Chris Williams reports: Dell says it will publish a guide to remove the web security backdoor it installed in its Windows laptops and desktop PCs. This confirms what we all know by now – that Dell was selling computers with a rather embarrassing hole it in their defenses. New models from the XPS, Precision and…
Category: Of Note
LabMD ruling should be a wake-up call for FTC data security enforcement
For another informed perspective on the impact of the initial decision in FTC v. LabMD, I’d strongly encourage this site’s readers to read Gus Hurwitz’s thought-provoking analysis and commentary on TechPolicyDaily.com. Here’s a snippet: … Judge Chappell had none of the FTC’s argument. “The term ‘likely’,” he tells us, “does not mean that something is merely…
New York Department of Financial Services Previews Rigorous Cybersecurity Rules for Financial Sector
H. Deen Kaplan, Harriet Pearson, Timothy Tobin, and Stephanie Handler write: On November 9, 2015, Anthony Albanese, Acting Superintendent of the New York State Department of Financial Services (NYDFS), issued a letter to a wide array of federal and state financial services regulators that are part of the Financial and Banking Information Infrastructure Committee (FBIIC)….
Starwood Hotels & Resorts reports payment card information breach at 54 properties
Austen Hufford reports: A data breach at Starwood Hotels & Resorts Worldwide Inc. exposed payment card information for some of its North American hotels, the latest cybersecurity incident to sting a U.S. company. Read more on WSJ. A list of the 54 properties affected and the dates of compromise are provided here (pdf). In some…
FTC v. LabMD ruling issued: FTC loses data security enforcement case (Update2)
In a data security enforcement action that some have characterized as a modern version of David vs. Goliath, David won today, and the FTC lost. It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating…
FBI alerts Owensboro Health to Breach at Muhlenberg Hospital; Breach Began in January, 2012
The breach in question may have begun in January, 2012, years before OH Muhlenberg acquired Muhlenberg Community Hospital, but it potentially impacted all patients, all payment guarantors, employees and some credentialed providers after that date and before OH Muhlenberg learned of the breach and contained it. This incident does not yet appear on HHS’s public…