Ingrid Lunden reports: When it comes to data breaches, retailers are one of the biggest targets these days, and today we have some detail on the costs around one of the more high-profile attacks. Target today said that it has booked $162 million in expenses across 2013 and 2014 related to its data breach, in which hackers…
Category: Of Note
National Center for Charitable Statistics Discovers Unauthorized Access to Form 990 and e-Postcard Filing Systems for Nonprofit Organizations
The Urban Institute’s National Center for Charitable Statistics (NCCS) recently discovered that an unauthorized party or parties gained access to the Form 990 Online and e-Postcard filing systems for nonprofit organizations. The intruder or intruders retrieved email addresses, usernames, passwords, first and last names, IP addresses, phone numbers, and addresses and names of nonprofits. This…
Legal liabilities in recent data breach extend far beyond Anthem
Joseph Conn reports: The potential legal liabilities from the unprecedented breach of some 80 million individuals’ records at Indianapolis-based insurance giant Anthem could entangle nearly 60 health insurance plans from Hawaii to Puerto Rico, legal experts say. More than 50 class-action lawsuits related to the breach already have been filed in less than a month. The plans could find…
Financial Industry Regulatory Authority Report on Cybersecurity Practices
via BeSpacific: FINRA Report on Cybersecurity Practices, February 2015 – Executive Summary: Like many organizations in the financial services and other sectors, broker-dealers (firms) are the target of cyberattacks. The frequency and sophistication of these attacks is increasing and individual broker-dealers, and the industry as a whole, must make responding to these threats a high priority….
It may look good, but that data breach report is not necessarily accurate
Two analyses of data breaches in 2014 have been released within the past month. One is Gemalto’s annual Breach Level Index report (pdf), which is based on 1,541 breach reports resulting in 1,023,108,267 breached records. The other is Risk Based Security’s Data Breach Quick View (pdf), which is based on 3,014 incidents exposing 1,068,191,345 records. How can an analysis that…
Say What? Required contents of notice in data breach notifications
Fer O’Neil did some comparisons of state laws on the content of notices. His write-up of what he found is well worth reading. Here’s a snippet from it: The first metric I looked at was the number of states and territories that had some required content of notice. I was a little surprised that 63% (31…