Tennessee Updates Law That Required Notification For Encrypted Personal Data Loss.

In 2016, Tennessee created something of a legal furor when it became the first state to require data breach notifications (DBN) even if the lost or stolen data was protected with encryption. Earlier this month, a new law took effect that “clarifies [this] confusion” for companies: they are not required to send DBNs if the […] read more

Israel Introducing Data Breach Notification Law.

It was reported last week that Israel introduced mandatory data security and breach notification requirements into its law books. The law is expected to go into full effect next year. Business of all types – be they global, multinational companies or the barber shop down the street – will be affected by the new regulations. […] read more

Third Circuit Appellate Court Says “OK” To Data Breach Lawsuit.

Recently, the US Court of Appeals for the Third Circuit concluded that “the improper disclosure of one’s personal data in violation of FCRA [Fair Credit Reporting Act] is a cognizable injury for Article III standing purposes.” In other words, people can go to court over data breaches and data breaches alone; there is no need […] read more

Data Breach Reparations: Still Evolving, Consumers Begin To See Glimmers.

According to idtheftcenter.org, the US has seen over 858 data breaches that involved over 29 million records in 2016 (to be more specific, up until November 8). The list of breaches does not include those that go unreported, for obvious reasons, as well as those that weren’t vetted by credible sources like state Attorney General […] read more

Habitat For Humanity Data Breach Affects 5000+ People.

Habitat for Humanity, the charity that builds affordable housing across the globe for the underprivileged, was found to be leaking sensitive information online, according to dailydot.com. Over 400 gigabytes of information – including detailed information on approximately 4,600 people – was left unsecured in the cloud. (More specifically, it was Habitat for Humanity Michigan.) The […] read more

TrueCrypt Users Being Infected With Malware “StrongPity”.

It’s not often than abandoned software makes news, but never say never. Apparently, certain hackers are distributing installers for TrueCrypt and WinRAR – respectively, a discontinued encryption program and a file compression tool – that have been infected with malware called “StrongPity”. The problem for people who are affected by the malware is that the […] read more

Frequent Password Changes Not A Secure Data Security Practice.

According to the Federal Trade Commission’s Chief Technologist, forcing users to frequently change their password can be counterproductive when it comes to fighting data breaches. Mind you, it’s not the frequency itself that leads to security weaknesses. Rather, it’s what happens at the weakest link in most security systems — individual behavior — that leads […] read more

Sharing Passwords is Hacking, Which is a Federal Crime.

The controversies regarding cyberspace just keep burning brightly. In the past couple of weeks, the Ninth Circuit Court of Appeals ruled that the unauthorized sharing and use of passwords can be deemed as hacking, and thus can be a violation of the Computer Fraud and Abuse Act (CFAA). As noted by motherboard.vice.com and others, this […] read more

IRS Hacked, 101K PINs For Electronic Tax Filing Stolen (aka, What’s New?).

According to csoonline.com, the IRS had to block unknown persons or person who was downloading a massive trove of PINs used for electronic tax filing: The attack occurred in January and targeted an IRS Web application that taxpayers use to obtain their so-called Electronic Filing (E-file) PINs. The app requires taxpayer information such as name, […] read more