Brady Dale reports: Another company has been hacked, but this time it’s one that’s working to help creative people support their work and keep the lights on as they do so: Patreon. The company facilitates ongoing, recurring payments to creative people or projects as a way of showing support for what they do. Jack Conte, CEO…
Category: Of Note
Watchdog: Top Secret Service official wanted information about Chaffetz made public
Shades of J. Edgar and dirty politics! I’m classifying this as a privacy breach and also an infosec breach as these data were supposed to be protected. Carol D. Leonnig and Jerry Markon report: The Secret Service’s assistant director urged that unflattering information the agency had in its files about a congressman critical of the service should be made public,…
Trump International Hotel & Tower Las Vegas notifying customers that malware was present in payment card system for more than one year (UPDATE 1)
Norton Rose Fulbright, a law firm representing The Trump Hotel Collection, is sending out notifications to customers who used a payment card at Trump International Hotel & Tower Las Vegas between May 19, 2014, and June 2, 2015. They write: Although an independent forensic investigation has not conclusively determined that any particular customer’s payment card information was taken…
Does the FTC really assess compliance with consent orders? If so, how well?
Add this analysis and commentary by Chris Hoofnagle to your must-read list. Assessing the Assessments When companies settle FTC charges, they often agree to extended periods of oversight by the Agency. The FTC requires companies to be regularly assessed by an outside firm during the oversight period. In my forthcoming book, I argue that this assessment…
The disappointing truth about data privacy and security
Ben Rossi writes: Cloud providers boast compliance to the highest security standards, including state-of-the art physical protection of hosting facilities, electronic surveillance and ISO 27001 certifications, to name a few. While such efforts may sound impressive, in reality they offer absolutely no defence to enterprises seeking a security model that cannot be owned, and provide…
Audit finds inadequate cybersecurity at HealthCare.gov
Ricardo Alonso-Zaldivar of AP reports that an audit by the Inspector General for Health and Human Services found serious security deficiencies in the system used to store data collected via healthcare.gov. The Obama administration said it acted quickly to fix all the problems identified by the Health and Human Services inspector general’s office. But the…