As if we needed another reason to disclose breaches in a timely fashion: Some nuclear workers are really upset that the Office of Workers’ Compensation Programs didn’t inform them of the Impairment Resources breach. It seems that they first learned about it from a recent post on this blog. Yeah, that’s no way to find…
Category: Commentaries and Analyses
MA: Property Management Firm to Pay $15,000 in Civil Penalties Following Data Breach – But Why?
A follow-up to a breach reported on this blog (but not in the mainstream media) in November 2011: A property management firm will pay $15,000 in civil penalties following the theft of a laptop containing the personal information of over 600 Massachusetts residents, Attorney General Martha Coakley announced today. “It is incredibly important that businesses…
Why ‘data breach’ isn’t a dirty word anymore
Elinor Mills has a round-up of quotes from multiple sources that all suggest that having a data breach generally isn’t fatal to a business – although there are, of course, exceptions. Not surprisingly, my favorite quote is from Adam Shostack: “The reason we’re struggling as an industry is that we cover up the failures,” said…
Pointer: Verizon DBIR 2012
The Verizon report is out. You can download it here. More after I have a chance to read it and round up some analyses/comments. Right off the top, I can see that their findings are more consistent (but somewhat more extreme, perhaps) than what we find in DataLossDB.org, and significantly different than what Ponemon and…
Good news for breached entities: it won’t cost you as much and customers are less likely to leave – Ponemon study
The new Ponemon study, 2011 Cost of a Data Breach Study has some interesting findings. From the executive summary: The cost of a data breach declined. For the first time in seven years, both the organizational cost of data breach and the cost per lost or stolen record have declined. The organizational cost has declined from…
Theft of location info: Revision of law necessary to protect privacy
From an editorial in The Korea Times: Subcontractors of two mobile carriers sold location information of 200,000 customers. The theft shows a deep hole in the protection of location information, and is a grave infringement of the privacy of subscribers. Police arrested engineers working for SK Telecom and KT for stealing and selling location information,…