Larry Walsh writes: What is the most expensive security breach ever? Before you answer, read the rest of this blog (trust me, you’re probably wrong). According to a recent report by the Ponemon Institute, the mean corporate loss to IT security breaches last year was $3.8 million. During the four-week study period, participating companies reported…
Category: Commentaries and Analyses
Data breach demonstrates need for access control policies
Remember the breach reported a few weeks ago when a Freedom of Information request uncovered that a Canada Revenue Agency employee had been mining the database to identity high-wealth individuals that she might recruit as customers for her side business? The individuals whose data were accessed were never notified of the incident because the government…
Credit unions report merchants are biggest source of fraud attempts
David Morrison of Credit Union Times reports some of the key results in a Flash survey conducted by the National Association of Federal Credit Unions (NAFCU) concerning fraud rates and costs credit unions have experienced in the past few years: Credit union’s responding to NAFCU’s monthly Flash survey reported that merchants were the source of…
Yet Another Proposed Federal Data Security and Breach Notification Bill: Senators Rockefeller and Pryor Jump Into the Fray
Tanya Forsheit writes: Many of us have watched over the past few years as dozens of proposed federal data security and breach notification bills have been introduced, often with bipartisan support, but have failed to become law. This year has seen many of the usual proposals. For those of you keeping track, this year’s bills…
Most attacks on federal networks financially motivated
Jill R. Aitoro reports: Most malware attacks against federal agencies are financially motivated, seeking to trick computer users into buying fake security software or providing personal information that can be used to hack into their bank accounts. Although espionage and terrorism often are considered the primary motivations for breaking into government networks, 90 percent of…
How not to address child ID theft
Over on Emergent Chaos, Adam disagrees with ITRC’s proposed Minors 17-10 Database to reduce child identity theft: …. Unfortunately, this idea is totally and subtly broken. Today, the credit agencies don’t get lists from the SSA. This is a good thing. There’s no authorization under law for them to do so. The fact that they’ve…