Liz Tay reports: Remedying a data breach costs 40 percent more for businesses that store their data offshore, a study of Australian incidents has found. Conducted by the Ponemon Institute and PGP Corporation, the inaugural Australian Cost of a Data Breach report aimed to quantify the costs associated with public and private sector data breaches….
Category: Commentaries and Analyses
How Identity Theft Is Like the Ford Pinto
Over on Concurring Opinions, Dan Solove describes a new paper by Chris Hoofnagle: Professor James Grimmelmann likes to shop at Kohl’s. So much so that he applied for credit at Kohl’s. And he got it. The problem is that James Grimmelmann didn’t really apply for anything. It was an identity thief. Grimmelmann was a participant…
Chase Isn’t Liable for Assistant’s $1M Fraud
We’ve read about a number of lawsuits where businesses sue their banks for money that was siphoned off in wire transfers without the company being aware of the problem. Here’s a court decision out of the Third Circuit Court of Appeals that may impact some cases down the road and serves as a timely reminder…
Flawed Assumptions in the Albert Gonzalez Case
Evan Schuman of StorefrontBacktalk has a column over on CBS News that points out some of the flaws in lawyers’ arguments revolving around the Albert Gonzalez case, such as arguments that disclosure of retailers’ names would hurt their stock prices. Evan points out what those of us who track breaches know all too well: there…
The DOJ Criminal Division’s Laptop Computer Encryption Program and Practices – Audit Report
From the summary of findings in The Criminal Division’s Laptop Computer Encryption Program and Practices, Audit Report 10-23, March 2010: Criminal Division-Owned Laptop Computers Our review found that of the 40 laptops we tested for encryption software, 10 did not have encryption, and 9 of those 10 did not have Windows passwords enabled. All of…
Reconsidering the retailers’ attempts to keep their identities secret
Over on The Tech Herald, Steve Ragan takes a somewhat more sympathetic view to J.C. Penney than I have generally taken. Steve writes, in part: Most of the media reports are painting the picture that J.C. Penney suffered a breach and did nothing. That isn’t entirely true. The company cooperated fully when asked and it…