Al Pascual, former head of fraud and security practices at Javelin Strategy & Research, has taken on a new role as COO of a start-up company, Breach Clarity, which is offering consumers a free tool to determine the severity and implications of a data breach and what steps they should take to mitigate risk.
An unsecure database belonging to a company that provides hotel reservation management technology exposed about 179 GB of customer data, including travel arrangements and other data for U.S. military and other government personnel, according to a new report from two independent security researchers.
Inadequately protected shared network storage devices at a Department of Veterans Affairs regional office left veterans' personal and health information vulnerable to ID theft, fraud and other compromises, according to a new report. Security experts say this kind of security lapse is common in other sectors.
Draft regulations to carry out the California Consumer Protection Act do not go far enough to clarify ambiguities in the law, which goes into effect Jan. 1, 2020, says privacy attorney Sadia Mirza of the law firm Troutman Sanders, who encourages organizations to submit comments on the proposed regs.
The State Department's years-long review of former Secretary Hillary Clinton's use of a private email server found that although 38 current or former department officials violated government security policies, there was no "persuasive evidence of systemic, deliberate mishandling of classified information."
Zappos is close to settling a long-running class action lawsuit filed by consumers over a 2012 data breach. The online shoe and clothing retailer's proposed compensation would be a 10 percent discount on a future online purchase. A federal judge has granted preliminary approval to the deal.
New legislation introduced by Sen. Ron Wyden, D-Ore., would "bring meaningful punishments for companies that violate people's data privacy, including larger fines and potential jail time for CEOs," he says. But can Congress agree on a privacy law?
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
The not-for-profit Libra Association, which would govern Facebook's new Libra cryptocurrency, launched Monday despite Visa, MasterCard and others dropping their participation. Meanwhile, Facebook CEO Mark Zuckerberg is scheduled to testify before Congress next week to address concerns about the project.
What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues.
Gov. Gavin Newsom has signed into law six amendments to the California Consumer Privacy Act as well as another bill updating the state's long-standing data breach law. Meanwhile, draft CCPA implementation regulations have been unveiled.
The latest edition of the ISMG Security Report analyzes Twitter's repurposing of user phone numbers for targeted advertising. Plus: A discussion of 5G security issues and findings of the Internet Organized Crime Threat Assessment.
Online attack threats continue to intensify, with criminals preferring ransomware, DDoS attacks and business email compromises, warns Europol, the EU's law enforcement intelligence agency. After numerous successful disruptions by police, criminals have responded by launching increasingly complex attacks.
To ensure privacy is protected, governments need to make sure standards and regulations keep pace with the latest technology developments, including facial recognition and other forms of artificial intelligence, says Steven Feldstein, an associate professor at Boise State University.