Tu-Uyen Tran reports that an audit conducted in the wake of NDUS’s breach earlier this year found major problems that went far beyond the few employees who were eventually fired: An email a stranger sent to the North Dakota University System’s computer security officer on the morning of Feb. 7 was the first sign that…
Category: Of Note
Cytta Reports Online Hacking of their Nevada Secretary of State Officer and Director Data
Cytta Corp. (OTCQB: CYCA) wishes to report that it was the victim of an online hacking incident on October 30th, 2014 in that, unauthorized person or persons accessed the Nevada Secretary of State Corporate filing system known as “Silverflume” and surreptitiously altered the Officer and Director information contained therein. This Corporate information is the backbone of numerous very important systems including banking, regulatory and reporting throughout the US. The unauthorized person or…
Should the FTC Be Regulating Privacy and Data Security?
Daniel Solove and Woodrow Hartzog write: This past Tuesday the Federal Trade Commission (FTC) filed a complaint against AT&T for allegedly throttling the Internet of its customers even though they paid for unlimited data plans. This complaint was surprising for many, who thought the Federal Communications Commission (FCC) was the agency that handled such telecommunications issues. Is…
Firms at serious risk of data loss through file sharing and unintended exposure
Everything old is new again? Warwick Ashford reports: Businesses are at serious risk of data loss and compliance violations due to risky file-sharing practices, a study by the Ponemon Institute has revealed. Business leaders are failing to respond to the escalating risk of ungoverned file sharing and regular breaches of security policies by staff, according to the study commissioned…
Drupal warns unless you patched within seven hours, you’re hacked
Chris Duckett reports: Drupal’s security team has released a “public service announcement” calling upon all users of the Drupal content management framework to consider their sites as compromised, and to start afresh, unless their sites were patched against the SQL injection attack revealed two weeks ago within seven hours of the announcement of the vulnerability. “You should…
Quebec court rules in lost personal data case: no fraud, no theft, no class action
Prachi Shah of Clyde & Co. provides an update on litigation stemming from a lost device case previously noted on this blog: Paul Sofio v. OCRCVM (IIROC), 2014 QCCS 4061 (under appeal) – The Quebec Superior Court refuses to authorize a class action where the loss of personal data did not result in fraud or identity…