George Nott has a good summary of some of the key findings in Verizon’s newest Data Breach Investigations Report. Some snippets: This year’s report – described by Verizon as an “InfoSec coddiwomple that has now culminated in a decade of nefarious deeds and malicious mayhem” – includes analysis on 42,068 incidents and 1,935 breaches from…
AU: Privacy breach costs $23,000 – but could have been worse
Alison Baker and Rhiannon Nixon of Hall & Wilcox write: The Office of the Australian Information Commissioner (OAIC) has ordered Comcare to pay a Defence Force employee $23,000 after it inadvertently published on its website personal information, including sensitive health information, about the employee. For organisations with obligations under the Privacy Act 1988 (Cth), this…
Ars Technica Live: Why it’s important to defend hackers, even the not nice ones
Cyrus Farivar reports: On June 13, 2017, Mark Jaffe is set to appear before the 9th US Circuit Court of Appeals in San Francisco to argue on behalf of his client, journalist Matthew Keys. And at the most recent Ars Live event, Jaffe spoke to David Kravets and me about this case and broader issues…
Info on Home Depot customers exposed (but no financial data)
Michael E. Kanell reports: A spread sheet listing about 8,000 customers, along with their transaction and a range of personal information, was posted for an unknown amount of time, on a Home Depot web site. No financial data was part of the list, which did not compare with the 2014 data breach in which hackers…
UK: Privacy breach at Gloucestershire County Council exposed medical information online
When hacktivist @ElSurveillance recently tweeted that 14 government sites had the same vulnerabilities, including MYSQL, Cross Site Script, etc., someone responded that councils were generally not considered “government.” DataBreaches.net had – and will continue to – consider them “government” entities, as local government is still government. And in this site’s experience, council breaches can involve sensitive information,…
Federal Trade Commission Plans to Clarify its Data Security Standard
Weiss Nusraty writes: The Federal Trade Commission (FTC) has announced that it is launching a new initiative to improve data security guidance and transparency as part of a broader plan to implement process reform initiatives. In an interview with Politico Pro (subscription required) last week, the new acting director of the FTC’s Bureau of Consumer…