Information Security and Privacy Controls Over the Airmen Medical Support Systems Federal Aviation Administration Report Number: FI-2010-060 Date Issued: June 18, 2010 From Results in Brief: The names, addresses, Social Security numbers, medical data, and other PII of airmen are not properly secured to prevent unauthorized access and use. We found serious security lapses in…
Category: Commentaries and Analyses
Update: CNET retracts article on Android app privacy threat
Ed Burnette reports: When a company writes a white paper they send out a press release to get as many news sites as possible to mention the report in their own stories. This strategy worked all too well on Tuesday when security firm SMobile Systems published a scary sounding report about Android apps. […] It…
NY: Glenville personal data exposed
Lauren Stanforth reports: The town did not protect sensitive personal information when it used employee Social Security numbers on unsecured time sheets and unnecessarily kept credit card information of those who paid traffic fines, according to a state comptroller’s audit released Tuesday. The audit, which reviewed practices from January 2008 to March 2009, found that…
One in five Android apps exposes private data -updated
Emma Woollacott writes: Nearly ten thousand Android applications give third party apps access to private or sensitive information, says a report from SMobile Systems. One in five of the 48,000 apps available grants a third party application access to private or sensitive information that an attacker could use for malicious purposes, such as identity theft,…
SSA teleworkers may be putting personal data at risk, IG says
# Alice Lipowicz reports: While teleworking is improving morale at the Social Security Administration, it also may be exposing individuals’ personal information to unauthorized disclosure via employees’ computers, according to a new report from the SSA Office of Inspector General. […] “We [have] determined [that] Office of Disability Adjudication and Review practices may have exposed claimant data…
Insurers Deny Coverage for Breach Notice Costs (and why companies should consider cyber insurance coverage and why brokers should offer it)
David Navetta comments on the litigation involving the University of Utah, Perpetual Storage, and Colorado Casualty Insurance Co. You may wish for a scorecard to keep all the players straight: It was recently reported that an insurance carrier (Colorado Casualty Insurance Co.) denied coverage (and filed a lawsuit) for the $3.3 million in costs the…