The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.
Health insurer Premera Blue Cross has signed a $10 million HIPAA settlement with the attorneys general of 30 states in the wake of a 2014 data breach that exposed personal information on more than 10.4 million individuals nationwide.
Retailers and ecommerce organizations are responsible for handling a wealth of customer data, including Personally Identifiable Information (PII) such as names, addresses, credit card details and passwords.
However, this access to customer data makes retailers one of the biggest target groups for cybercriminals....
Website breaches are becoming a daily occurrence. Organizations, entrusted with millions of customer data points, are failing to protect consumers adequately and as a consequence, losing valuable data.
Despite the expectation that companies should be prepared for both accidents and deliberate attacks, there is a...
2018 saw a further increase in the frequency and complexity of cyberattacks being levelled at organizations and in several cases, resulted in high-profile customer data breaches. Global companies such as Facebook, Uber and Quora all fell victim to cyberattacks that left them facing huge financial costs and...
New Ensighten research shows 83% of global organizations anticipate a potential data breach - yet two-thirds are not armed for prevention against this cyber threat. The risks revealed by this research into these concerning approaches to data security vulnerabilities cannot be allowed to persist, lest they threaten...
The data protection gloves have finally come off in Europe after GDPR enforcement began last May - the U.K.'s privacy watchdog has proposed large post-breach sanctions against British Airways and Marriott. Consider the tables now turned on firms that fail to properly safeguard personal data.
Britain's privacy watchdog says it plans to fine hotel giant Marriott $125 million under GDPR for security failures tied to a 2014 breach of the guest reservation database for Starwood, which Marriott acquired in 2016. Undiscovered until 2018, the breach exposed 339 million customer records.
Britain's privacy watchdog has proposed a record-breaking $230 million fine against British Airways for violating the EU's General Data Protection Regulation due to "poor security arrangements" that attackers exploited to steal 500,000 individuals' payment card data and other personal details.
When it goes into effect in 2020, the California Consumer Privacy Act will give citizens of that state greater control over their personal data. Ginger Armbruster, the chief privacy officer for the city of Seattle, believes this trend toward greater personal privacy will spread across the U.S.
Increasingly, regulators are looking to hold individual executives accountable for data breaches. This is where attorney Aravind Swaminathan steps in to represent security leaders in legal actions. What are the potential liabilities?
New regulations are leading enterprises to rethink how they secure customer data. At the same time, businesses are subject to more risk from their third-party partners. Chis Niggel of Okta explains how these two trends are complicating enterprise security.
The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security.
D-Link has reached a proposed settlement with the U.S. Federal Trade Commission, which alleged the IoT device developer left consumers vulnerable to hackers through inadequate security practices. The terms of the settlement may serve as a warning to IoT makers to get their security checks in order.
Fraud schemes have migrated in recent years, exposing inherent vulnerabilities in how most organizations authenticate users. This calls for outlining new strategies and tools for evolving authentication practices beyond solely payments security.
Payment fraud schemes are becoming more sophisticated, and threats now...