Breach announcements / Cybersecurity / Data Science / Privacy

When is a breach notification not a breach notification (part three)?

When it is presidential primary news.  When the “family feud” is more newsworthy than the data.  When there are no less than four parties involved who one can identify as data custodians of one kind or another. In a single sentence, the incident can be described as follows (the four data custodians are numbered in … Continue reading

Breach announcements / Cybersecurity

The hack that maybe wasn’t: Ashley Madison

In the world of on-line romance and breach notifications, the Ashley Madison hack is unique. Usually, on-line romance crimes involve fraud.  Law enforcement officials report that on-line romance fraud is under-reported because the victims are too embarrassed to admit they were duped.  They do not want to go through the humiliation of having a detective … Continue reading

Breach announcements / Cybersecurity

When is a breach notification not a breach notification (revisited)?

When it’s a customer service announcement.   At least that’s what one in-flight internet on demand service provider claimed. So, the first thing to understand is that there is no reason to believe that customer information was actually compromised.  On the other hand, as Bruce Schneier points out in Liars and Outliers, society runs on trust … Continue reading

Breach announcements / Cybersecurity

When is a breach notification not a breach notification?

In Memoriam Barnaby Jack.(1) When it’s an indictment, a settlement or an ethical hack.  It is interesting to note the difference between a breach notification press release (these are required by law, for example, for breaches of health care data affecting over 500 individuals) and the subsequent coverage and reports of indictments, settlements and ethical … Continue reading

Breach announcements

Hack on South Carolina data: criminal; act of international cyber terrorism: huh?

[note: the links are no longer active, apologies] In this example, the press takes advantage of recent comments about a “cyber Pearl Harbor” and implies that what looks like a case of identity theft for the purposes of tax and credit card fraud is an international cyber attack on the U.S. by our enemies. The press release … Continue reading