Tennessee Updates Law That Required Notification For Encrypted Personal Data Loss.

In 2016, Tennessee created something of a legal furor when it became the first state to require data breach notifications (DBN) even if the lost or stolen data was protected with encryption. Earlier this month, a new law took effect that “clarifies [this] confusion” for companies: they are not required to send DBNs if the […] read more

New Mexico Now Has A Data Breach Notification Bill.

New Mexico will be the latest US state to add a data breach notification law to its books. Once the bill officially becomes a law, only two states – Alabama and South Dakota – will remain outsiders to the crazy idea that people should be notified if their personal data is hacked. You can read […] read more

WikiLeaks Shows That Encryption Works, Even Against Spooks.

Last week, the world saw another bombshell announcement from WikiLeaks. Per their tweets and resulting confidential data dump, it was readily apparent that the CIA had amassed techniques for breaking into many kinds of digital devices imaginable: smartphones and computers, yes, but also things connected to the internet, like smart TVs (perhaps they’ve looked into […] read more

Data Breach Results In Loss Of $350 Million in Yahoo-Verizon Deal.

Last week, Verizon finally decided to go forward with the acquisition of Yahoo, the perennial would-be comeback internet search and media company. The deal, announced last year, saw an unusual delay when Yahoo revealed that it had been hacked, the largest data breach in history as of then. This was followed a couple of months […] read more

UK Encryption: Royal & Sun Alliance Insurance Fined £150,000 For Stolen Hard Drive.

The UK’s Information Commissioner’s Office (ICO) has fined an insurance company, Royal & Sun Alliance (RSA), a total of £150,000 for the theft of an external storage device with information on nearly 60,000 clients (and credit card details for 20,000 people).   Stolen From a Locked Room Unlike your run-of-the-mill hard drive theft cases, there […] read more

Netherlands Officially Files 5,500 Breach Notifications In 2016.

The Personal Data Protection Authority of the Netherlands (Autoriteit Persoonsgegevens, “AP”) revealed last week that they received nearly 5,500 data breach notifications in 2016, the first year of mandatory data breach notifications for the European country. This contrasts with the 980 data breaches in the same period for the US, compiled by the Identity Theft […] read more

Laptop Encryption: Chesapeake Public Schools Laptop Theft Affects Over 10,000 Employees.

According to a couple of sources, Chesapeake Public Schools in Virginia is notifying employees about a potential data breach. Per their announcement, nearly 11,000 people could be affected by the theft of a laptop computer. It appears that laptop encryption software was not used to protect the contents. Password protection, however, was used. Assuming that […] read more

California Accountants Hacked To File Fraudulent Tax Returns.

Time has shown that all types of businesses are targets for hacking. The big ones, because they have money. The small and medium-sized businesses, because they have money, although less of it than big enterprises. Stories of phishing or hacking into computers that host electronic banking activities have popped up in the news frequently. Here’s […] read more

Data Security: Social Engineering Still More Effective Than Zero-Day Hacks.

According to a security company’s 100 penetration attempts, most organizations succumb to five attacks, none of which involve malware or zero-day flaws. The top five attacks, according to darkreading.com: abuse of weak domain user passwords — used in 66% of Praetorian pen testers’ successful attacks broadcast name resolution poisoning (like WPAD) — 64% local admin […] read more

Longer Passwords Is The Way To Security.

In a continuation to the post from last week, it looks like it’s not only the FTC’s Chief Technologist that is waging war against the periodic renewal of passwords. The National Institute of Science and Technology (NIST) is apparently onboard as well, and they will also be recommending that something be done about password complexity […] read more