As I’ve noted before, the Vendini breach, reported previously on this blog, appears to fairly large, but has generally flown under national mainstream media attention. Instead, I see bits and pieces in local media or on organizations’ web sites as entities report that their patrons or members were affected (cf, reports involving Purple Rose Theatre,…
Category: Of Note
Attorney General Kamala D. Harris Releases Report on Data Breaches Reported to State in 2012
I love it when states publicly post the data breach notifications they receive, but California’s Attorney General Kamala Harris just raised the bar for other states by actually analyzing and reporting on the breaches involving California residents. From California’s Attorney her press release: Attorney General Kamala D. Harris today released the first report detailing the…
UK: ICO fines Glasgow City Council £150K
The Information Commissioner’s Office (ICO) has issued Glasgow City Council with a monetary penalty of £150,000 following the loss of two unencrypted laptops, one of which contained the personal information of 20,143 people. The serious breach of the Data Protection Act comes after the council was previously issued with an enforcement notice three years ago, following a…
FDIC: 2011 FIS Breach Worse Than Reported
More fascinating reporting by Brian Krebs: A 2011 hacker break-in at banking industry behemoth Fidelity National Information Services (FIS) was far more extensive and serious than the company disclosed in public reports, banking regulators warned FIS customers last month. The disclosure highlights a shocking lack of basic security protections throughout one of the nation’s largest…
FTC Fires Back In Lawsuit Against Wyndham
Brent Kendall reports: The Federal Trade Commission is offering a strong defense of its powers to police cybersecurity practices against a challenge by Wyndham Worldwide Corp. We wrote about Wyndham’s challenge earlier this month in a case involving attacks by hackers on the hotel chain’s computer systems between 2008 and 2010. The FTC sued Wyndham last year…
Who – if anyone – is responsible for notifying victims of some breaches?
I’ve blogged a number of times about how although law enforcement may uncover breaches or data theft, the victims often do not get notified in a timely fashion – if at all. Here are just a few scenarios where no one may notify people whose data have been stolen: Law enforcement discovers a handwritten list…