When it is presidential primary news. When the “family feud” is more newsworthy than the data. When there are no less than four parties involved who one can identify as data custodians of one kind or another. In a single sentence, the incident can be described as follows (the four data custodians are numbered in … Continue reading
Tag Archives: breach announcements
The hack that maybe wasn’t: Ashley Madison
In the world of on-line romance and breach notifications, the Ashley Madison hack is unique. Usually, on-line romance crimes involve fraud. Law enforcement officials report that on-line romance fraud is under-reported because the victims are too embarrassed to admit they were duped. They do not want to go through the humiliation of having a detective … Continue reading
Hooked on hacks
To distort a phrase from media criticism: if it HEARTBLEEDS, it leads. I have no proof of this, but I am guessing that the number of journalists that now have experience writing about cybersecurity events has increased dramatically in the past year. Big breaches have always been news, but with a cluster of them occurring … Continue reading
When “it” talks back
Of the thousands of pages in the Harry Potter books, only one sentence ever really seemed to relate to the on-line world. One of the smarter parents in the series admonishes his daughter: ”Never trust anything that can think for itself if you can’t see where it keeps its brain” And, sure enough, then comes … Continue reading
When is a breach notification not a breach notification (revisited)?
When it’s a customer service announcement. At least that’s what one in-flight internet on demand service provider claimed. So, the first thing to understand is that there is no reason to believe that customer information was actually compromised. On the other hand, as Bruce Schneier points out in Liars and Outliers, society runs on trust … Continue reading
The 4th e-state of denial
Corporate web sites getting hacked is news. Corporate news sites getting hacked is news. News sites getting not hacked but going down anyway is…? When NYTIMES.com went down this week for a couple of hours, they felt they needed to provide the proper context for their downtime. The headline of the article they published read … Continue reading
When is a breach notification not a breach notification?
In Memoriam Barnaby Jack.(1) When it’s an indictment, a settlement or an ethical hack. It is interesting to note the difference between a breach notification press release (these are required by law, for example, for breaches of health care data affecting over 500 individuals) and the subsequent coverage and reports of indictments, settlements and ethical … Continue reading
Hack on South Carolina data: criminal; act of international cyber terrorism: huh?
[note: the links are no longer active, apologies] In this example, the press takes advantage of recent comments about a “cyber Pearl Harbor” and implies that what looks like a case of identity theft for the purposes of tax and credit card fraud is an international cyber attack on the U.S. by our enemies. The press release … Continue reading