Equifax Hack Affects 143 Million SSNs.

Equifax, one of the three largest credit reporting agencies in the US, announced yesterday that they have been hacked. The leaked information includes full names, SSNs, birth dates, and addresses, among other data. It’s not the biggest hack to date – that dubious honor goes to Yahoo, which claimed 1 billion users and 500 million […] read more

NIST Guy Who Came Up With Hair-Tearing Password Requirements Says He’s Sorry.

The “NIST midlevel manager” who came up with the crazy password requirements – well, technically, recommendations. You know, must include special characters, uppercase and lower case letters, alphanumeric – says that he’s sorry and that “much of what [he] did [he] now regret[s].” As the Wall Street Journal explains, Bill Burr was a manager at […] read more

Australia Looking To Compel Electronic Message Decryption.

Last week, Reuters and other sources reported that the Australian government has proposed laws that would compel companies to provide access to encrypted information. Obviously, asking for such data is conditional upon taking all the proper legal steps.   A Growing Demand Governments the world over have been clamoring for access to encrypted data for […] read more

UK ICO to SMEs: Data Protection Laws Apply to You.

The United Kingdom’s Information Commissioner’s Office (ICO) has slapped Boomerang Video Ltd. (BV), a company that rents out video games, with a £60,000 fine. The monetary penalty is the result of a 2014 data breach in which personal details of 26,000 people were stolen. The fine deserves another look because BV’s data breach was the […] read more

EU Proposes End-to-End Encryption and Other Security Measures.

Last week, the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs released a draft proposal that would require the use of end-to-end encryption. It would also strike legal attempts to force backdoors in encryption software or weaken the security of services given by communications providers. Amendment 36 Service providers who offer electronic communications […] read more

Louisville Hall of Justice Computer Stolen And Recovered, Hard Drive Still Missing.

There are reports out of Kentucky that a computer being used at the Louisville Hall of Justice has been stolen. The notable thing about this story, however, is that the computer was eventually recovered. Even more notable: the recovered computer was missing its hard drive. This small fact can be interpreted in many ways, but […] read more

Global Malware Emergency Shows Why Backdoors Are Dangerous.

The big data security news this week is, of course, the WannaCry ransomware situation that reared its head last Friday, continued to grow over the weekend, and threatened to really become something had it not been for a serendipity: a kill-switch, possibly a mistake, baked into the malware. Many organizations and traditional news outlets have […] read more

Tennessee Updates Law That Required Notification For Encrypted Personal Data Loss.

In 2016, Tennessee created something of a legal furor when it became the first state to require data breach notifications (DBN) even if the lost or stolen data was protected with encryption. Earlier this month, a new law took effect that “clarifies [this] confusion” for companies: they are not required to send DBNs if the […] read more

New Mexico Now Has A Data Breach Notification Bill.

New Mexico will be the latest US state to add a data breach notification law to its books. Once the bill officially becomes a law, only two states – Alabama and South Dakota – will remain outsiders to the crazy idea that people should be notified if their personal data is hacked. You can read […] read more

WikiLeaks Shows That Encryption Works, Even Against Spooks.

Last week, the world saw another bombshell announcement from WikiLeaks. Per their tweets and resulting confidential data dump, it was readily apparent that the CIA had amassed techniques for breaking into many kinds of digital devices imaginable: smartphones and computers, yes, but also things connected to the internet, like smart TVs (perhaps they’ve looked into […] read more