC) has brought 52 enforcement actions involving data breaches. Fifty of those businesses, whose computer systems were illegally accessed by hackers, settled rather than fight FTC’s accusations that they acted “deceptively” or “unfairly” under § 5 of the FTC Act. And yet,…