Mark Ward reports: Companies that do not do enough to keep their websites secure are to be named and shamed to help improve security. The list of good and bad sites will be published regularly by the non-profit Trustworthy Internet Movement (TIM). A survey carried out to launch the group found that more than 52%…
Category: Commentaries and Analyses
NAFCU Letter to Reps. Boehner and Pelosi on Cyber/Data Security
Via CUInsight, a letter that has some recommendations many readers might agree with: April 23, 2012 The Honorable John Boehner Speaker U.S. House of Representatives Washington, D.C. 20515 The Honorable Nancy Pelosi Minority Leader U.S. House of Representatives Washington, D.C. 20515 Re: Cyber Security and Data Security Dear Speaker Boehner and Minority Leader Pelosi:\ On…
Massachusetts: state of the breach reports, 2011
Massachusetts has provided another update/report on data breach notifications they receive. You can access the full report (pdf) on their web site. Here are a few snippets from the report: Since the Data Security law, c. 93H, went into effect, the Office of Consumer Affairs and Business Regulation has tracked the data breach notifications it…
Why MilitarySingles.com’s denial of breach fails to convince me (updated)
Some breach reports really bother me. The MilitarySingles.com situation is a case in point. Despite their denial of any breach, what I saw in the two data dumps leaves me with the nagging suspicion that they were hacked. And so I contacted them again almost two weeks ago, following their last statement, to ask to…
Future of Data Breach Class Actions After ‘Anderson’
John F. Mullen and Francis X. Nolan IV discuss the state of class action lawsuits over data breaches. Here’s a snippet: In October 2011, the U.S. Court of Appeals for the First Circuit issued its decision in Anderson v. Hannaford, where it denied the defendant grocery chain’s motion to dismiss an action arising from a…
Global Payments’ security FAIL compounded by transparency FAIL?
A data breach doesn’t necessarily have to be fatal to a business but there are entities that seem to shoot themselves in the foot when it comes to breach response. Did Global Payments suffer self-inflicted public relations injury this past week when they didn’t get ahead of the story? And how will their failure to…