An investigation by the House Oversight and Government Reform Committee into the massive Office of Personnel Management (OPM) breach confirms that it was OPM who first discovered the breach, and not a contractor during the course of demonstrating its product days later. According to documents reviewed by the committee and described in a May 26 letter from Ranking Member Elijah Cummings, Brendan Saulsbury, an…
FTC Staff Provides Comment on FCC’s Proposed Privacy Rulemaking
The staff of the Federal Trade Commission’s Bureau of Consumer Protection filed a comment today with the Federal Communications Commission regarding the FCC’s proposed privacy rulemaking for broadband internet access service providers. In the comment, staff outlines the FTC’s extensive history of privacy enforcement, policy initiatives, and consumer and business education, and it commends the FCC for…
Hackers Claim to Have a Stunning 427 Million Myspace Passwords
Lorenzo Franceschi-Bicchierai reports: There’s an oft-repeated adage in the world of cybersecurity: There are two types of companies, those that have been hacked, and those that don’t yet know they have been hacked. MySpace, the social media behemoth that was, is apparently in the second category. The same hacker who was selling the data of more…
CFAA overreach: FBI raids home of security researcher
From the stop-me-if-you’ve-heard-this-one-before dept: Over on Daily Dot this morning, I reported that the FBI executed a search warrant at the home of researcher Justin Shafer. Shafer’s name will be familiar to regular readers of DataBreaches.net because he exposed a long-standing security vulnerability in Dentrix software and challenged Henry Schein’s claims that their product provided “encryption.” Our combined efforts resulted in…
NI Prison Service: data breach ‘not serious security threat’
Vincent Kearney reports: A data breach involving the personal details of hundreds of Northern Ireland Prison Service employees has been described as “a major embarrassment”. However, the BBC understands it is not being treated as a major security breach. A junior employee at the Department of Justice sent a spreadsheet with names and dates of…
Heads Up Internet: Time to Kill Another Dangerous CFAA Bill
Jamie Williams writes: The Computer Fraud and Abuse Act (CFAA), the federal “anti-hacking” statute, is long overdue for reform. The 1986 law—which was prompted in part by fear generated by the 1983 technothriller WarGames—is vague, draconian, and notoriously out of touch with how we use computers today. Unfortunately, Sens. Sheldon Whitehouse and Lindsey Graham are on a mission…