UK Encryption: Royal & Sun Alliance Insurance Fined £150,000 For Stolen Hard Drive.

The UK’s Information Commissioner’s Office (ICO) has fined an insurance company, Royal & Sun Alliance (RSA), a total of £150,000 for the theft of an external storage device with information on nearly 60,000 clients (and credit card details for 20,000 people).   Stolen From a Locked Room Unlike your run-of-the-mill hard drive theft cases, there […] read more

Netherlands Officially Files 5,500 Breach Notifications In 2016.

The Personal Data Protection Authority of the Netherlands (Autoriteit Persoonsgegevens, “AP”) revealed last week that they received nearly 5,500 data breach notifications in 2016, the first year of mandatory data breach notifications for the European country. This contrasts with the 980 data breaches in the same period for the US, compiled by the Identity Theft […] read more

Laptop Encryption: Chesapeake Public Schools Laptop Theft Affects Over 10,000 Employees.

According to a couple of sources, Chesapeake Public Schools in Virginia is notifying employees about a potential data breach. Per their announcement, nearly 11,000 people could be affected by the theft of a laptop computer. It appears that laptop encryption software was not used to protect the contents. Password protection, however, was used. Assuming that […] read more

California Accountants Hacked To File Fraudulent Tax Returns.

Time has shown that all types of businesses are targets for hacking. The big ones, because they have money. The small and medium-sized businesses, because they have money, although less of it than big enterprises. Stories of phishing or hacking into computers that host electronic banking activities have popped up in the news frequently. Here’s […] read more

Data Security: Social Engineering Still More Effective Than Zero-Day Hacks.

According to a security company’s 100 penetration attempts, most organizations succumb to five attacks, none of which involve malware or zero-day flaws. The top five attacks, according to darkreading.com: abuse of weak domain user passwords — used in 66% of Praetorian pen testers’ successful attacks broadcast name resolution poisoning (like WPAD) — 64% local admin […] read more

Longer Passwords Is The Way To Security.

In a continuation to the post from last week, it looks like it’s not only the FTC’s Chief Technologist that is waging war against the periodic renewal of passwords. The National Institute of Science and Technology (NIST) is apparently onboard as well, and they will also be recommending that something be done about password complexity […] read more

Manhattan DA Asks Apple and Google To Roll Back – Not Weaken – Encryption (Kinda the Same Thing, Mister).

It’s just like a lawyer to sing a differen tune to confuse the issue. Last week, Manhattan District Attorney Cyrus Vance Jr. spoke at the International Conference on Cyber Security (all quotes from tomsguide.com): [He] said that law enforcement officials did not need an encryption “backdoor,” sidestepping a concern of computer-security experts and device makers […] read more

Sharing Passwords is Hacking, Which is a Federal Crime.

The controversies regarding cyberspace just keep burning brightly. In the past couple of weeks, the Ninth Circuit Court of Appeals ruled that the unauthorized sharing and use of passwords can be deemed as hacking, and thus can be a violation of the Computer Fraud and Abuse Act (CFAA). As noted by motherboard.vice.com and others, this […] read more

US Court Opines General Warrants A-OK for Computer Data.

Arstechnica.com reported about a week ago that the 2nd US Circuit Court of Appeals ruled that “All your disk image are belong to us.” Per the article, 12 out of 13 judges in New York agreed that the government did not violate the Fourth Amendment when it searched through non-responsive data that was collected as […] read more