If you purchased lingerie or other items from Phoenix-based Yandy.com, you may be getting a breach notification. Yandy reports that they became aware of the breach on August 18, and it involved customers’ names, postal and email addresses, card numbers, expiration dates, and CVV codes. Although the notification letter, signed only by “The Yandy Team,” does…
NCQA spots – and stops – ecommerce breach quickly
How quickly can your organization detect and stop a breach? It looks like the National Committee for Quality Assurance (NCQA) caught one pretty quickly, as it only affected customers making online purchases on September 3 between 2 am and 10 am. They called those affected, and by September 5, were sending out letters to those…
INFORMATION SECURITY: Agencies Need to Improve Oversight of Contractor Controls
From a newly released GAO report: Although the six federal agencies that GAO reviewed (the Departments of Energy (DOE), Homeland Security (DHS), State, and Transportation (DOT), the Environmental Protection Agency (EPA) and the Office of Personnel Management (OPM)) generally established security and privacy requirements and planned for assessments to determine the effectiveness of contractor implementation…
PERSONNEL SECURITY CLEARANCES: Additional Guidance and Oversight Needed at DHS and DOD to Ensure Consistent Application of Revocation Process
From a newly released GAO report: The Department of Homeland Security (DHS) and the Department of Defense (DOD) both have systems that track varying levels of detail related to revocations of employees’ security clearances. DHS’s and DOD’s data systems could provide data on the number of and reasons for revocations, but they could not provide…
AU: OAIC data breach guidelines emphasise importance of notification
David Braue writes: Notification of data breaches should be one of the four key steps organisations undertake in response to any detected breach, new guidelines from the Office of the Australian Information Commissioner (OAIC) recommend. The new guidelines – recently published in the OAIC’s Data Breach Notification Guide – are designed to help companies comply with the…
Tech Firms Ask Congress to Redefine Medical Privacy Rules
Kerry Young reports: Tech firms, including Amazon.com Inc., are asking Congress to redefine the rules on medical privacy, saying the potential risks of disclosure should be weighed again against the potential benefits of wider sharing and easier access to crucial health data. Executives of tech companies and health organizations have told the House Energy and…