Archive for August, 2015
Visit PR Newswire for Journalists, our free resources for releases, photos and customized feeds. You can also send a free ProfNet request for experts.
Minnesota officials say driver’s license data on 18 residents was accessed after a password-protected portal was inadvertently opened online.
The Department of Public Safety said Monday the breach happened when a server update accidentally removed the authentication process to access the state’s driver’s license database. Two individuals used the portal 55 times between Aug. 2 and Aug. 24.
The department says they’re sending letters to the 18 residents whose information was accessed. That information includes pictures, names, addresses and dates of birth. Social Security numbers weren’t involved in the breach.
The state has disabled the faulty access site.
In June 2012, FTC sued Wyndham for 3 security breaches in 2008 and 2009 where their computer system was hacked resulting stolen credit card details and another information from over 619,000 consumers, resulting in more than $10.6 million in fraudulent charges.
Like Us on Facebook
Wyndham appealed to this, but the court ruled it out because of the fact that the company failed to protect consumer data and have been repeatedly exposed over the course of 2008 and 2009. The company and its subsidiaries have 90 independently owned franchise and management agreements licensed under the Wyndham name. Wyndham released a statement by a spokesperson saying that the FTC’s allegations. are unfounded and that “the FTC lacks the authority to pursue this type of case against American businesses and has failed to publish any regulations that would give such businesses fair notice of any proposed standards for data security.” Since 1914, the FTC has been protecting consumer rights against fraud and deceptive trade practices, and Wyndham failed to exhibit such actions under this idea, said Circuit Judge Thomas Ambro, in regards to the June 2012 Lawsuit. Despite the appeals of overreaching, U.S. District Judge Esther Salas let the case proceed.
In the light of this appeal, a court has stated that the FTC has the right to do that. The decision has been 3-0 by the Third U.S. Circuit Court of Appeals. FTC has now authority over the maintenance and regulation of the consumer data of companies. “Today’s Third Circuit Court of Appeals decision reaffirms the FTC’s authority to hold companies accountable for failing to safeguard consumer data,” FTC Chairwoman Edith Ramirez said. “It is not only appropriate but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information,” she added.
Troubled company now looking for new chief.
The chief executive of Avid Life Media, the parent of infidelity website Ashley Madison, has quit just over a week after hackers leaked data about millions of its clients.
Avid Life said the departure of Noel Biderman was by “mutual agreement” and its existing senior management team would take over until a new CEO is appointed.
On August 18, hackers who claimed to be unhappy with the company’s business practices released the Ashley Madison customer data. Police probing the breach said it had sparked extortion attempts and at least two unconfirmed suicides.
The data dump contained email addresses of government officials, civil servants and workers at governments and private enterprise across the world.
“This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees,” Avid Life Media said.
Biderman, styling himself the “King of Infidelity,” had been the company’s primary pitchman but has not made any public appearances since the attack.
His exit could help appease investors and business partners but would do little to placate subscribers or the public, said Dan Hill, president of strategic communications firm Ervin Hill Strategy.
“Given the number of battles they are fighting that are so significant and high profile, I don’t see how this is going to move the needle for them,” he said.
He said Avid Life would have to find a replacement fast.
“You can’t run an organisation through a crisis by committee,” he said.
Biderman founded Ashley Madison in 2001 and Avid Life Media acquired it in 2007.
A second data dump by the hackers released thousands of Biderman’s emails and other company documents.
To date, few top executives have lost their jobs after big cyber breaches.
Sony Pictures America co-chairman Amy Pascal stepped down in February after last year’s devastating breach at Sony’s Hollywood studio, and Target replaced its CEO last year in the wake of a 2013 breach that exposed records of tens of millions of the retailer’s customers.
Cyber security firm Veracode chief technology officer Chris Wysopal said he expected such ousters to become more common.
“Breaches are huge financial issues, even existential issues for companies. They are getting bigger and more impactful to the companies being breached,” he said.
Thank you for visiting theday.com
To continue reading up to 10 premium articles per month, you must register, or get…
FULL DIGITAL ACCESS
$1 for 12 weeks
Already registered on theday.com? Login.
Not registered on theday.com? Register.
No, thank you.
Infidelity website Ashley Madison split with chief executive Noel Biderman on Friday, after hackers revealed the company that encouraged people to have illicit affairs wasn’t very good at keeping its own customers’ secrets.
Biderman is the latest in a string of high-profile corporate leaders to lose their jobs amid the fallout of embarrassing cyberattacks – joining the likes of former Sony Pictures Entertainment cochair Amy Pascal in February and former Target chief executive Gregg Steinhafel last year.
The breaches highlight how hackers not only can blow through a firm’s security, the modern foundation of consumer trust, but also threaten enterprises built on discretion – and abruptly end high-powered careers.
Biderman was less known than the other corporate figures, and his company was much smaller. But his downfall has attracted almost as much media attention because of the audacious claims he had made about the benefits of extramarital affairs – as well as the salacious details that spilled out of the hack.
Leaked emails appear to show that Biderman himself pursued affairs – something he had denied. The hack also exposed the names, addresses, or sexual preferences of 37 million accounts, and it is possible to search the hackers’ database for registrations belonging to friends, coworkers, members of Congress, or Hollywood celebrities who potentially put their marriages in the hands of a company they hardly knew.
Many analysts and cybersecurity experts expressed doubts that Ashley Madison would survive the hack. They agreed that Biderman had to go.
“We’re talking about breaches that can put a business completely under,” said Tyler Shields, a senior security analyst at Forrester Research. “The boards have recognized the risk that comes with a major record-compromising security breach – and when it’s elevated to the board level, the ultimate responsibility falls on the CEO.”
Toronto-based Avid Life Media, Ashley Madison’s parent company, did not cite a specific reason for Biderman’s departure.
As chief executive, Biderman had zealously promoted and defended his business since it was launched in 2001.
In an interview with the Washington Post last year, Biderman explained Ashley Madison’s global reach. Infidelity, he said, is universal.
Biderman, who is married and has denied ever having an affair, argued that cheating can be good for society – as long as the trysts stay under wraps.
As it turned out, his customers’ secrets weren’t safe with Ashley Madison. Neither, apparently, were his. The hack exposed emails between Biderman and several women in Toronto who sent him sexually explicit messages and arranged to meet him in hotels.
In the wake of a major data breach, Noel Biderman, the CEO of the adultery website Ashley Madison, has stepped down.
Biderman is ending his relationship with the extramarital affairs website he founded 14 years ago.
The news comes just weeks after a devastating data breach that leaked the names of millions of users of the infidelity site. A third leak of emails has also surfaced, and there are suggestions Biderman had affairs himself, despite previous denials.
Avid Life media released a statement this morning saying that Ashley Madison and Biderman both agreed he should step down.
Avid Life media says an existing senior management team will lead the operations until a replacement for Biderman is found. And the company is working with law enforcement to find those responsible for the hack.
Article source: http://www.chch.com/ashley-madison-ceo-steps-down/
RAPID CITY – Officials at the South Dakota School of Mines and Technology say an email that a university employee inadvertently sent to graduate students included an attachment with names, student identification numbers and grade point averages of about 350 students.
Spokeswoman Dani Mason says Social Security numbers were not included in the attachment.
All students who received the email have been told to delete it and to confirm that they’ve complied.
Mason says the Rapid City school is determining additional steps to ensure a similar incident doesn’t occur again.
(Copyright 2015 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)
Data breaches relating to credit card details, customer data and commercial data make news headlines all too often.
In this article we consider the obligations on data controllers, under the DIFC Data Protection Law, to make formal notification in the event of a breach of personal data.
The Dubai International Financial Centre is a financial services free zone with a European-style data protection regime.
The DIFC Data Protection Law (DIFC Law No. 1 of 2007, as amended) requires data controllers to implement appropriate technical and organizational measures to protect against accidental, negligent or unlawful loss, disclosure or access to personal data, particularly in the context of the processing of sensitive personal data or the transfer of personal data to recipients outside the jurisdiction of the DIFC. Such measures are required to ensure a level of security appropriate to the risks presented by the manner of processing and the nature of the personal data in question. When engaging a data processor to process personal data on its behalf, a data controller is required to select a data processor able to provide sufficient guarantees in respect of the technical and organizational security measures it will apply to such processing.
Significantly, Article 16(4) of the DIFC Data Protection Law states:
In the event of an unauthorised intrusion, either physical, electronic or otherwise, to any personal data database, the data controller or the data processor carrying out the data controller’s function at the time of the intrusion, shall inform the commissioner of data protection of the incident as soon as reasonably practicable.
The DIFC Commissioner of Data Protection’s expectation regarding the timeframe for reporting a breach is ‘as soon as reasonably practicable’. The Commissioner is open to receiving an initial notification giving high-level details of the breach, with a more detailed report and set of remedial actions delivered as swiftly as possible without unjustifiable delays. Based on other timeframes referred to in the DIFC Data Protection Law (albeit in other contexts) there is some likelihood that a period longer than 14 days from the event giving rise to the notification would be considered ‘too long’, particularly where there was no obvious justification. Acting swiftly is likely to be seen favourable when the Commissioner is considering if any disciplinary action is appropriate.
There is no explicit obligation in the DIFC Data Protection Law with regard to notifying affected data subjects. Despite this, guidance issued by the Commissioner in respect of Article 16(4) indicates that the Commissioner expects that it may be appropriate to notify affected data subjects – and such notification would be taken into account when the Commissioner is assessing the nature of any disciplinary action that it may wish to take in response to the breach.
The Commissioner’s guidance mentions that a breach notification should:
- Set out a description of how and when the breach occurred, what personal data was involved and what has already been done to mitigate the risks;
- Give clear and specific advice on what data subjects can do to protect themselves and what it is willing to do to help them;
- Provide a helpline or webpage where data subjects can find out more about what has occurred; and
- Ensure that the notification medium is appropriate and secure (ie. not disclose any further personal data of the affected data subjects).
It also states that, at a minimum, the Commissioner would expect the following to be addressed in a report relating to a breach:
- The type of personal data and number of records compromised;
- The circumstances of the breach;
- The immediate action taken to minimise/mitigate the effects of the breach;
- The details of how the breach is being investigated;
- Whether affected data subjects and the public know, or have been informed, of the breach;
- Whether any other regulatory body has been informed, and its response; and
- Whether any long-term remedial action is being undertaken to prevent future occurrences.
The references to giving ‘clear and specific advice on what data subjects can do’, and providing ‘a helpline or webpage where data subjects can find out more’, generally support the view that affected data subjects should be notified of a breach. In contrast, the Commissioner’s guidance also alludes to ‘whether affected individuals […] have been informed’. This could be read as indicating that it is not always essential to notify affected data subjects of a data breach, and that the Commissioner would be open to taking a case-by-case approach when considering whether such notification is appropriate.
The DIFC’s guidance on notifications to the Commissioner in the event of a data breach refers to what the ‘data controller’ should do. Our view is that this should be read as extending to the ‘data processor’ (if it is the data processor that is notifying the Commissioner pursuant to Article 16) – although in practical terms our recommendation would generally be for any breach notification to be communicated to the Commissioner via the DIFC-based data controller.
There are a range of other issues that may also need to be considered by a data controller in the DIFC in the event of a data breach. These include whether or not any related transfers of personal data outside the jurisdiction were compliant with the requirements for processing/transferring as set out in the DIFC Data Protection Law, whether or not the Regulator of financial services firms set up in the DIFC will also need to be notified, and whether the data breach should also be notified to the police.
OTTAWA: The chief executive of dating for adulterers site Ashley Madison stepped down on Friday after hackers leaked its membership list online.
Parent company Avid Life Media, which operates the infidelity network, said it and CEO Noel Biderman and were in “mutual agreement” about the split.