I spend a lot of time criticizing breach notifications, so it’s nice when I can occasionally point to a positive example. Without considering whether the breach could have been prevented, consider this notification letter from Nationwide Insurance, dated November 16: We want to make you aware that a portion of our computer network was criminally…
Category: Of Note
Experian defends security protocols while investigations into its data security grow
It seems that Experian is trying to defend its data security following Jordan Robertson’s report on dozens of breaches involving compromised client logins. Jordan’s report was based on dozens of breach reports compiled by DataLossDB.org and yours truly, who filed a complaint with the FTC about Experian’s breaches back in April. Pat Dulnier reports on Experian’s defense,…
Strategizing the lawsuit against South Carolina
While I was offline, the lawsuit(s?) apparently commenced against South Carolina over their monster data breach. According to Meg Kinnard of Associated Press, however, plaintiffs might receive only a matter of pennies, as the state limits/caps how much a state agency can pay out for a breach, and that cap is $600,000. It may…
What will Congress do now that it knows about numerous breaches involving Experian? And what will the FTC do?
Jordan Robertson of Bloomberg News provides media attention to a problem I’ve noted previously on this blog – that Experian suffers a lot of data breaches* where a client’s login is compromised and misused by unauthorized individuals. His coverage will hopefully inform national conversations about transparency, consumer protection, and breach notification. First is the issue…
Experian Customers Unsafe as Hackers Steal Credit Report Data
Jordan Robertson reports: When hackers broke into computers at Abilene Telco Federal Credit Union last year, they gained access to sensitive financial information on people from far beyond the bank’s home in west-central Texas. The cyberthieves broke into an employee’s computer in September 2011 and stole the password for the bank’s online account with Experian Plc,…
FTC Finalizes Settlements with Two Businesses that Exposed Consumers Sensitive Information Over P2P Networks
From the FTC, a follow-up to a previously-reported action: Following a public comment period, the Federal Trade Commission has accepted as final settlements with two operations it charged with illegally exposing the sensitive personal information of thousands of consumers by allowing peer-to-peer file-sharing software to be installed on their corporate computer systems. Settlements with Utah-based debt…