Archives: Data Security

Subscribe to Data Security RSS Feed

Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable

According to reports by WhoWhatWhy and the Associated Press, five security experts have confirmed a private citizen’s allegation that the Georgia Online Voter Database contains a major security flaw and is vulnerable to hackers. According to one of the experts from the University of Michigan, anyone with access to an individual voter’s personal information could … Continue Reading

Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge

Federal legislation recently took effect that prohibits consumer reporting agencies from charging a fee to place or remove (lift) a security freeze on a consumer credit report in response to a consumer request. The “Economic Growth, Regulatory Relief, and Consumer Protection Act” (the Act) was passed on May 24, 2018. The Act includes important updates … Continue Reading

New Patent Looks to Blockchain for Drone Security

According to recent documents made public by the U.S. Patent and Trademark Office (USPTO) IBM has applied for a patent for a system that would use distributed ledger technology to address privacy and security concerns associated with the increasing usage of drones in both commercial and recreational applications. In the application for this patent, IBM’s … Continue Reading

Protect Yourself From Year-End Charitable Giving Scams

December is traditionally a busy month for charitable giving, as many donors are inspired by the holiday season to give generously to those in need, while others look to make year-end gifts that will qualify for a tax deduction in the current tax year. Unfortunately, because of the increase in charitable giving, there is often … Continue Reading

Early Adopter—Vanguard Announces Plan to Utilize Blockchain Technology

Top mutual fund firm The Vanguard Group, Inc. unveiled a plan last week to incorporate blockchain smart contract technology into some of its indexing operations beginning early next year. Vanguard’s initiative will be carried out through a partnership with the Center for Research in Security Prices (CRSP) and technology provider Symbiont and is intended to … Continue Reading

Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have: a cybersecurity program designed to protect … Continue Reading

A CIO Budget Playbook for 2018

It’s that time of the year again, budget season. A time when organizations set priorities on how to strategically spend their money in 2018. In the information technology (IT) world this can be a daunting task for any CIO. According to Gartner, artificial intelligence (AI), machine learning, and tools such as conversational platforms, digital twins … Continue Reading

Is Blockchain the Answer to Identity Management?

Considering the recent Equifax data breach which put an estimated 145.5 million American’s identity at risk, main stream media outlets are starting to ask an important question; if we can’t stop data breaches, how do we project our identity? According to data from the Identity Theft Resource Center, U.S. companies and government agencies have disclosed … Continue Reading

FTC Issues ‘Stick with Security’ Guidance Emphasizing Data Security Best Practices

The Acting Director of the FTC’s Bureau of Consumer Protection, Thomas B. Pahl, recently commenced a ‘Stick with Security’ series of blog posts that analyze the data security principles championed by the FTC in its Start with Security guidance. The posts are intended to impart lessons the FTC has learned via investigations and enforcement actions, … Continue Reading

EFF Report Finds That Student Data is Not Adequately Protected By Ed Tech Companies

On April 13, 2017, the Electronic Frontier Foundation (EFF) published Spying on Students, a report detailing its investigation into school-issued devices and student privacy. EFF found that parents were overwhelmingly not informed about what educational technology (Ed Tech) their students were using. As a result, students and/or parents were the ones burdened with investigating what … Continue Reading

IRS to Notify 100,000 Taxpayers That Their Information May Have Been Obtained Through Misuse of FAFSA Retrieval Tool

On Thursday, Internal Revenue Service (“IRS”) Commissioner John Koskinen testified that the personal data of up to a 100,000 taxpayers could have been compromised as a result of criminal use of the Free Application for Federal Student Aid Data Retrieval Tool (“DRT”). Last week, we posted that the IRS disabled the tool after it suspected … Continue Reading

The Truth in Mac Security

For decades, it has been assumed that MacBook and iPhone devices are hack proof and virus free. Their advertisements and claims for being indestructible were never questioned. Yet, nothing is truly immune to intrusion. Consumers pay a high premium for the slick and glossy Apple devices. Their superior brand has continued to sell and grow … Continue Reading

WhatsApp Security Flaw, Lawsuit in Germany

Tobias Boelter, a University of California Berkeley cryptography researcher claims that last year he found a security flaw in WhatsApp’s encrypted smart phone messaging application. The flaw, which relates to the unique security keys exchanged between WhatsApp users, is reported to allow third parties, including governments, to intercept messages in transit. Mr. Boelter informed Facebook, … Continue Reading

Toys Not Immune from Scrutiny Over Privacy and Security Weaknesses

In the wake of the holiday season, it seems that even toys are not immune from privacy and security pitfalls. Two “connected” toys, Genesis Toys’ My Friend Cayla and i-Que robot, have been accused of violating U.S. and European privacy, security and advertising laws. The toys at issue provide children with an interactive experience via … Continue Reading

Transatlantic Data Transfer: An Update

The EU-US Privacy Shield, designed to protect EU citizens’ personal data when it is transferred to US organisations, has now been in place for a couple of months. How is it shaping up? How we arrived at the Privacy Shield… Under current EU data protection laws, as well as under the forthcoming General Data Protection Regulation … Continue Reading

NAIC Released Draft of Revised Insurance Data Security Model Law for Review

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive standards… for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or … Continue Reading

Black Hat reports increase in cybersecurity concerns

The 2016 Black Hat Attendee Survey was published in advance of the 2016 Black Hat Conference.  Not surprisingly, the respondents to the survey conveyed an increased concern regarding security breaches versus 2015. An alarming 72% of respondents believe it likely that their organizations will have to deal with a major data breach in the year … Continue Reading

ATM vulnerability – Banks beware!

It is said that a chain is only as strong as its weakest link.  Often the same is said for an organization’s data privacy & security defensives. Could it be that the ubiquitous ATM machine is the weak link to the banking system?  Thursday, July 14, IBSintelligence.com reported that in Taiwan, thieves, possibly using a … Continue Reading

Physical security still an issue: Pruitt Health suffers breach in break-in

The importance of physical security and the risk associated with the unauthorized access to or loss of paper records is clear from recent experiences of Pruitt Health in South Carolina. On March 2, 2016, an intruder broke the front door glass of one of its home health locations and had access to paper medical records … Continue Reading

Facial Recognition Guidelines issued by NTIA and approved by IBIA

On June 15, 2016, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued its facial recognition best practices, which were developed by a multi-stakeholder group convened by NTIA. The best practices document, titled “Privacy Best Practice Recommendations for Commercial Facial Recognition Use,” is intended to be a code of conduct for the … Continue Reading

Wells Fargo Unveils Plan to Better Protect Small Business Customer Account Information

On June 7, Wells Fargo announced a partnership with software firm, Xero, that is intended to allow small businesses to share bank information without sharing their bank passwords with third parties, such as Quicken, who provide services to the business customers.  The small business customers will log into Xero’s website using a different account designation … Continue Reading
LexBlog