Danny Lieberman comments: The first government knee-jerk reaction in the face of a data breach is to create more government privacy compliance regulation. This is analogous to shooting yourself in the foot while you hold the loaded weapon in one hand and apply band-aids with the other. Democracies like Israel, the US and the UK…
Category: Commentaries and Analyses
Senate in search of consensus on data breach notification law may try a backdoor approach
Tony Romm writes: Congress failed to pass a new federal law last year requiring the litany of companies affected by data breaches — from gaming giant Sony to shoe e-tailer Zappos — to notify consumers. But now some lawmakers believe they have a new route for passage: the Senate’s upcoming cybersecurity reform bill. Read more…
Data breach notification proposal placed on Senate calendar
Senator Feinstein’s proposed data breach notification law, Data Breach Notification Act of 2011 (S. 1408) has been placed on the Senate Legislative Calendar under General Orders. Calendar No. 310. The bill, which I have criticized in both its past and current incarnations is an incredibly weak bill that would provide little information to affected consumers, uses vague…
Data breach? Blame your third party’s remote access systems
Ellen Messmer reports: An in-depth study of data-breach problems last year where hackers infiltrated 312 businesses to grab gobs of mainly customer payment-card information found the primary way they got in was through third-party vendor remote-access applications or VPN for systems maintenance. “The majority of our analysis of data-breach investigations — 76% — revealed that the third-party responsible for…
More breaches caused by staff than hackers
From InfoSecurity: The 2012 data protection survey undertaken by the Irish Computer Society (ICS) shows that a higher number of data breaches are the result of internal failures and lack of awareness than are the result of external theft. The survey involved more than 300 Irish IT administration and management staff and was undertaken in…
Hungarian citizen who attempted to extort Marriott International into giving him a job sentenced to prison
As an update to a case previously mentioned on this blog, Dow Jones Newswire reports that Attila Nemeth has been sentenced to 30 months in prison for attempting to extort Marriott International into giving him a job by illegally acquiring their confidential propietary data. Nemeth, who arguably should be considered for a role in any reality…