OPM (finally) notifies people affected by breach
My notification letter arrived on November 23, 137 days after the public announcement and approximately 200 days after OPM says it discovered the incident.
What’s the harm in inaccurate personal information?
What’s unfortunate about this case is that it in no way addresses very real questions about responsibility for the establishment and maintenance of data integrity.
Hopes for better privacy protection in CISA depend on conference committee reconciliation
Privacy advocates and industry groups oppose the new legislation for many of the same reasons that led to the demise of the Cyber Intelligence Sharing and Protection Act (CISPA), but in the wake of a seemingly unending string of major data breaches and cyber intrusions, it appears likely that Congress will get a bill to the the president for signature.
European Court ruling invalidates Safe Harbor
The ruling is implicitly a declaration that, by permitting access to European citizens’ personal data by the NSA or other government agencies that most certainly do not adhere to core EC privacy principles, the U.S. violates the onward transfer principle and essentially negotiated the safe harbor framework in bad faith.
T-Mobile customers suffer breach because company relied on Experian
The breach highlights the general insufficiency of any corporate security program that fails to carefully consider the risk exposure represented by trusted third parties given access to or custody of sensitive information.
Retiring an email server with sensitive data on it? Learn some lessons from Clinton
Regardless of how well (or poorly) the server was secured while it was operational, the steps taken to secure the data once the server was no longer in use provide a good example of what not to do.
Want to reduce unauthorized login attempts? Use Google Authenticator
If you have a public website, you should know that your site is regularly scanned and otherwise accessed, both by web “crawlers” from Google, Bing, and similar search engines and by individuals or agents with less…
CSO Online Headlines
- Tata Communications partners with Versa Networks on hosted SASE
- Optus breach occurred due to a coding error, alleges ACMA
- Beware PowerShell: Too-helpful users tricked into ‘fixing’ their machines with malware
- 5 biggest risks of using third-party service providers
- US bans Kaspersky Labs over national security concerns
- What is swatting? Criminal harassment falsely involving armed police
- Why the clean source principle is key to a successful zero trust strategy
- Cyber attack hits thousands of US car dealers
- Dutch appellate court rules against Oracle and Salesforce in a GDPR-related cookie case
Dark Reading
- Kaspersky's US Customers Face Tight Deadline Following Govt. Ban
- Abstract Security Announces General Availability of its AI-Powered Data Streaming Platform for Security
- 'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st
- FS-ISAC Announces Appointments to Global Board of Directors
- CISO Corner: Critical Infrastructure Misinformation; France's Atos Bid
- VicOne Solutions for Detection of Zero-Day Vulnerabilities and Contextualized Attack Paths
- Legal Defense Fund Covers Crypto Research
- Multifactor Authentication Is Not Enough to Protect Cloud Data
- Securing Customers' Trust With SOC 2 Type II Compliance