Interactive Map of Breach-Notification Status European member states are in the process of adopting laws and regulations that require businesses operating in their countries to notify government agencies and affected individuals when they experience breaches of personal data. Even as the EU Directive on Data Protection is being reviewed and might be replaced by a…
Category: Of Note
Hacking Exposed 78% Of All Records Compromised In First Half Of 2014
RiskBased Security reports: We are pleased to release our Data Breach QuickView report that shows that 2014 is on pace to replace 2013 as the highest year on record for exposed records, and the recently reported exposure of 1.2 billion email addresses and user names has not been included. The 1331 incidents reported during the first half…
FTC Settlement Requires Fandango and Credit Karma to Establish Comprehensive Security Programs to Protect Consumers’ Sensitive Personal Information
Meena Harris writes: The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information. The FTC specifically alleged that, although the companies made security promises to consumers that their…
CHS Hacked via Heartbleed Vulnerability
From TrustedSec: As many of you may have already been aware, a breach at Community Health Systems (CHS) affecting an estimated 4.5 million patients was recently revealed. TrustedSec obtained the first details on how the breach occured and new information relating to this breach. The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability…
Comptroller DiNapoli: Schools Must Do More to Limit Access to Sensitive Student Databases
Yes, it’s as bad as I’ve been saying for years. Now if they will just audit the NYC Department of Education, too. Employees in six upstate New York school districts had inappropriate computer access to sensitive student data and were able to change student grades and attendance records without proper authorization, according to an audit released today…
IE: Dirty tricks at centre of credit union snooping
Niall O’Connor reports on a major case of social engineering: Sensitive personal data, including addresses and job details, was handed over by the Department of Social Protection after just one phone call from private investigators pretending to be State officials. The underhand tactics used to extract confidential information from a leading State agency is revealed…