Archive for the “breaches” category

“Cyber” Insurance and an Opportunity

by adam on January 22, 2013

There’s a fascinating article on PropertyCasualty360 “ As Cyber Coverage Soars, Opportunity Clicks” (thanks to Jake Kouns and Chris Walsh for the pointer). I don’t have a huge amount to add, but wanted to draw attention to some excerpts that (…)

Read the rest of this entry »

South Carolina

by adam on November 26, 2012

It’s easy to feel sympathy for the many folks impacted by the hacking of South Carolina’s Department of Revenue. With 3.6 million taxpayer social security numbers stolen, those people are the biggest victims, and I’ll come back to them. It’s (…)

Read the rest of this entry »

How to mess up your breach disclosure

by adam on March 30, 2012

Congratulations to Visa and Mastercard, the latest companies to not notify consumers in a prompt and clear manner, thus inspiring a shrug and a sigh from consumers. No, wait, there isn’t a clear statement, but there is rampant speculation and (…)

Read the rest of this entry »

Why Breach Disclosures are Expensive

by adam on February 7, 2012

Mr. Tripathi went to work assembling a crisis team of lawyers and customers and a chief security officer. They hired a private investigator to scour local pawnshops and Craigslist for the stolen laptop. The biggest headache, he says, was deciphering (…)

Read the rest of this entry »

Dear Verisign: Trust requires Transparency

by adam on February 3, 2012

On their blog, Verisign made the following statement, which I’ll quote in full: As disclosed in an SEC filing in October 2011, parts of Verisign’s non-production corporate network were penetrated. After a thorough analysis of the attacks, Verisign stated in (…)

Read the rest of this entry »

The Diginotar Tautology Club

by adam on September 23, 2011

I often say that breaches don’t drive companies out of business. Some people are asking me to eat crow because Vasco is closing its subsidiary Diginotar after the subsidiary was severely breached, failed to notify their reliant parties, mislead people (…)

Read the rest of this entry »

The Rules of Breach Disclosure

by adam on September 7, 2011

There’s an interesting article over at CIO Insight: The disclosure of an email-only data theft may have changed the rules of the game forever. A number of substantial companies may have inadvertently taken legislating out of the hands of the (…)

Read the rest of this entry »

Breach Harm: Should Arizona be required to notify?

by adam on June 28, 2011

Over at the Office of Inadequate Security, Pogo was writing about the Lulzsec hacking of Arizona State Police. Her article is “A breach that crosses the line?” I’ve been blogging for years about the dangers of breaches. I am concerned (…)

Read the rest of this entry »

Representative Bono-Mack on the Sony Hack

by adam on May 11, 2011

There’s a very interesting discussion on C-SPAN about the consumer’s right to know about breaches and how the individual is best positioned to decide how to react. “Representative Bono Mack Gives Details on Proposed Data Theft Bill.” I’m glad to (…)

Read the rest of this entry »

What does Coviello’s RSA breach letter mean?

by adam on March 21, 2011

After spending a while crowing about the ChoicePoint breach, I decided that laughing about breaches doesn’t help us as much as analyzing them. In the wake of RSA’s recent breach, we should give them time to figure out what happened, (…)

Read the rest of this entry »