breach notification – Page 6

New York updates its breach notification law in response to Equifax, GDPR

Posted on July 25, 2019 by Jeff Stone

Businesses throughout the U.S. will now be required to notify New Yorkers as quickly as possible when their information is compromised in a security incident, under a bill that Gov. Andrew Cuomo signed Thursday. The consumer-friendly data protection law updates New York’s current rules to cover biometric data, and forces firms to alert consumers when their email address, combined with the corresponding passwords or security questions and answers, are compromised. The state legislature quietly passed the Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, in June. The law, which takes effect March 2020, requires companies to notify individuals “in the most expedient time possible and without unreasonable delay,” a time period that generally means 30 days, state Sen. Kevin Thomas, who re-introduced the SHIELD Act after it failed to pass in 2017, previously told CyberScoop. If the incident affects more than 500 New York residents, the affected business is required to provide written […]

The post New York updates its breach notification law in response to Equifax, GDPR appeared first on CyberScoop.

Continue reading New York updates its breach notification law in response to Equifax, GDPR→

Millions of Canva users’ data stolen as GnosticPlayers strikes again

Posted on May 28, 2019 by Lisa Vaas

The initial breach notification was topped with marketing fluff: an unfortunate choice, given what could be the resulting glazed eyeballs. Continue reading Millions of Canva users’ data stolen as GnosticPlayers strikes again→

Washington Strengthens Breach Notification Law

Posted on May 9, 2019 by Michelle Anderson

On May 7, 2019, Governor Jay Inslee signed a bill (HB 1071) that strengthens the state’s existing data breach notification law by expanding the definition of “personal information” and reducing the time an entity has to disclose… Continue reading Washington Strengthens Breach Notification Law→

Patient PII exposed in leak of Pennsylvania-based rehab center records

Posted on April 22, 2019 by Sean Lyngaas

A trove of personally identifiable information on patients at an addiction treatment center in Pennsylvania has been left in an insecure database, potentially exposing those people to identity theft. Patient names, their rehab care provider, and specific procedures they received were among the information sitting in a database that didn’t require authentication for someone to access, according to Justin Paine, the security researcher who made the discovery. Taking a tiny sample size of the nearly 5 million rows of data that he found, Paine roughly estimated that over 146,000 unique patients could be affected by the data leak. He emphasized, however, that it is “entirely possible” that the sample was not representative of the full dataset. “I only sampled the 5,000 rows of data,” Paine told CyberScoop in an email. “I didn’t want to go digging through the sensitive data any further than I needed to.” Paine came across the […]

The post Patient PII exposed in leak of Pennsylvania-based rehab center records appeared first on CyberScoop.

Continue reading Patient PII exposed in leak of Pennsylvania-based rehab center records→

Inspector general finds deficiencies in how FBI tells companies they’ve been breached

Posted on April 1, 2019 by Jeff Stone

The FBI needs to shore up its internal processes for notifying the victims of cyberattacks, according to a U.S. Justice Department inspector general’s report published Monday. There are issues with the quality and completeness of the data stored in the FBI’s Cyber Guardian system — a tool for disseminating notifications after security breaches — reports Inspector General Michael E. Horowitz. Many FBI agents tasked with responding to cybercrimes improperly handle the work associated with indexing the victims in the bureau’s system, a problem that could make it more difficult for hacked organizations to recover, according to the report. “During this audit, we visited six FBI field offices and discussed the victim notification process with cyber squad Special Agents and supervisory Special Agents,” the report said. “In our discussions, we found that 29 of 31 field agents we interviewed do not use the ‘Victim Notification’ lead type when setting leads for victim notification. Five of […]

The post Inspector general finds deficiencies in how FBI tells companies they’ve been breached appeared first on CyberScoop.

Continue reading Inspector general finds deficiencies in how FBI tells companies they’ve been breached→

We take security seriously and other trite statements

Posted on April 1, 2019 by Kevin Johnson

Earlier this week, Secure Ideas sent an initial notification regarding an incident targeting us that took place at a vendor. The initial notification email is available at: https://training.secureideas.com/newsletter/aom-incident-notification/).We prom… Continue reading We take security seriously and other trite statements→

Toyota data breach affects up to 3.1 million customers

Posted on March 30, 2019 by Sean Lyngaas

Automotive maker Toyota said Friday that a data breach had hit its sales offices in Japan, exposing information on up to 3.1 million customers. The breach affected Toyota Tokyo Sales Holding Inc. and its affiliated enterprises, and possibly three other independent dealers in Japan, according to Toyota Motor Corp.’s statement, which described “unauthorized access” to the company’s network. “We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group,” the statement said. It was the second cybersecurity incident affecting Toyota in as many months. In February, Toyota’s Australia branch announced it had been “the victim of an attempted cyberattack.” The company’s security woes come in the wake of reports that a Vietnamese hacking group, APT32, had last month launched a spearphishing campaign against multinational car companies. The Southeast Asian country is trying to develop its domestic car industry, and data stolen by […]

The post Toyota data breach affects up to 3.1 million customers appeared first on CyberScoop.

Continue reading Toyota data breach affects up to 3.1 million customers→

Lawmakers want data on the number of times Senate computers have been hacked

Posted on March 13, 2019 by Sean Lyngaas

The Senate should have an annual tally of when its computers and smartphones have been breached in order to better inform congressional cybersecurity policy, a pair of bipartisan senators says in a letter sent Wednesday to the Senate Sergeant at Arms. Describing Congress as a perennial target for hackers, Sens. Tom Cotton, R-Arkansas, and Ron Wyden, D-Oregon, have asked the Senate Sergeant at Arms (SAA) to be transparent in providing lawmakers with information about the scale of successful hacks of Senate devices, including smartphones. They want annual reports sent to each senator with aggregate data on compromises of computers and other breaches of sensitive Senate data. The senators also asked the SAA to notify the Senate leadership, along with members of the rules and intelligence committees, within five days of breaches to Senate computers being discovered. Right now, lawmakers appear to be in the dark on the issue. “We believe […]

The post Lawmakers want data on the number of times Senate computers have been hacked appeared first on CyberScoop.

Continue reading Lawmakers want data on the number of times Senate computers have been hacked→

Discover replaces customer cards following breach at unidentified outside entity

Posted on January 29, 2019 by Zaid Shoorbajee

Some Discover Card users are receiving new payment cards in the mail after a data breach exposed financial information, according to two customer notices submitted to the California attorney general’s office. Discover Financial Services said the breach did not involve its own systems. While the company doesn’t elaborate in the customer notices, a spokesman told CyberScoop it was taking action because of a breach that orignated with a service the company declined to identify. “We are prohibited from naming the merchant, and I can tell you only that the number is small,” Jon Drummond, Discover’s director of media relations, said via email. “It is not something that we ever report.” “This incident was the result of a merchant data compromise, and not the result of any action by Discover or an intrusion of our customer information systems. We re-issued cards out of an abundance of caution for our cardholders,” he said. The two breach […]

The post Discover replaces customer cards following breach at unidentified outside entity appeared first on CyberScoop.

Continue reading Discover replaces customer cards following breach at unidentified outside entity→

Has that website been pwned? Firefox Monitor will tell you

Posted on November 19, 2018 by John E Dunn

Firefox Monitor, a breach notification website launched by Mozilla in September, can now deliver alerts from inside the Firefox browser. Continue reading Has that website been pwned? Firefox Monitor will tell you→