A follow-up to a breach reported on this blog (but not in the mainstream media) in November 2011: A property management firm will pay $15,000 in civil penalties following the theft of a laptop containing the personal information of over 600 Massachusetts residents, Attorney General Martha Coakley announced today. “It is incredibly important that businesses…
Category: Commentaries and Analyses
Why ‘data breach’ isn’t a dirty word anymore
Elinor Mills has a round-up of quotes from multiple sources that all suggest that having a data breach generally isn’t fatal to a business – although there are, of course, exceptions. Not surprisingly, my favorite quote is from Adam Shostack: “The reason we’re struggling as an industry is that we cover up the failures,” said…
Pointer: Verizon DBIR 2012
The Verizon report is out. You can download it here. More after I have a chance to read it and round up some analyses/comments. Right off the top, I can see that their findings are more consistent (but somewhat more extreme, perhaps) than what we find in DataLossDB.org, and significantly different than what Ponemon and…
Good news for breached entities: it won’t cost you as much and customers are less likely to leave – Ponemon study
The new Ponemon study, 2011 Cost of a Data Breach Study has some interesting findings. From the executive summary: The cost of a data breach declined. For the first time in seven years, both the organizational cost of data breach and the cost per lost or stolen record have declined. The organizational cost has declined from…
Theft of location info: Revision of law necessary to protect privacy
From an editorial in The Korea Times: Subcontractors of two mobile carriers sold location information of 200,000 customers. The theft shows a deep hole in the protection of location information, and is a grave infringement of the privacy of subscribers. Police arrested engineers working for SK Telecom and KT for stealing and selling location information,…
A horrific privacy breach averted, but why did Anonymous remain silent? (UPDATED)
I couldn’t fall asleep last night. It’s not often that a data breach worries me, but what I read online had concerned me. According to a hacker calling himself @PabloEscobarSec, he had hacked the British Pregnancy Advisory Service (BPAS), and intended to leak the names of all of the women who had used the service….