Category: Commentaries and Analyses

John F. Mullen and Francis X. Nolan IV discuss the state of class action lawsuits over data breaches. Here’s a snippet:   In October 2011, the U.S. Court of Appeals for the First Circuit issued its decision in Anderson v. Hannaford, where it denied the defendant grocery chain’s motion to dismiss an action arising from a…

A data breach doesn’t necessarily have to be fatal to a business but there are entities that seem to shoot themselves in the foot when it comes to breach response. Did Global Payments suffer self-inflicted public relations injury this past week when they didn’t get ahead of the story? And how will their failure to…

As if we needed another reason to disclose breaches in a timely fashion: Some nuclear workers are really upset that the Office of Workers’ Compensation Programs didn’t inform them of the Impairment Resources breach. It seems that they first learned about it from a recent post on this blog. Yeah, that’s no way to find…

Elinor Mills has a round-up of quotes from multiple sources that all suggest that having a data breach generally isn’t fatal to a business – although there are, of course, exceptions. Not surprisingly, my favorite quote is from Adam Shostack: “The reason we’re struggling as an industry is that we cover up the failures,” said…

The Verizon report is out. You can download it here. More after I have a chance to read it and round up some analyses/comments.  Right off the top, I can see that their findings are more consistent (but somewhat more extreme, perhaps) than what we find in DataLossDB.org, and significantly different than what Ponemon and…