All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010
via Final phase of Mass. data protection law kicks in March 1.
On 17 January 2012, The New York Times revealed that Facebook plans to name five men as being involved in the Koobface gang. As a result of the announcement, we have decided to publish the following research, which explains how we uncovered the same names.
via The Koobface malware gang – exposed! | Naked Security.
The PHR Model Privacy Notice is designed to be a standardized template that a web-based PHR company can use to succinctly inform consumers about its privacy and security policies.
via HealthIT.hhs.gov: PHR Model Privacy Notice.
A man who pleaded guilty on April 4 to one count of wire fraud and one count of aggravated identity theft was sentenced last week in U.S. District Court in Alexandria, Va. to 14 years in prison.
via Online ID thief sentenced to 14 years – SC Magazine US.
Most importantly, the new law PDF available here, courtesy Information Law Group states that notification must be direct. Yes, it can be electronic, but it must provide a way for the notified party to follow up with questions, and give that person a point of contact who represents the company. The company contact must be accessible through toll-free telephone, not just e-mail.
via California: Consumers Must Be Notified Directly of Data Breaches.
Data breaches, including those originating inside and outside of the organization, continue to affect companies at an alarming rate. Nearly half a billion electronic records in the United States have been compromised over the last six years
via Nearly Half a Billion Electronic Records in the U.S. Have Been Compromised.
Security company McAfee released its second quarter threat report today and the language in it is quite frank, “the security industry may need to reconsider some of its fundamental assumptions, including ‘Are we really protecting users and companies?’”
via McAfee to Security Industry: “Are We Really Protecting Users and Companies?”.
Another week, another data breach at a major university. This week it’s Yale, which announced Friday that the names and Social Security numbers of 43,000 people affiliated with the university had been publicly viewable on Google for the past 10 months.
via Data breach hits Yale University – Technology & science – Security – msnbc.com.
Boston: Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
via Biggest-ever series of cyber attacks uncovered – Tech News – IBNLive.
The 25 most used passwords? seinfeld, password, winner, 123456, purple, sweeps, contest, princess, maggie, 9452, peanut, shadow, ginger, michael, buster, sunshine, tigger, cookie, george, summer, taylor, bosco, abc123, ashley, bailey
via Analysis of passwords in Sony security breach.
