Thanks to partisan politics and intensive industry lobbying, we have no strong federal breach notification law. This, of course, is not news to my readers. But in light of (1) Congress’s current interest in cybersecurity and sharing of information, (2) the fact that up to 40% of breaches are first detected by members of the…
Category: Of Note
Follow-up: Former law firm employee sentenced to 13 years in prison for role in ID theft/tax refund fraud ring
Jay Weaver provides an update with additional details on a breach involving Rodney St. Fleur, an employee of a Miami law firm who misused his access to LexisNexis database searches to steal over 20,000 individuals’ information for a tax refund fraud scheme. Weaver reports that in court, St. Fleur admitted that he had stolen the…
What can we learn from a statistic that 1 in 4 recipients of breach notification letters become victims of ID fraud?
I haven’t read the new Javelin Strategy & Research report because it’s pricey, but their press release on it contains some of its key findings. Of note: … nearly 1 in 4 data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging. If 1 in…
Magistrate Recommends Dismissal with Prejudice of Claims Against Global Payments
Craig Hoffman writes: Global Payments, which processes credit card transactions, announced on March 30, 2012 that an unauthorized person gained access to a portion of its processing system. Global Payments later disclosed that Track 2 data (card number, expiration date, verification code but not cardholder name or address) of 1.5 million cardholders were taken. Three…
Looking back at 2012 Data Breaches: RBS and OSF release QuickView report
Risk Based Security and the Open Security Foundation released a report this morning, Data Breach QuickView: An Executive’s Guide to Data Breach Trends in 2012. The report summarizes some of the major statistics for 2012, based on analysis of the incidents compiled in OSF’s DataLossDB. As most readers know by now, I am involved in…
EU proposes new cybercrime reporting rules
BBC reports: Over 40,000 firms, including energy providers, banks and hospitals could be required to report cyber-break-ins under new rules proposed by the EU. It is part of a move to intensify global efforts to fight cybercrime. Digital agenda commissioner Neelie Kroes said that Europe needed to improve how it dealt with cybersecurity. But firms…