The theft of a backpack holding a laptop computer and paper documents containing medical information on perhaps thousands of NFL players serves as a lesson in the importance of safeguarding all health information, even for entities falling outside of HIPAA's reach.
Russian police have arrested 50 people in connection with an investigation into a hacker group suspected of unleashing a five-year series of malware-enabled hack attacks on major Russian financial institutions and stealing $25 million.
A federal judge has cleared the way for a class-action lawsuit filed by card issuers against Home Depot over the retailer's massive 2014 payments breach to proceed. In making the ruling, the judge noted that the banks' allegations regarding the retailer's security negligence appear to have merit.
Since the theft of $81 million from the central bank of Bangladesh came to light in February, investigators have continued to probe similar SWIFT-related attacks against four other financial services firms, dating back to at least 2013.
MySpace has confirmed it is resetting millions of accounts affected by the release of 360 million usernames, email addresses and passwords. According to one expert, more of these types of big breach announcements may be coming.
Before moving to faster payments, U.S. banks should scrutinize the security gaps exploited in the SWIFT-related bank heists and build effective risk-mitigation strategies that include stronger layers of authentication, financial fraud experts say.
Mike Daugherty, the president and CEO of LabMD who is fighting a legal battle with the FTC over two security indents, explains why he believes the agency is overstepping its regulatory authority. And he says that new FTC probes into PCI compliance and EMV deployment could be on the way.
A Bangladesh probe says that an insider may have assisted attackers in perpetrating the $81 million cyber heist against Bangladesh Bank. SWIFT has unveiled new security measures to help other banks, but security experts say more will be needed.
Financial fraud expert Avivah Litan, a Gartner analyst, says the SWIFT-related heists, which have defrauded banks out of millions of dollars in recent weeks, are not cause for "the sky is falling" alarm. She recommends key security steps to prevent further such incidents.
ISMG editors, in a special report, examine the status of data breach notification laws in a number of regions, including the European Union, which this past week implemented the General Data Protection Regulation, although enforcement won't take place for two years.
Don't blame a lack of information security standards, security products or cybersecurity competence for the failure of breach defenses. In many cases, the culprit is design and implementation flaws in IT products, Robert Bigman, former CIO at the CIA, contends.
In the wake of reports that 65 million stolen credentials from micro-blogging platform Tumblr have surfaced online, following 117 million LinkedIn credentials, it's clear that 2016 is fast becoming the year of what one security expert dubs "historical mega breaches."
Since California passed its pioneering data breach notification law in 2003, many other states and some countries have followed suit. Here's a closer look at the status of breach notification requirements in four regions.