OPM (finally) notifies people affected by breach
My notification letter arrived on November 23, 137 days after the public announcement and approximately 200 days after OPM says it discovered the incident.
My notification letter arrived on November 23, 137 days after the public announcement and approximately 200 days after OPM says it discovered the incident.
What’s unfortunate about this case is that it in no way addresses very real questions about responsibility for the establishment and maintenance of data integrity.
Privacy advocates and industry groups oppose the new legislation for many of the same reasons that led to the demise of the Cyber Intelligence Sharing and Protection Act (CISPA), but in the wake of a seemingly unending string of major data breaches and cyber intrusions, it appears likely that Congress will get a bill to the the president for signature.
The ruling is implicitly a declaration that, by permitting access to European citizens’ personal data by the NSA or other government agencies that most certainly do not adhere to core EC privacy principles, the U.S. violates the onward transfer principle and essentially negotiated the safe harbor framework in bad faith.
The breach highlights the general insufficiency of any corporate security program that fails to carefully consider the risk exposure represented by trusted third parties given access to or custody of sensitive information.
Regardless of how well (or poorly) the server was secured while it was operational, the steps taken to secure the data once the server was no longer in use provide a good example of what not to do.
If you have a public website, you should know that your site is regularly scanned and otherwise accessed, both by web “crawlers” from Google, Bing, and similar search engines and by individuals or agents with less…