Here’s a great example of the perils in trying to report on hacks or breaches disclosed on Twitter or Pastebin. A hacker who self-identified as Reckz0r initially claimed to have hacked Visa and MasterCard and to have dumped 50GB worth of data (without credit card numbers). I had my doubts, and wasn’t surprised to read…
Category: Commentaries and Analyses
Is network offense the best network defense?
Stewart Baker responds to Joseph Menn’s recent report on companies fighting back against attackers. He comments on the different offensive strategies: Here’s the problem. A generation of computer crime lawyers at the Justice Department has devoted their careers to discouraging the reaction that Menn describes. That’s because the fundamental law in this area, the law…
Hacked companies fight back with controversial steps
Joseph Menn of Reuters reports that some U.S. firms are fighting back against hackers in unorthodox – if not downright illegal – ways: “Not only do we put out the fire, but we also look for the arsonist,” said Shawn Henry, the former head of cybercrime investigations at the FBI who in April joined new…
Does a Data Breach in the U.S. Require Notification in Europe?
Paul Van den Buick writes: The European legal framework on the protection of personal data (Directive 95/46/Ec) is acknowledged as one of the strictest in the world. This tendency seems to be confirmed by the new draft regulation on the protection of personal data revealed by the European Commission in January 2012, which, once adopted,…
Entities need to up their game when it comes to breach disclosures
Help Net Security reports on a new Experian/Ponemon survey, “Consumers confused about data breaches.” Over 60% of respondents had trouble understanding the notification letters or felt the entity did not give them sufficient details. One take-home message is what I’ve been saying for years: breach notifications need to be written in plain language and include…
New Math, data breaches version
As a survivor of New Math, it’s somewhat amazing that I’m willing to deal with numbers or math at all. Yet, here I am, with a simple equation as today’s New Math: UNCC + UN = time for regulation Simple, elegant, and somewhat nonsensical as a math equation, but two recent education sector breaches do…