Latest in data breach
The Justice Department should issue guidance to clarify the line between covering up a data breach and merely declining to disclose it.
Well-timed public notification is a critical component of proper incident response. But mandating premature disclosure is irresponsible and would imperil public-private coordination focused on protecting the nation.
End-to-end encrypted email is generally cumbersome and unintuitive. It’s time to invest in alternatives.
On Monday, Aug. 12, hackers leaked 700 GB of data obtained from the government of Argentina, including confidential documents, wiretaps and biometric information from the Argentine Federal Police, along with the personal data of police officers. The Twitter account of the Argentine Naval Prefecture was hacked as well, and used not only to share links to the stolen information but also to spread fake news about a nonexistent British attack on Argentine ships.
Markets have been slow to adjust to the multidimensional perils of cyber risk.
Last month, the First American Financial Corporation—which provides title insurance for millions of Americans—acknowledged a cybersecurity vulnerability that potentially exposed 885 million private financial records related to mortgage deals to unauthorized viewers. These records might have revealed bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images to such viewers.
Last week, credit reporting outlet Equifax disclosed that they were subject to a massive hack of personally identifiable information that may have compromised the data of as many as 143 million Americans. Unlike many other high-profile data breaches, many of the individuals affected might not have ever used Equifax, viewed or consented to their data retention policies.
Last year, the Republican National Committee hired a firm called Deep Root Analytics to collect voter information. The firm accidentally exposed approximately 198 million personal voter records. This was 1.1 terabytes of personal information that the company left on a cloud server without password protection for two weeks.
On June 21 of this year, victims filed a class action in Florida court against Deep Root Analytics for harm resulting from a data breach.
The Los Angeles Times reports that information concerning 80,000 students across eight Cal State campuses who took a mandatory online course on sexual harassment, which was provided by an outside vendor, was allegedly hacked. According to the report:
As Wells reported Monday, the Third Circuit has issued its decision in Federal Trade Commission v. Wyndham Worldwide Corp. Readers may recall the background of the case. Wyndham was hacked by a Russian criminal gang who stole a host of personally identifiable information maintained by Wyndham for its customers -- everyone, essentially, who ever stayed at the hotel chain.