China allegedly behind Marriott data breach

(Dec 12, 2018) U.S. officials believe the hackers behind the Marriott data breach may work for China’s Ministry of State Security, The New York Times reports. American intelligence agencies have not reached a final conclusion about who conducted the cyberattack; however, cybersecurity firms brought in to examine the damage found computer code used previously by Chinese actors. Chinese Ministry of Foreign Affairs Spokesman Geng Shuang denied the country’s involvement in the attack. “China firmly opposes all for... Read More

Pichai backs federal US privacy law at House hearing

(Dec 12, 2018) Google CEO Sundar Pichai testified in front of the U.S. House Judiciary Committee on the tech company’s data practices, Yahoo reports. Pichai contested a statement from Judiciary Chairman Rep. Bob Goodlatte, R-Va., that Google is not transparent about the data it collects from its users. When asked by Rep. Eric Swalwell, D-Calif., about the potential federal U.S. privacy law, Pichai said he is in favor of such legislation. “Congressman, I’m of the opinion that we are better off with more of an o... Read More

Web con: 'Canada's Data Breach Notification Law Update'

(Dec 12, 2018) On Nov. 1, Canada's new data breach notification requirements under the federal Personal Information Protection and Electronic Documents Act went into effect. Organizations are required to notify the Office of the Privacy Commissioner of Canada, affected individuals and other organizations whenever personal information is compromised and whether data subjects are at risk. Listen to this web conference as nNovation Partner Shaun Brown gives an overview of the new breach notification requirements,... Read More

Software update results in Google+ data breach affecting 52M users

(Dec 11, 2018) Ahead of CEO Sundar Pichai’s testimony in front of the U.S. House Judiciary Committee, Google revealed Google+ had another data breach, The Washington Post reports. A software update allowed third-party app developers to access the information of 52 million users without their consent for six days in November. The data included names, email addresses, occupations and ages. Google Vice President of Product Management for G Suite David Thacker wrote in a blog post the tech company discovered no ev... Read More

House Oversight reports reveal bipartisan divide over Equifax breach

(Dec 11, 2018) Republicans and Democrats on the U.S. House Oversight and Government Reform Committee released conflicting reports on the Equifax data breach, The Washington Post reports. The Republican report outlined the security measures at the center of the breach and called for a study of the Federal Trade Commission’s current regulatory powers and government cooperation with the private sector rather than mandates. Democrats seek new laws to raise financial penalties for data breaches and more powers for ... Read More

Hospital suffers payment breach impacting 48K individuals

(Dec 11, 2018) While noting that payment-related breaches are not common in the health care sector, BankInfoSecurity reports that in September, a Texas hospital notified federal regulators of a credit card–processing system hack that may have impacted nearly 48,000 individuals. Wiley Rein's Kirk Nahra, CIPP/US, explained that under the Health Insurance Portability and Accountability Act, payment-related security incidents qualify as reportable breaches since some of the exposed identifiers are considered prote... Read More

Congressional report says Equifax breach was 'preventable'

(Dec 10, 2018) The U.S. House Oversight Committee released a report Monday on last year's data breach of Equifax, saying the incident was "entirely preventable" and that the company mishandled its response, according to Politico. "Equifax failed to fully appreciate and mitigate its cybersecurity risks," the Congressional report states. Two factors led to the breach: The company's structure allowed gaps between IT policy development and operations, and the company grew too fast, creating a series of legacy syst... Read More

Amazon fires employees for illicit user data access

(Dec 10, 2018) Amazon has fired several employees in the U.S. and India for inappropriate access to user data, The Wall Street Journal reports. Amazon investigated its employees earlier this year for allegedly taking bribes from merchants in exchange for user data. In addition to the termination of those employees, Amazon has deleted thousands of questionable reviews and restricted sellers’ access to customer data. “If bad actors abuse our systems, we take swift action, including terminating their selling acco... Read More

Health care industry continues to be inundated with cyberattacks

(Dec 7, 2018) The news of recent attacks only work to support the fact that phishing and ransomware attacks continue to inundate the health care sector, BankInfoSecurity reports. Rebecca Herold, CIPP/US, CIPM, CIPT, FIP, president of Simbus and CEO of The Privacy Professor consultancy, said attacks will keep happening as long as they continue to be lucrative for criminals. She added, "With more pathways being created through new types of technologies and endpoints, there will be more targets for ransomware at... Read More

Study: Canada's data breach rule may hurt SMBs

(Dec 7, 2018) A study from commercial insurer Aon examined the effects Canada’s new data breach notification law could have on small- and medium-sized businesses, the Canadian Underwriter reports. The study states those businesses may have to pay “crippling compliance costs,” as well as monitor the actions of third parties. “For organizations without appropriate cyber liability cover in place, responding to such a breach could be financially crippling,” the study finds. Aon recommends any small- or medium-siz... Read More