With up to 60 million customers affected, the recent security breach at North America’s largest hardware store, The Home Depot, once again proves that even some of the largest retailers have not implemented business processes that ensure the timely detection and communication, if not prevention, of such incidents. This post sheds a light on their dire consequences for consumers and what lawmakers in the U.S. and the E.U. intend to do about it.
Category Andreas Leupold, Comments, English, Europe, European Union, North America, United States · Tagged with compensatory and punitive damages, credit card monitoring services, data breach notification, data breaches, Data Security and Breach Notification Act (United States), data security breaches, European Data Protection Board, European Data Protection Regulation, Federal Trade Commission, fingerprint authentication, FTC, GDPR, incident discovery and reporting, National Institute of Standards and Technology, New Hampshire, NIST, security breaches, technical and organizational measures, technological protection measures, The Home Depot
Posted by anniecbai on June 8, 2013 · 1 Comment
Government data breaches run the gamut, but recently we are hearing about years-old security vulnerabilities that are not discovered by the government agencies themselves, but by outsiders. Plus, a review of the broad numbers regarding U.S. government data breaches of the past four years.
Category Annie C. Bai, Comments, English, North America, United States · Tagged with Adobe ColdFusion, computer security incident, contractor cybersecurity problem, cyber detection, cybersecurity, cybersecurity attacks, data breaches, data loss, data security, data vulnerabilities, database activity monitoring, Department of Homeland Security., employee privacy awareness, employee privacy training, Federal Information Security Management Act of 2002, government data breach, government-held personal information, hacking, hacktivists, National Archives and Records Administration, network protection, personal information, personally identifiable information, phishing, physical security measures, PII, segmentation measures, side-channel attack, Social Security Number, State of Washington, third-party discovery, third-party vulnerability, Transportation Security Administration, TSA, Unisys, United States, Washington State
In a world where a residential fire occurs every 79 seconds, a laptop is stolen every 53 seconds and a hard drive crashes every 15 seconds, citizens are crying out for help. Do not fear, the Backup Battalion is here! Watch how these super-powered information protectors defend the planet from data-munching monsters and cloud-thrashing titans. Interested in joining the team? Then gather your favorite pair of spandex and read on!
Category English, Infographics, North America, Online Backup Geeks, United States · Tagged with backup, backup failure, computer virus, data loss, destruction, hardware failure, human error, Microsoft, NASA, Pixar, software corruption, T-Mobile, theft
Posted by anniecbai on April 26, 2013 · 1 Comment
What is really happening on the ground with data breaches globally? The Verizon “2013 Data Breach Investigations Report” aggregates and analyzes data from over 47,000 data security incidents and 621 confirmed data breaches. Read this summation to acquaint yourself with the Report’s telling details, unexpected correlations and promising strategies for detection and prevention.
Category Annie C. Bai, Central America, English, Europe, European Union, Latin America, News, North America, Outlines, Reports & Surveys, South America · Tagged with attack methods, authentication-based attacks, cyber espionage, data at rest, data attacks, data breach targets, data breaches, data in transit, data security breaches, data security incidents, external parties, external threat, hacking, hacktivism, insider breaches, insiders, internal actors, internal threat, intrusions, IT security, malware, network intrusions, organized crime, outside actors, political espionage, single-factor password, social engineering, state-affiliated action, systemic weaknesses, targeted assets, threat actions, threat actors, threat detection, threat vectors, threatened assets, threats, Verizon, vulnerability
The European Union is working on a revised set of rules for its data protection framework. The concept and principles of “privacy by design” has been incorporated in this draft. We will assess how data masking can be considered an effective data security measure and whether data masking fulfills privacy by design principles. Data masking is not encryption. It is a technique that provides for the replacement of real data with fictitious but realistic data in test environments.
Category Cédric Laurant, English, Europe, European Union, Joseph Santangelo, North America, Notes, United States · Tagged with advanced data masking, anonymization, basic data masking, data anonymization, data breaches, data masking, data protection, data protection by default, data security breaches, de-identification, encryption, EU General Data Protection Regulation, European Data Protection Supervisor, obfuscation, PbD, personal data, privacy by design, privacy professionals, privacy-protective technology, provisioning systems, redaction, scheduling systems, security breaches, sensitive information, technical and organizational measures, United States, US Federal Trade Commission
On April 29, 2010, the Düsseldorfer Kreis, an informal group of German data protection authorities, published a decision that could have significant repercussions on U.S. companies importing personal data from organizations operating in the European Union. One of these repercussions is that German organizations exporting personal data to the United States should check if the U.S. data importer does indeed comply with the Safe Harbor Framework. Security plan recommendations will provide for a useful guideline to E.U. data exporters to help them comply with the Safe Harbor’s Security Principle.
Category Cédric Laurant, Comments, English, EU Law, Europe, European Union, Germany, Marie-Andrée Weiss, North America, United States · Tagged with adequacy requirement, adequate level of data protection, Article 25 (EU DP Dir.), Article 26(2) (EU DP Dir.), Article 29 Data Protection Working Party, Best Buy, Binding corporate rules, Bundesdatenschutzgesetz, co-regulation, contractual clauses, data exporter, data importer, data security breaches, data security plan, Düsseldorfer Kreis, DSW, due diligence, encryption, EU Directive 95/46/EC, European Commission, European data protection authorities, German Federal Data Protection Act, Germany, independent auditing firm, information security, ISO, ISO 27000, loss, misuse, personal data, personally identifying information, privacy policy, RealNetworks, reasonable security measures, Safe Harbor Framework, Safe Harbor Security Principle, Safe Harbor self-certification, Safe Harbor self-certified organizations, self-regulation, sensitive personal information, third countries, transborder data flows, unfair and deceptive practice, US Department of Commerce, US Department of Transportation, US False Statements Act, US Federal Trade Commission, US Food and Drug Administration
Canadian Industry Minister Tony Clement introduced a bill on May 25, the Safeguarding Canadian’s Personal Information Act (C-29), which would amend Canada’s national privacy legislation, the Personal Information and Electronic Documents Act of 1998 (“PIPEDA”). C-29 would introduce a security breach disclosure (also called “notification” in the United States) requirement in PIPEDA. Canada does not yet have such a law, contrary to the United States where the majority of states have enacted data breach notification statutes.
Category Canada, Canadian Law, Cédric Laurant, Comments, English, Marie-Andrée Weiss, North America, Outlines · Tagged with bad publicity, C-29, customer information, damage to reputation, data breach notification statute, data breaches, data security breaches, Facebook, humiliation, identity theft, information system, material breach, online reputation, PIPEDA, potential breaches, preemption, Privacy Commissioner of Canada, profile building companies, public confidence, reputation, search engines, security breach, security breach disclosure, security breach notification, sensitive information, significant harm, social networking sites, systemic problem, TJX, United States
The Home Depot Data Breach
Posted by "Security Breaches" Administrator on September 23, 2014 · Leave a Comment
With up to 60 million customers affected, the recent security breach at North America’s largest hardware store, The Home Depot, once again proves that even some of the largest retailers have not implemented business processes that ensure the timely detection and communication, if not prevention, of such incidents. This post sheds a light on their dire consequences for consumers and what lawmakers in the U.S. and the E.U. intend to do about it.
Rate this:
Category Andreas Leupold, Comments, English, Europe, European Union, North America, United States · Tagged with compensatory and punitive damages, credit card monitoring services, data breach notification, data breaches, Data Security and Breach Notification Act (United States), data security breaches, European Data Protection Board, European Data Protection Regulation, Federal Trade Commission, fingerprint authentication, FTC, GDPR, incident discovery and reporting, National Institute of Standards and Technology, New Hampshire, NIST, security breaches, technical and organizational measures, technological protection measures, The Home Depot