2019 Verizon Data Breach Report: Updating Consumers On How to Protect Themselves Again

The 2019 Verizon Data Breach Investigation Report (DBIR) was released at the end of May. This report provides an overview of data and statistical research relating to cyber threats as well as potential defenses to counteract them. The overall goal of the DBIR is to provide potential information and suggestions relating to protection as well as cyberattack recovery.  This year’s report proved to be the most extensive review yet conducted, tracking 41,686 security incidents around the world, including 2,013 data breaches from 86 countries and… Continue Reading

Largest Health Data Breach of 2019 Strikes Seattle Hospital

On December 26, 2018, University of Washington School of Medicine in Seattle, Washington was notified that their database had been misconfigured, resulting in a breach affecting approximately 974,000 individuals, the largest health breach of 2019. UW Medicine was first notified of this error on December 4, 2018 after a patient performed a Google search for their own name and found a file online containing some of their information through UW Medicine visible on the internet. This information contained protected health information that UW Medicine is… Continue Reading

2018 Year in Review: Major Brands Falling Under Attack

After tallying them all up, 2018’s cyber attacks might not have come across as anything new to most individuals. However, while the number of people affected by data breaches in 2018 did not necessarily hit new records, the volume of attacks and as well as the number of individuals affected still signifies that this is a problem that won’t be going away any time soon. In 2018, billions of individuals were affected by data breaches. Cyber attacks increased by 32 percent over the prior year… Continue Reading

The End of the Password: The Future of Company Security

At Microsoft Ignite 2018, an annual conference for developers and IT professionals, heavily emphasized its system’s security improvements. In the spotlight, Microsoft focused on its movement away from a password usage system through the Authenticator app. The Microsoft Authenticator app works by utilizing an addition factor, such as a fingerprint, PIN, or facial biometric, allowing administrators to default to the Microsoft Authenticator app first, rather than asking for a password. During the conference, Microsoft indicated that passwords are a “short-term game” as most security… Continue Reading

Consumers Have Standing for Data Breach Claims against Barnes & Noble

The Court of Appeals for the Seventh Circuit has issued its second decision in favor of consumers bringing claims against retailers for injuries following cyber attacks exposing sensitive consumer information in Diefenbach v. Barnes & Noble, Inc. On April 11, 2018 the court resurrected the class action brought against the book retailer by consumers whose debit card information was hacked in 2012. Specifically, the court ruled that the named plaintiffs properly alleged an injury under state consumer protection laws, including lost time, cost of… Continue Reading

Re-Thinking the U.S. Government’s Approach to Cybersecurity

Are the “cybersecurity” tools used by the CIA and NSA causing harm to U.S. businesses and citizens? An analysis of the WikiLeaks materials, and recent hacker activity, suggests the answer may be yes. This month, it was revealed that at least 40 cyber attacks on organizations in 16 countries were conducted with top-secret hacking tools, according to security researcher Symantic Corporation. While not formally blaming the CIA, Symmantic said it connected these attacks to the CIA hacking tools obtained by WikiLeaks, and that the targets… Continue Reading

April Brings Showers … and Changes to State Data Breach Notification Laws

Over the past few weeks there have been noteworthy changes to data breach notification acts within several states. Of importance, New Mexico enacted its first notification law while Tennessee and Virginia amended existing legislation. New Mexico On April 6, 2017 New Mexico enacted HB 15, the Data Breach Notification Act, making it the 48th state to pass a notification law. The Act goes into effect on June 16, 2017, leaving Alabama and South Dakota as the only states without notification requirements. The Act, drawing… Continue Reading

IRS Student Loan Application Program Breach Affecting up to 100,000 Taxpayers

On April 6, 2017, IRS Commissioner John Koskinen testified during a Senate Finance Committee meeting that the personal data of up to 100,000 taxpayers may have been compromised by hackers accessing both students’ and parents’ tax information through the Data Retrieval Tool (DRT), a free application for federal student aid data retrieval connected with the Free Application for Federal Student Aid (FAFSA). Obtaining such information allowed these hackers to file fraudulent tax returns and steal refunds. The last breach of this magnitude occurred in 2015,… Continue Reading

Lessons in Cyber-Hygiene: Securing Employee Passwords

The human element remains a significant threat vector for institutions of all sizes, and management is well advised to take proactive steps to educate and implement effective “cyber-hygiene” policies for all employees to minimize the risks associated the range of social engineering tactics, from phishing to inadvertent disclosures, as well as curb the opportunities for plain old mistakes. The area of password protection is among the most obvious areas for improvement in the world of cyber-hygiene. In a recent survey of 750 IT administrators and… Continue Reading

Lessons From a Presidential Campaign Data Breach

It was perhaps the first major allegation of a cyber breach in a presidential campaign when the Democratic National Committee (DNC) claimed that staff members from the campaign of Bernie Sanders accessed unauthorized information from a voter database maintained by DNC. The DNC leases this database to various campaigns and the campaigns supplement it with their own information. However, campaigns are blocked via firewalls from viewing information supplied by rival campaigns. In this case, members of the Sanders campaign are alleged to have accessed information… Continue Reading