UK ICO to SMEs: Data Protection Laws Apply to You.

The United Kingdom’s Information Commissioner’s Office (ICO) has slapped Boomerang Video Ltd. (BV), a company that rents out video games, with a £60,000 fine. The monetary penalty is the result of a 2014 data breach in which personal details of 26,000 people were stolen. The fine deserves another look because BV’s data breach was the […] read more

Tennessee Updates Law That Required Notification For Encrypted Personal Data Loss.

In 2016, Tennessee created something of a legal furor when it became the first state to require data breach notifications (DBN) even if the lost or stolen data was protected with encryption. Earlier this month, a new law took effect that “clarifies [this] confusion” for companies: they are not required to send DBNs if the […] read more

Australia Finally Gets A Data Breach Notification Law.

The Land Down Under is finally getting a data breach notification law. This should come as a surprise to many since (a) many would have assumed that Australia already has one and (b) it’s 2017 – unless you’re a war-ravaged country, chances you have a breach notification law. Because that’s how bad things are on […] read more

Cloud Services: Will It Be There When You Need It?.

How much should you (or can you) trust the cloud to be there when you need it? Last week, the top US internet sites went dark, on and off, for a couple of hours or so due to a historically unprecedented denial of service attack (DDoS). Over the past week, we’ve learnt that the assault […] read more

California Accountants Hacked To File Fraudulent Tax Returns.

Time has shown that all types of businesses are targets for hacking. The big ones, because they have money. The small and medium-sized businesses, because they have money, although less of it than big enterprises. Stories of phishing or hacking into computers that host electronic banking activities have popped up in the news frequently. Here’s […] read more

Yahoo: 2 Years Late In Announcing Data Breach, Decided Not To Improve Security.

Yahoo is full of surprises as of late. Just last week, the company revealed that they had a massive data breach in 2014 – a situation made more scandalous because it was the media, not the company responsible, that spilled the beans. The scandal then grew larger when it was revealed that Yahoo had been […] read more

Another Site Leaks Plaintext Passwords, Runs Afoul of COPPA.

The site arstechnica.com is reporting that i-Dressup not only experienced a data breach – over 2.2 million affected – but has been slow as molasses in responding to Ars’s emails that they have been hacked or, more importantly, fixing the vulnerability that lead to the security failure. Perhaps we shouldn’t be surprised, merely exasperated, that […] read more

Ashley Madison Passwords Easy To Crack After All.

Ah, Ashley Madison.  Even as one tries to move away from it to other issues, new problems surface like toxic malaise at a swamp: fraudulent $19 data scrubbings, men being conned by bots, some of the weakest passwords known to mankind securing their servers, an ex-CTO who supposedly hacked the competition…  Michael Corleone, I get […] read more

Password Security: Ashley Madison Patrons Had Terrible Passwords.

Last week, motherboard.com reported that 4000 cracked passwords belonging to Ashley Madison customers were “awful,” security-wise.  The site went on to conclude that: It’s understandable for users to be frustrated with Ashley Madison for failing to protect their data. But when customers are choosing passwords that could probably just be guessed, they need to take […] read more