DataGuidance reports: The Italian Data Protection Authority (Garante) issued, on 26 November 2014, its general resolution on biometrics (‘the Resolution’), which includes a new 24-hour data breach notification obligation. The requirement was introduced a means of balancing the new simplified rules on authorisation for use of biometrics which will no longer require the Garante’s prior…
Category: Of Note
Data Security Auditor May be Drawn Into Data Breach Class Action for Failing to Identify Vulnerabilities
DrinkerBiddle reports a development in Storm v. Paytime, Inc., No. 14-cv-01138-JEJ (M.D. Pa.): In August, Paytime, Inc., a payroll services company, moved to dismiss a putative class action filed in the wake of a data breach in which the personal and financial information of more than 230,000 people was compromised. Paytime argued that the plaintiffs lack standing, have failed to plead…
Regin: Top-tier espionage tool enables stealthy surveillance
Symantec reports: An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities…
FTC and Wyndham to Mediate Dispute Over FTC Data-Security Authority
Meena Harris writes: Earlier this week, U.S. District Court Judge Esther Salas directed the Federal Trade Commission (“FTC”) and Wyndham Hotels and Resorts to seek mediation to resolve their landmark dispute over whether the FTC has the authority to regulate companies’ data-security practices. As we’ve previously reported, the FTC alleged that Wyndham violated Section 5…
Data Breach QuickView Released – First Nine Months Of 2014
RiskBased Security reports: We have been so busy here at Risk Based Security recently that we neglected to release our latest Data Breach QuickView report to the public last month! The report already shows that 2014 is the highest year ever for exposed records. The 1,922 incidents reported during the first nine months of 2014 exposed over…
Attack reveals 81 percent of Tor users but admins call for calm
Darren Pauli reports: The Tor project has urged calm after new research found 81 percent of users could be identified using Cisco’s NetFlow tool. A research effort led by professor Sambuddah Chakravarty from the Indraprastha Institute of Information Technology in Delhi found that well-resourced attackers such as a nation-state could effectively reveal Tor users’ identity…