Meena Harris writes: Earlier this week, U.S. District Court Judge Esther Salas directed the Federal Trade Commission (“FTC”) and Wyndham Hotels and Resorts to seek mediation to resolve their landmark dispute over whether the FTC has the authority to regulate companies’ data-security practices. As we’ve previously reported, the FTC alleged that Wyndham violated Section 5…
Category: Of Note
Data Breach QuickView Released – First Nine Months Of 2014
RiskBased Security reports: We have been so busy here at Risk Based Security recently that we neglected to release our latest Data Breach QuickView report to the public last month! The report already shows that 2014 is the highest year ever for exposed records. The 1,922 incidents reported during the first nine months of 2014 exposed over…
Attack reveals 81 percent of Tor users but admins call for calm
Darren Pauli reports: The Tor project has urged calm after new research found 81 percent of users could be identified using Cisco’s NetFlow tool. A research effort led by professor Sambuddah Chakravarty from the Indraprastha Institute of Information Technology in Delhi found that well-resourced attackers such as a nation-state could effectively reveal Tor users’ identity…
Retailers are skirting data security issue, NAFCU, trades tell Congress
The National Association of Federal Credit Unions writes: Retailer groups’ data security arguments are “inaccurate and misleading” given their members “are not covered by any federal laws or regulations that require them to protect data and notify consumers when it is breached,” NAFCU and six other financial trades told House and Senate leaders Wednesday. “National…
FTC Alleges Debt Brokers Illegally Exposed Personal Information of Tens of Thousands of Consumers on the Internet
Here’s the FTC’s press release on an enforcement action I had noted on this blog when it originally reported by Courthouse News: At the request of the Federal Trade Commission, a federal court has ordered two debt sellers that posted the sensitive personal information of more than 70,000 consumers online to notify the consumers and…
AU: Asylum seeker privacy breach due to copy and paste – OAIC. Okay, but where’s the breach mitigation?
In February, we learned of a horrific privacy breach involving almost 10,000 asylum seekers. This breach is on my personal Top 10 Worst Breaches of 2014 because of the risk of harm to those exposed. A detention file created by Australia’s Department of Immigration and Border Protection (DIBP) accidentally exposed detainees’ personal details and was subsequently downloaded in about 16…