Kristin J. Mathews writes: In a draft research paper titled “Empirical Analysis of Data Breach Litigation”, three prominent scholars have collected and analyzed a sample of over 230 federal data breach lawsuits in order to deduce just what makes them tick. Romanosky, Hoffman and Acquisti examined, for example, what factual and legal characteristics made a company more likely to be…
Category: Of Note
Senate in search of consensus on data breach notification law may try a backdoor approach
Tony Romm writes: Congress failed to pass a new federal law last year requiring the litany of companies affected by data breaches — from gaming giant Sony to shoe e-tailer Zappos — to notify consumers. But now some lawmakers believe they have a new route for passage: the Senate’s upcoming cybersecurity reform bill. Read more…
Data breach? Blame your third party’s remote access systems
Ellen Messmer reports: An in-depth study of data-breach problems last year where hackers infiltrated 312 businesses to grab gobs of mainly customer payment-card information found the primary way they got in was through third-party vendor remote-access applications or VPN for systems maintenance. “The majority of our analysis of data-breach investigations — 76% — revealed that the third-party responsible for…
Law enforcement targeted by hackers
There have been a number of law enforcement-related web sites hacked since last June. Some of those hacks — like those involving the Arizona Department of Public Safety, BART, International Association of Chiefs of Police, Boston Police Patrolmen’s Association, Baldwin County Sheriff’s office in Alabama, Coalition of Law Enforcement and Retail (C.L.E.A.R.), the California Statewide Law…
SLC Police Department hack: hackers delete their own files after reiterating pledge not to expose residents’ personal info
Hacktivism raises all kinds of ethical issues. In an unusual move, hackers responsible for the hack of the Salt Lake City Police Department have deleted their copies of some of the files they had acquired from the PD’s web site. In announcing the hack on Tuesday, the hackers known as Kahuna and CabinCr3w indicated that…
NYSEG and RG&E Notify Customers of Unauthorized Access to Customer Data
From NYSEG: New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E), subsidiaries of Iberdrola USA, today began sending precautionary notifications to customers advising them of unauthorized access to customer data. This situation involves an employee at an independent software development consulting firm (contracted by NYSEG and RG&E) who allowed unauthorized access…