Scathing Government Report Concludes 2017 Equifax Breach Entirely Preventable.

This week, the US government published a report on the massive data breach Equifax experienced last year.  The overall conclusion shared by the House Oversight and Government Reform Committee is that the data breach – the largest one todate in US history and the foreseeable future – was entirely preventable.  However, as one reads through […] read more

HIPAA Notifications Are Now Within 30 Days Since Breach If You’re In Colorado.

According to bizjournals.com, any HIPAA-covered entities that do business in Colorado will now have 30 days to notify Coloradans (or Coloradoans, if you prefer) of a data breach involving personal information, and not the customary 60 calendar days under HIPAA. The reason? A bill on data security that went into effect in September. As usual, […] read more

Equifax Already Had a Data Breach Before It Was Hacked In 2017.

According to wsj.com (paywalled), Equifax had already suffered a data breach before the data breach that made the company famous around the world. In 2015, two years before the hack that started with a bang and ended with less than a whimper, “Chinese spies” made off with “thousands of pages of proprietary information” that includes […] read more

FBI Director Says Legislation Possibly A Way Into Encrypted Devices.

Last week, FBI Director Christopher Wray said that legislation may be one option for tackling the problem of “criminals going dark,” a term that refers to law enforcement’s inability to access suspects’ data on encrypted devices. The implication is that, in the interest of justice and national security, the FBI will press for a law […] read more

Yahoo Penalized £250,000 By UK Information Commissioner’s Office.

It was reported this week that the United Kingdom’s Information Commissioner – the person whose department is in charge of upholding the nation’s data privacy laws – has penalized Yahoo! UK Services Limited with the amount of £250,000. The penalty is in response to the global data breach Yahoo experienced, and hid, for over two […] read more

FBI Inflated Encrypted Smartphone Count.

Over a number of years, the FBI kept making the case for an encryption backdoor to smartphones. Of course, because “encryption backdoor” is a charged term, they said that they didn’t need a backdoor per se, just a (secret) reliable way to get into encrypted devices when they obtained a warrant. This twisting of words […] read more

Yahoo (ie, Altaba) Settles Two Lawsuits Tied To Huge Data Breach.

Last week, Yahoo (now reborn as Altaba after Verizon’s acquisition) announced a settlement with the SEC over misleading investors regarding the biggest data breach in known history. The crime: not revealing it in a timely manner. It was one of the many lawsuits the company is fighting currently as a result of the data breach. […] read more

Florida Government Hard Drives Stolen For Games.

Many, if not most, data security professionals will tell you that you should run a risk assessment and accordingly develop your plans for securing information, sensitive or otherwise. Then there are others who will counsel that one should secure as much as possible: obviously protect what represents a high risk situation, but never discount the […] read more

Australia’s Notifiable Data Breaches Law Nets 31 Reports In 3 Weeks.

A new Australian law appears to be succeeding in finally unveiling the current state of data breaches in the Land Down Under. According to a release by the country’s information commissioner’s office (the OAIC), thirty-one data breaches were reported to the government since the law took effect on February 22, 2018.   Notifiable Data Breach […] read more