From a GAO report (GAO-14-487T) released today, the highlights: The number of reported information security incidents involving personally identifiable information (PII) has more than doubled over the last several years (see figure). As GAO has previously reported, major federal agencies continue to face challenges in fully implementing all components of an agency-wide information security program, which…
Category: Commentaries and Analyses
How do the FBI and Secret Service know your network has been breached before you do?
Ellen Messmer reports: By all accounts, many of the massive data breaches in the news these days are first revealed to the victims by law enforcement, the Secret Service and Federal Bureau of Investigation (FBI). But how do the agencies figure it out before the companies know they have been breached, especially given the millions…
Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information
Two companies have agreed to settle Federal Trade Commission charges that they misrepresented the security of their mobile apps and failed to secure the transmission of millions of consumers’ sensitive personal information from their mobile apps. The FTC alleged that, despite their security promises, Fandango and Credit Karma failed to take reasonable steps to secure…
When to Disclose A Data Breach: How About Never?
Joel Schectman writes: When your company gets attacked by hackers, how much do you tell the public and when? Often the answers are nothing and never, according to an attorney assisting Target Corp. with legal issues arising from its December data breach. There was little consensus on when companies should report data breaches among business executives and officials…
Pointer: Senate Commerce report on Target data breach
The Senate Committee on Commerce, Science, and Transportation released its report, “A “Kill Chain” Analysis of the 2013 Target Data Breach.” The report was prepared by the majority staff for Chairman Rockefeller.
More TD Bank insider breaches
On March 1, I blogged about numerous insider breaches TD Bank has reported in the past few years. I updated that report on March 9 with even more breaches that I uncovered via public records that were subsequently made available. Today, I received a response to a public records request to the North Carolina Attorney…