Press release from the FTC, followed by my comments: A company that provides medical transcription services has agreed to settle Federal Trade Commission charges that its inadequate data security measures unfairly exposed the personal information of thousands of consumers on the open Internet, in some instances including consumers’ medical histories and examination notes. In its complaint…
Category: Commentaries and Analyses
NYS audit of Village of Westbury reveals IT security deficiencies
The NYS Controller’s Office has released another audit that looks at information technology security – this time it’s the Village of Westbury on Long Island. The audit covered the period June 1, 2011 — November 30, 2012. Here are some snippets from their report: We examined controls over the Village’s computerized financial operations and found that Village…
Analyst sees Target data breach costs topping $1 billion
Tom Webb reports: Two months into the Target security breach, fraud is turning up on 10 percent to 15 percent of the stolen card accounts, a security specialist says. Based on that brisk level of criminal activity, one Wall Street analyst estimates that perhaps 5 million of the 40 million stolen credit and debit cards…
California Attorney General Files Lawsuit Based on Late Breach Notification
Yesterday, I noted that California’s Attorney General was suing Kaiser over a breach that was discovered in 2011 but not disclosed to those affected until months later. David Navetta of InformationLawGroup has some interesting commentary and analysis of the lawsuit, focusing on the provisions of California law that provide: The disclosure shall be made in…
Five steps to take if you’ve become a victim of ID theft
Over on CreditSesame.com, Kimberly Rotter wrote a tips article, “5 Steps to Take Immediately If You’ve Been a Victim of Identity Theft.” The article was also reproduced on Lifehacker. To briefly summarize the article, it lists some examples of identity theft and then recommends the following five actions (with additional info on each of the following):…
NY: Audit of charter school finds serious IT security deficiencies
As I’ve done before, this post highlights the findings of a NYS Comptroller’s Office audit on information technology and data security. Previous audits posted on this blog have looked at public school districts and universities. This one involves a charter school – Eugenio Maria de Hostos Charter School in Rochester. The school was established in 2000…