I generally do not write “lessons learned from [X breach] ” posts, because I seriously doubt people have really learned anything. Instead of headlines like “Lessons learned from…,” what we should be writing is, “If you don’t learn from this, then you’re an idiot and should never be allowed near consumers’ personal information.” In any…
Category: Commentaries and Analyses
From my mail bag…
Cross-posted from phiprivacy.net: Over on DataBreaches.net, a number of people are reporting that they have received notification letters for the Maricopa Community Colleges breach, but that they’ve never attended the college and have no idea why they’re receiving letters. Today, I got an email about a breach reported on this site (phiprivacy.net). I’m redacting it, but…
Ranking Members Waxman and DeGette Release Memo on Healthcare.gov Security
Over on beSpacific, Sabrinia Pacifici writes: “Today Energy and Commerce Committee Ranking Member Henry A. Waxman and Oversight and Investigations Subcommittee Ranking Member Diana DeGette released a memo to Democratic Committee members regarding the security of Healthcare.gov. In a classified briefing two days ago, HHS officials revealed that there have been no successful security attacks…
IG: Personal Information Stolen from 104,179 after Energy Department Cyber Attack
Elizabeth Harrington reports on a newly-released Inspector General’s report on the hack at the Department of Energy previously covered on this blog. Some of the highlights: The Energy department was aware of “early warning signs” that personally identifiable information (PII) of its employees was at risk. The attackers used exploits commonly available on the internet…
National American University students’ financial information exposed, but what laws protect them?
Joe O’Sullivan reports: When National American University moved from one Rapid City campus to a new location earlier this year, the school or a contractor appears to have improperly disposed of thousands of sensitive student financial records that included names, addresses, loan numbers and Social Security numbers, according to documents reviewed by the Rapid City…
JPMorgan Chase & Co. explains delay in notifying Connecticut about online security breach
JPMorgan Chase has attempted to explain the delay in notification to Connecticut, but at least one Connecticut official is not satisfied. Ed Jacovino reports: JPMorgan Chase & Co. says it waited to determine what information could have been involved in an online security breach before telling officials this week that people with state-issued debit cards…