FBI Director Says Legislation Possibly A Way Into Encrypted Devices.

Last week, FBI Director Christopher Wray said that legislation may be one option for tackling the problem of “criminals going dark,” a term that refers to law enforcement’s inability to access suspects’ data on encrypted devices. The implication is that, in the interest of justice and national security, the FBI will press for a law […] read more

Florida Government Hard Drives Stolen For Games.

Many, if not most, data security professionals will tell you that you should run a risk assessment and accordingly develop your plans for securing information, sensitive or otherwise. Then there are others who will counsel that one should secure as much as possible: obviously protect what represents a high risk situation, but never discount the […] read more

Fresno State Hard Drive Stolen, 15000 Affected.

At least 15,000 California State University, Fresno “student athletes, sports-camp attendees, and Athletic Corporation employees” were affected by a data breach earlier in the year, according to kmph.com and other news sites. A hard drive, 18 laptops, and other items were reported missing on January 12 from the university’s North Gym building. On the face […] read more

Coca-Cola Laptop Theft Lawsuit From 2014 Still Ongoing.

Over at bna.com, Bloomberg Law reminds us that there are a number of “legal battles over workplace cybersecurity being waged” in the USA. For example, ENSLIN v. THE COCA-COLA COMPANY ET AL, which has been ongoing since 2014. The breach was covered here and here previously, and the short version is: A Coca-Cola employee stole […] read more

Penn Medicine Sending Breach Notifications To 1000 Patients Over Stolen Laptop.

Penn Medicine has revealed this past week that a laptop computer with protected health information (PHI) was stolen on November 30. While the details are meager (aside from a short entry at philly.com, which is referenced by databreaches.net, an online search comes up empty), the following was revealed: About 1000 people were affected. The laptop […] read more

UK ICO to SMEs: Data Protection Laws Apply to You.

The United Kingdom’s Information Commissioner’s Office (ICO) has slapped Boomerang Video Ltd. (BV), a company that rents out video games, with a £60,000 fine. The monetary penalty is the result of a 2014 data breach in which personal details of 26,000 people were stolen. The fine deserves another look because BV’s data breach was the […] read more

Louisville Hall of Justice Computer Stolen And Recovered, Hard Drive Still Missing.

There are reports out of Kentucky that a computer being used at the Louisville Hall of Justice has been stolen. The notable thing about this story, however, is that the computer was eventually recovered. Even more notable: the recovered computer was missing its hard drive. This small fact can be interpreted in many ways, but […] read more

Tennessee Updates Law That Required Notification For Encrypted Personal Data Loss.

In 2016, Tennessee created something of a legal furor when it became the first state to require data breach notifications (DBN) even if the lost or stolen data was protected with encryption. Earlier this month, a new law took effect that “clarifies [this] confusion” for companies: they are not required to send DBNs if the […] read more

WikiLeaks Shows That Encryption Works, Even Against Spooks.

Last week, the world saw another bombshell announcement from WikiLeaks. Per their tweets and resulting confidential data dump, it was readily apparent that the CIA had amassed techniques for breaking into many kinds of digital devices imaginable: smartphones and computers, yes, but also things connected to the internet, like smart TVs (perhaps they’ve looked into […] read more