Craig Hoffman and Charlie Shih write: One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states that require notification to occur no later…
Category: Commentaries and Analyses
Why otherwise adequate breach response plans may fail
One of the recurring themes by commenters on this blog is that they got a breach notification that offered them free credit monitoring services, but: 1. They can’t access the site they’re directed to; 2. They are alarmed that the site asks them for their personal information; and/or 3. They have no reason to trust…
South Korea regulator reaffirms harsher measures against card firms over data leak
Yonhap News reports that in addition to some stiff penalties imposed by its financial regulator on credit card firms who suffered data leaks, the government continues to look at ways to strengthen the protection of private data: In a report to the parliament, FSC chairman Shin Je-yun said the regulator plans to suspend the card…
UK: South Yorkshire police admit 70 data breaches
Police chiefs in South Yorkshire have defended the force’s record for abiding by the Data Protection Act – despite admitting officers and staff have breached the rules on 70 occasions. Forces across the country have released details, under the Freedom of Information Act, of how many times data breaches occurred during a four year period….
South Floridian Sentenced In Identity Theft Scheme
Robinson Calixte, 22, of Miami, was sentenced by U.S. District Judge Donald L. Graham o 47 months in prison, followed by three years of supervised release for identity theft. On September 13, 2013, Calixte was charged in a five count indictment for identity theft in connection with his unauthorized possession of at least fifteen social…
Target’s “Second-Rate” Fix for Hacking Victims May Leave Customers Vulnerable
Dana Liebelson discusses a concern that has been raised here and elsewhere – that Target negotiated a credit-monitoring deal with Experian that only includes Experian’s own database and not the Equifax and TransUnion databases as well. Read her report on Mother Jones.