More fascinating reporting by Brian Krebs: A 2011 hacker break-in at banking industry behemoth Fidelity National Information Services (FIS) was far more extensive and serious than the company disclosed in public reports, banking regulators warned FIS customers last month. The disclosure highlights a shocking lack of basic security protections throughout one of the nation’s largest…
Category: Of Note
FTC Fires Back In Lawsuit Against Wyndham
Brent Kendall reports: The Federal Trade Commission is offering a strong defense of its powers to police cybersecurity practices against a challenge by Wyndham Worldwide Corp. We wrote about Wyndham’s challenge earlier this month in a case involving attacks by hackers on the hotel chain’s computer systems between 2008 and 2010. The FTC sued Wyndham last year…
Who – if anyone – is responsible for notifying victims of some breaches?
I’ve blogged a number of times about how although law enforcement may uncover breaches or data theft, the victims often do not get notified in a timely fashion – if at all. Here are just a few scenarios where no one may notify people whose data have been stolen: Law enforcement discovers a handwritten list…
Lessons from EDRM/FERC/Enron Data Privacy Breaches (updated)
Thanks to Joe Howie of BeyondRecognition.net for alerting me to what appears to be a very long-running, inadequately remedied breach that has exposed – and may be continuing to expose – the Social Security numbers and other personal information of thousands of people. I am posting this with some hesitation, as the data may still…
Amendment to PA data breach notification statute passes, requires notification within 7 days of discovery
By a vote of 49-0, the Pennsylvania Senate passed Senate Bill 114, amending the state’s data breach notification law. Section 1. Section 3 of the act of December 22, 2005 (P.L.474, No.94), known as the Breach of Personal Information Notification Act, is amended by adding subsections to read: Section 3. Notification of breach. (a.1) Notification…
LivingSocial Hacked — More Than 50 Million Customer Names, Emails, Birthdates and Encrypted Passwords Accessed (Internal Memo)
Update: Double-WOW. Their breach notice is already up on the California Attorney General’s web site. According to their submission to the state, the breach occurred on April 5 and was discovered on April 12. Original post follows: Wow. AllThingsD.com is reporting: LivingSocial, the daily deals site owned in part by Amazon, has suffered a massive…