The Information Commissioner’s Office (ICO) has issued Glasgow City Council with a monetary penalty of £150,000 following the loss of two unencrypted laptops, one of which contained the personal information of 20,143 people. The serious breach of the Data Protection Act comes after the council was previously issued with an enforcement notice three years ago, following a…
Category: Of Note
FDIC: 2011 FIS Breach Worse Than Reported
More fascinating reporting by Brian Krebs: A 2011 hacker break-in at banking industry behemoth Fidelity National Information Services (FIS) was far more extensive and serious than the company disclosed in public reports, banking regulators warned FIS customers last month. The disclosure highlights a shocking lack of basic security protections throughout one of the nation’s largest…
FTC Fires Back In Lawsuit Against Wyndham
Brent Kendall reports: The Federal Trade Commission is offering a strong defense of its powers to police cybersecurity practices against a challenge by Wyndham Worldwide Corp. We wrote about Wyndham’s challenge earlier this month in a case involving attacks by hackers on the hotel chain’s computer systems between 2008 and 2010. The FTC sued Wyndham last year…
Who – if anyone – is responsible for notifying victims of some breaches?
I’ve blogged a number of times about how although law enforcement may uncover breaches or data theft, the victims often do not get notified in a timely fashion – if at all. Here are just a few scenarios where no one may notify people whose data have been stolen: Law enforcement discovers a handwritten list…
Lessons from EDRM/FERC/Enron Data Privacy Breaches (updated)
Thanks to Joe Howie of BeyondRecognition.net for alerting me to what appears to be a very long-running, inadequately remedied breach that has exposed – and may be continuing to expose – the Social Security numbers and other personal information of thousands of people. I am posting this with some hesitation, as the data may still…
Amendment to PA data breach notification statute passes, requires notification within 7 days of discovery
By a vote of 49-0, the Pennsylvania Senate passed Senate Bill 114, amending the state’s data breach notification law. Section 1. Section 3 of the act of December 22, 2005 (P.L.474, No.94), known as the Breach of Personal Information Notification Act, is amended by adding subsections to read: Section 3. Notification of breach. (a.1) Notification…