Trends in State Cybersecurity Laws & Legislation

(Mar 24, 2017) This slide deck from Pam Greenberg, CIPP/US, of the National Conference of State Legislatures offers an overview of state laws relating to cybersecurity, including maps showing what states have data disposal laws, data security laws, and more.View Deck (PDF 795K)... Read More

Hackers claim to have breached iCloud, seek ransom payment from Apple

(Mar 23, 2017) Hackers claimed to have breached Apple’s iCloud platform and are threatening to wipe out compromised user accounts if they are not paid a ransom. The group of hackers, calling themselves the “Turkish Crime Family,” are asking Apple for either $75,000 in bitcoin, or $100,000 in iTunes gift cards, Motherboard reports. The hackers said they will either reset some of the iCloud accounts, or will wipe victims’ devices remotely if Apple does not pay by April 7. "There have not been any breaches in any... Read More

House Oversight Committee grills FBI over facial recognition

(Mar 22, 2017) The House Oversight Committee held a two-hour hearing Wednesday exploring privacy and security issues around the deployment and use of facial recognition technology. Though the panel featured witnesses from government, industry, and civil society, much of the discussion turned on the Federal Bureau of Investigation's use of and access to nearly 412 million face images from various databases and its apparent difference of opinion with a Government Accountability Office report that was critical of... Read More

New York suffered a 60-percent increase in data breaches last year

(Mar 22, 2017) The office of New York State Attorney General Eric T. Schneiderman released a rundown of the data breaches the state suffered in 2016, TechCrunch reports. While the amount of major breaches was down to only two, the total number of overall data breaches increased by 60 percent. Hacking made up the majority of the breaches at 40 percent, while employee negligence was the second highest cause at 37 percent. “In 2016, New Yorkers were the victims of one of the highest data exposure rates in our sta... Read More

Op-ed: Unsecured data's best defense? User behavior analytics

(Mar 22, 2017) In a column for Network World, Michelle Drolet contends that user behavior analytics could serve as a tool for diminishing the time between when a breach of unsecured data occurs and when a company discovers it. User behavior analytics looks to pinpoint what defines "normal activity" at a company, then uses that information as a measurement against outlying behaviors. "The focus is firmly on users, and suspicious behavior is flagged so that the IT security team can investigate," the report state... Read More

Neiman Marcus agrees to pay $1.6M to settle 2013 lawsuit

(Mar 21, 2017) Dallas-based retailer Neiman Marcus agreed to pay $1.6 million to settle a data breach class action stemming from a December 2013 cyberattack where the credit card information of 350,000 customers was exposed, The Dallas Morning News reports. The settlement class is made up of U.S. citizens who used a credit or debit card at any Neiman Marcus store between July 16, 2013 and Jan. 10, 2014. Court documents indicate there are 640,000 settlement class members. The case was initially terminated by U.... Read More

Is it an incident or a breach? How to tell, and why it matters

(Mar 20, 2017) In today’s threat-filled world, sensitive customer information is constantly at risk for exposure. Cyberattacks, ransomware, spear phishing, malware, system and process failure, employee mistakes, lost or stolen devices — the list of dangers continues to expand. Indeed, it’s a near certainty that your organization’s customer data will be, or already has been, exposed. But how do you classify such an event? Is it a security incident? A privacy incident? A data breach? Does it even matter what it’... Read More

Thousands of Saks Fifth Avenue web customers breached

(Mar 20, 2017) A data breach compromised the personal information of tens of thousands of Saks Fifth Avenue customers, BuzzFeed News reports. Unencrypted, openly accessible web pages on the company’s website contained the records of customers who signed up for waitlists to buy products. The compromised information included email addresses, product codes, phone numbers, and even some IP addresses. The cause of the breach has yet to be determined, but a spokesperson for Hudson's Bay Company, the organization tha... Read More

US government cybersecurity provider hit with W-2 spear phishing attack

(Mar 20, 2017) The CEO of Defense Point Security George McKenzie sent out an email to employees after their W-2 tax data was compromised in a spear phishing attack, KrebsOnSecurity reports. The company, billing itself as “the choice provider of cyber security services to the federal government,” said the attack affected both current and former employees. The W-2 data included names, Social Security numbers, addresses, compensation and tax withholding amounts. McKenzie’s email did not state when the attack took... Read More

FAFSA tax tool suspended; IRS cites security concerns

(Mar 17, 2017) The IRS has temporarily taken down a tool that simplifies the tax data input of the Free Application for Federal Student Aid form, due to concerns that it could be hacked, NPR reports. The agency called the move a "precautionary step." The Obama administration-approved tool is widely credited with increasing FAFSA application rates, and its suspension without notice right around the form's deadline has sparked serious concern, the report states. "Imagine what it would feel like if, on April 1st,... Read More