With up to 60 million customers affected, the recent security breach at North America’s largest hardware store, The Home Depot, once again proves that even some of the largest retailers have not implemented business processes that ensure the timely detection and communication, if not prevention, of such incidents. This post sheds a light on their dire consequences for consumers and what lawmakers in the U.S. and the E.U. intend to do about it.
Category Andreas Leupold, Comments, English, Europe, European Union, North America, United States · Tagged with compensatory and punitive damages, credit card monitoring services, data breach notification, data breaches, Data Security and Breach Notification Act (United States), data security breaches, European Data Protection Board, European Data Protection Regulation, Federal Trade Commission, fingerprint authentication, FTC, GDPR, incident discovery and reporting, National Institute of Standards and Technology, New Hampshire, NIST, security breaches, technical and organizational measures, technological protection measures, The Home Depot
As the EU is about to enact a General Data Protection Regulation that will introduce a general obligation to notify personal data breaches for all companies doing business in Europe or directing it towards EU-based customers, we provide the reader with 8 of the most important aspects related to the implementation of this new obligation.
Category Andreas Leupold, Comments, English, EU Law, Europe, European Union, Outlines · Tagged with adverse effect, breach notification process, Chief Information Officer, Chief Privacy Officer, Chief Security Officer, CIO, CPO, CSO, data breaches, data controllers, data processors, data protection authorities, data protection officer, data security breaches, EU Directive 2002/58/EC, EU Directive 2009/136/EC, European Data Protection Board, GDPR, General Data Protection Regulation, incident discovery and reporting system, intelligence agencies, national supervisory authorities, obligation to report, personal data breach, technological protection measures, without undue delay
Posted by HectorGuzmanMx on January 21, 2014 · Leave a Comment
Bajo la legislación mexicana de protección de datos personales, algunas dudas comienzan a emerger en relación con las vulneraciones de seguridad que pueden sufrir los encargados. La normativa vigente regula qué es una vulneración de seguridad y la forma en que los responsables deben actuar ante una. Sin embargo, los encargados no encuentran respuestas inmediatas en relación con sus obligaciones. Analizando la ley y su objeto, este post pretende dar algunas soluciones. (2da parte)
Category Central America, Central American Law, Español, Héctor Guzmán, Latin America, Mexico, Notes · Tagged with brechas de seguridad, datos personales, encargado, fuga de datos, IFAI, Instituto Federal de Acceso a la Información y Protección de Datos, Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México), LFPD, LFPDPPP, México, notificación, notificación de brechas de seguridad, notificación de vulneraciones de seguridad, Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México), responsable, RLFPDPPP, sistemas de información, subcontratado, titulares, violaciones de seguridad, vulneración de datos personales, vulneración de seguridad
Posted by HectorGuzmanMx on January 14, 2014 · Leave a Comment
Bajo la legislación mexicana de protección de datos personales, algunas dudas comienzan a emerger en relación con las vulneraciones de seguridad que pueden sufrir los encargados. La normativa vigente regula lo que es una vulneración de seguridad y la forma en que los responsables deben actuar ante una. Sin embargo, los encargados no encuentran respuestas inmediatas en relación con sus obligaciones. Analizando la ley y su objeto, este post pretende dar algunas soluciones. (1ra parte)
Category Central America, Central American Law, Español, Héctor Guzmán, Latin America, Mexico, Notes · Tagged with brechas de seguridad, datos personales, encargado, Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México), LFPD, LFPDPPP, México, notificación, notificación de brechas de seguridad, notificación de vulneraciones de seguridad, Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México), responsable, RLFPDPPP, sistemas de información, subcontratado, titulares, violaciones de seguridad, vulneración de datos personales, vulneración de seguridad
Posted by Armando Becerra on October 8, 2013 · 4 Comments
On January 14, 2013, the UK Information Commissioner’s Office imposed Sony PlayStation Network a monetary penalty of GBP 250,000 for its serious breach of the UK Data Protection Act – a penalty Sony eventually decided not to appeal in July. The penalty comes after the company was hacked in April 2011, compromising the personal information of millions of its customers. In this article, I highlight why the ICO made a brilliant move and interpretation of the Act.
Category Armando Becerra, Comments, English, Europe, European Union, United Kingdom · Tagged with accountability, data breach, data security breaches, Information Commissioner’s Office, monetary penalty, Sony PlayStation Network, UK Data Protection Act of 1998, vulnerability
Posted by anniecbai on September 22, 2013 · Leave a Comment
Recent massive data breaches lead us to discuss the movement for new thinking, new strategies and new leadership amongst IT security. In the new paradigm, flat-out prevention is no longer the goal. Companies need to pursue nuanced risk-management decisions that protect yet allow them to do business.
Category Annie C. Bai, English, Europe, European Union, Germany, Opinions · Tagged with Anonymous, BYOD, cybersecurity, cyberthreat, data breach, data security, Federal Office for Information Security (Germany), hackers, insider data breach, IT security, OVH, risk management, security breach, spearphishing, Ubuntu, Vodafone, Vodafone Deutschland
Posted by anniecbai on July 8, 2013 · Leave a Comment
Government data breaches are very much a parochial problem in the U.K., causing indignation in widespread locales. In its recently published Annual Report for 2012/13, the Information Commissioner’s Office (ICO) states that data leaks by local authorities are a priority area for the data protection body. The ICO receives both individual complaints and declarations of self-reported data breaches from public and private entities.
Category Annie C. Bai, Comments, English, Europe, European Union, United Kingdom · Tagged with council data breach, data breach self-reporting, data breaches, data leaks, depersonalized data, Excel data breaches, FOI, Freedom of Information, government data breaches, ICO, individual data protection complaints, Information Commissioner’s Office, local authorities, local government, public sector organizations, self-reported data breaches, sensitive personal data, United Kingdom
Posted by anniecbai on June 8, 2013 · 1 Comment
Government data breaches run the gamut, but recently we are hearing about years-old security vulnerabilities that are not discovered by the government agencies themselves, but by outsiders. Plus, a review of the broad numbers regarding U.S. government data breaches of the past four years.
Category Annie C. Bai, Comments, English, North America, United States · Tagged with Adobe ColdFusion, computer security incident, contractor cybersecurity problem, cyber detection, cybersecurity, cybersecurity attacks, data breaches, data loss, data security, data vulnerabilities, database activity monitoring, Department of Homeland Security., employee privacy awareness, employee privacy training, Federal Information Security Management Act of 2002, government data breach, government-held personal information, hacking, hacktivists, National Archives and Records Administration, network protection, personal information, personally identifiable information, phishing, physical security measures, PII, segmentation measures, side-channel attack, Social Security Number, State of Washington, third-party discovery, third-party vulnerability, Transportation Security Administration, TSA, Unisys, United States, Washington State
In a world where a residential fire occurs every 79 seconds, a laptop is stolen every 53 seconds and a hard drive crashes every 15 seconds, citizens are crying out for help. Do not fear, the Backup Battalion is here! Watch how these super-powered information protectors defend the planet from data-munching monsters and cloud-thrashing titans. Interested in joining the team? Then gather your favorite pair of spandex and read on!
Category English, Infographics, North America, Online Backup Geeks, United States · Tagged with backup, backup failure, computer virus, data loss, destruction, hardware failure, human error, Microsoft, NASA, Pixar, software corruption, T-Mobile, theft
Posted by anniecbai on April 26, 2013 · 1 Comment
What is really happening on the ground with data breaches globally? The Verizon “2013 Data Breach Investigations Report” aggregates and analyzes data from over 47,000 data security incidents and 621 confirmed data breaches. Read this summation to acquaint yourself with the Report’s telling details, unexpected correlations and promising strategies for detection and prevention.
Category Annie C. Bai, Central America, English, Europe, European Union, Latin America, News, North America, Outlines, Reports & Surveys, South America · Tagged with attack methods, authentication-based attacks, cyber espionage, data at rest, data attacks, data breach targets, data breaches, data in transit, data security breaches, data security incidents, external parties, external threat, hacking, hacktivism, insider breaches, insiders, internal actors, internal threat, intrusions, IT security, malware, network intrusions, organized crime, outside actors, political espionage, single-factor password, social engineering, state-affiliated action, systemic weaknesses, targeted assets, threat actions, threat actors, threat detection, threat vectors, threatened assets, threats, Verizon, vulnerability
The Home Depot Data Breach
Posted by "Security Breaches" Administrator on September 23, 2014 · Leave a Comment
With up to 60 million customers affected, the recent security breach at North America’s largest hardware store, The Home Depot, once again proves that even some of the largest retailers have not implemented business processes that ensure the timely detection and communication, if not prevention, of such incidents. This post sheds a light on their dire consequences for consumers and what lawmakers in the U.S. and the E.U. intend to do about it.
Rate this:
Category Andreas Leupold, Comments, English, Europe, European Union, North America, United States · Tagged with compensatory and punitive damages, credit card monitoring services, data breach notification, data breaches, Data Security and Breach Notification Act (United States), data security breaches, European Data Protection Board, European Data Protection Regulation, Federal Trade Commission, fingerprint authentication, FTC, GDPR, incident discovery and reporting, National Institute of Standards and Technology, New Hampshire, NIST, security breaches, technical and organizational measures, technological protection measures, The Home Depot