All Data Breaches articles
-
ArticleUber CSO ruling fallout: Individual liability extends to data breach response
The case of the Uber chief security officer found guilty by a jury on two felonies for covering up a data breach and misleading federal regulators opens up another potential individual liability issue executives handling cyber incidents face, according to legal experts.
-
ArticleFTC seeks to expand authority on data breaches, commercial surveillance
The Federal Trade Commission is seeking comment on potential rules that would penalize companies that suffer data breaches due to lax cybersecurity protocols and punish firms that engage in abusive commercial surveillance practices.
-
ArticleSEC proposes companies report cybersecurity incidents within four days
Public companies would have to report material cybersecurity incidents no later than four business days after they occur if a rule proposed by the Securities and Exchange Commission takes effect.
-
ArticleCEO: T-Mobile ‘humbled’ by data breach, taking steps to prevent future attacks
T-Mobile CEO Mike Sievert lamented the recent breach of company servers that led to a hacker stealing the personal information of nearly 55 million customers, but said the company is “fully committed to take our security efforts to the next level.”
-
ResourceWhite paper: Achieving Compliance with TPRM Regulatory and Framework Requirements
Measuring compliance against third-party risk management requirements is complex and time consuming; and with growing numbers of data breaches originating with third parties and all the regulatory activity that comes as a result, it never lets up.
-
Resourcee-Book: Firms face mounting pressure from GDPR
More firms have been stymied by the General Data Protection Regulation.
-
Blog
Senators demand data use answers from Grindr
In response to media reports that the LGBTQ dating app Grindr shared information about users’ HIV statuses with third parties, Senators Edward J. Markey and Richard Blumenthal are demanding answers about the company’s data practices.
-
Blog
Big banks want nationwide breach standards
the Financial Services Roundtable, a trade group for the nation’s largest banks, is calling upon Congress to “enact a strong set of national data security standards” in efforts to better protect consumers and sensitive financial information.
-
Blog
FSR: Congress must enact data breach legislation
The Financial Services Roundtable is urging Congress to enact stronger data security legislation and ensure sensitive financial information is kept safe.
-
Blog
Bill targets credit reporting agencies for consumer data leaks
The newly introduced Data Breach Prevention and Compensation Act is intended to hold large credit reporting agencies more accountable for data breaches. The bill would give the Federal Trade Commission greater supervisory authority over data security at CRAs.
-
Blog
Data breaches hound SEC’s CAT plan, inspire legislation
A massive, soon-to-launch SEC database faces renewed scrutiny and delay demands in response to a recently disclosed cyber-breach.That attack, and other breaches, are also serving as the catalyst for both new and resurrected legislation in Congress.
-
Blog
GAO warns SEC about data protection practices
A report by the Government Accountability Office finds that while the SEC has made strides in improving the security of its data and resolving previously identified problems, “weaknesses continue to limit the effectiveness of other security controls.” Joe Mont explores what steps the Commission should take, according to the report.
-
Article
Enforcement Action May Be Omen of SEC’s Cyber-Security Plans
An investment adviser firm in St. Louis has become the (painful) test subject for the SEC’s attitude on cyber-security matters. The case, observers say, is a warning that the agency is moving away from guidance and toward enforcement. So what will the SEC consider to be “reasonable” security efforts? Will ...
-
Blog
Transforming the Cyber-Security Paradigm
Though data breaches are inevitable, companies still remain too focused on fortification rather than response, failing to adopt to the harsh realities of rapidly emerging international and multifarious cyber-security threats. Inside, columnist John Reed Stark recommends a three-step cyber-security transformation for companies to undertake to combat recent rapidly evolving cyber-dangers.
-
Article
Preparing Your Board for Cyber-Security Oversight
Every board knows its company will fall victim to a cyber-attack and, worse, that the board will need to clean up the mess and superintend the fallout. This week, guest columnist John Stark, a long-time student of cyber-security risks, breaks down the fundamentals any board must establish for cyber-security, and ...
-
Blog
Retailers Decry Prospect of Bank-Like Data Security Rules
The National Retail Federation is asking Congress to reject any legislation that would impose data security rules designed for the banking industry upon non-bank businesses. An overly broad expansion of data security standards similar to Gramm-Leach-Bliley Act guidelines would “be a serious error,” it says.
-
Blog
White House Unveils New Data Security Efforts
On Monday, President Barack Obama proposed several new initiatives intended to enhance data security and combat identity theft. Among the proposals is legislation requiring companies to notify customers within 30 days when their personal information has been exposed, criminalizing the overseas trade in identities, and preventing certain uses of student ...