databreaches – WindowsTechs.com

Congressional Report on the 2017 Equifax Data Breach

Posted on December 19, 2018 by Bruce Schneier

The US House of Representatives Committee on Oversight and Government Reform has just released a comprehensive report on the 2017 Equifax hack. It’s a great piece of writing, with a detailed timeline, root cause analysis, and lessons learned. Lance Spitzner also commented on this. Here is my testimony before before the House Subcommittee on Digital Commerce and Consumer Protection last… Continue reading Congressional Report on the 2017 Equifax Data Breach→

Deloitte Hacked

Posted on September 29, 2017 by Bruce Schneier

The large accountancy firm Deloitte was hacked, losing client e-mails and files. The hackers had access inside the company’s networks for months. Deloitte is doing its best to downplay the severity of this hack, but Bran Krebs reports that the hack "involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system." So… Continue reading Deloitte Hacked→

Massive Government Data Leak in Sweden

Posted on August 24, 2017 by Bruce Schneier

Seems to be incompetence rather than malice, but a good example of the dangers of blindly trusting the cloud…. Continue reading Massive Government Data Leak in Sweden→

Indiana’s Voter Registration Data Is Frighteningly Insecure

Posted on October 11, 2016 by Bruce Schneier

You can edit anyone’s information you want: The question, boiled down, was haunting: Want to see how easy it would be to get into someone’s voter registration and make changes to it? The offer from Steve Klink — a Lafayette-based public consultant who works mainly with Indiana public school districts — was to use my voter registration record as a… Continue reading Indiana’s Voter Registration Data Is Frighteningly Insecure→

NSA Contractor Arrested for Stealing Classified Information

Posted on October 7, 2016 by Bruce Schneier

The NSA has another contractor who stole classified documents. It’s a weird story: "But more than a month later, the authorities cannot say with certainty whether Mr. Martin leaked the information, passed them on to a third party or whether he simply downloaded them." So maybe a potential leaker. Or a spy. Or just a document collector. My guess is… Continue reading NSA Contractor Arrested for Stealing Classified Information→

The Cost of Cyberattacks Is Less than You Might Think

Posted on September 29, 2016 by Bruce Schneier

Interesting research from Sasha Romanosky at RAND: Abstract: In 2013, the US President signed an executive order designed to help secure the nation’s critical infrastructure from cyberattacks. As part of that order, he directed the National Institute for Standards and Technology (NIST) to develop a framework that would become an authoritative source for information security best practices. Because adoption of… Continue reading The Cost of Cyberattacks Is Less than You Might Think→