Posts Tagged IT security

Mandatory data breach bill finally introduced into Parliament – What does this mean for franchisors‎

Terms Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you
are granted a non-exclusive, revocable license to access the Website under its
terms and conditions of use. Your use of the Website constitutes your agreement
to the following terms and conditions of use. Mondaq Ltd may terminate your use
of the Website if you are in breach of these terms and conditions or if Mondaq
Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to
read the full text of the content and articles available (the Content). You may
not modify, publish, transmit, transfer or sell, reproduce, create derivative
works from, distribute, perform, link, display, or in any way exploit any of the
Content, in whole or in part, except as expressly permitted in these terms
conditions or with the prior written consent of Mondaq Ltd. You may not use
electronic or other means to extract details or information about Mondaq.coms
content, users or contributors in order to offer them any services or products
which compete directly or indirectly with Mondaq Ltds services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the
suitability of the information contained in the documents and related graphics
published on this server for any purpose. All such documents and related
graphics are provided “as is” without warranty of any kind. Mondaq Ltd and/or
its respective suppliers hereby disclaim all warranties and conditions with
regard to this information, including all implied warranties and conditions of
merchantability, fitness for a particular purpose, title and non-infringement.
In no event shall Mondaq Ltd and/or its respective suppliers be liable for any
special, indirect or consequential damages or any damages whatsoever resulting
from loss of use, data or profits, whether in an action of contract, negligence
or other tortious action, arising out of or in connection with the use or
performance of information available from this server.

The documents and related graphics published on this server could include
technical inaccuracies or typographical errors. Changes are periodically added
to the information herein. Mondaq Ltd and/or its respective suppliers may make
improvements and/or changes in the product(s) and/or the program(s) described
herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally
identifies you, including what sort of information you are interested in, for
three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a
    colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide
    information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third
parties other than information providers. The reason we provide our information
providers with this information is so that they can measure the response their
articles are receiving and provide you with information about their products and
services.

If you do not want us to provide your name and email address you may opt out
by clicking here .

If you do not wish to receive any future announcements of products and
services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to
view the free information on the site. We also collect information from our
users at several different points on the websites: this is so that we can
customise the sites according to individual usage, provide ‘session-aware’
functionality, and ensure that content is acquired and developed appropriately.
This gives us an overall picture of our user profiles, which in turn shows to
our Editorial Contributors the type of person they are reaching by posting
articles on Mondaq (and its affiliate sites) meaning more free content for
registered users.

We are only able to provide the material on the Mondaq (and its affiliate
sites) site free to site visitors because we can pass on information about the
pages that users are viewing and the personal information users provide to us
(e.g. email addresses) to reputable contributing firms such as law firms who
author those pages. We do not sell or rent information to anyone else other than
the authors of those pages, who may change from time to time. Should you wish us
not to disclose your details to any of these parties, please tick the box above
or tick the box marked “Opt out of Registration Information Disclosure” on the
Your Profile page. We and our author organisations may only contact you via
email or other means if you allow us to do so. Users can opt out of contact when
they register on the site, or send an email to [email protected] with no
disclosure in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate
registration form. This is a personalised service where users choose regions and
topics of interest and we send it only to those users who have requested it.
Users can stop receiving these Alerts by going to the Mondaq News Alerts page
and deselecting all interest areas. In the same way users can amend their
personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a users hard drive that contains an
identifying user number. The cookies do not contain any personal information
about users. We use the cookie so users do not have to log in every time they
use the service and the cookie will automatically expire if you do not visit the
Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to
personalise a user’s experience of the site (for example to show information
specific to a user’s region). As the Mondaq sites are fully personalised and
cookies are essential to its core technology the site will function
unpredictably with browsers that do not support cookies – or where cookies are
disabled (in these circumstances we advise you to attempt to locate the
information you require elsewhere on the web). However if you are concerned
about the presence of a Mondaq cookie on your machine you can also choose to
expire the cookie immediately (remove it) by selecting the ‘Log Off’ menu option
as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example,
advertisers). However, we have no access to or control over these cookies and we
are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement,
and gather broad demographic information for aggregate use. IP addresses are not
linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or
its affiliate sites) are not responsible for the privacy practices of such other
sites. We encourage our users to be aware when they leave our site and to read
the privacy statements of these third party sites. This privacy statement
applies solely to information collected by this Web site.

Surveys Contests

From time-to-time our site requests information from users via surveys or
contests. Participation in these surveys or contests is completely voluntary and
the user therefore has a choice whether or not to disclose any information
requested. Information requested may include contact information (such as name
and delivery address), and demographic information (such as postcode, age
level). Contact information will be used to notify the winners and award prizes.
Survey information will be used for purposes of monitoring or improving the
functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our
site, we ask them for the friends name and email address. Mondaq stores this
information and may contact the friend to invite them to register with Mondaq,
but they will not be contacted more than once. The friend may contact Mondaq to
request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users
information. When users submit sensitive information via the website, your
information is protected using firewalls and other security technology. If you
have any questions about the security at our website, you can send an email to
[email protected]

Correcting/Updating Personal Information

If a users personally identifiable information changes (such as postcode),
or if a user no longer desires our service, we will endeavour to provide a way
to correct, update or remove that users personal data provided to us. This can
usually be done at the Your Profile page or by sending an email to [email protected]

Notification of Changes

If we decide to change our Terms Conditions or Privacy Policy, we will
post those changes on our site so our users are always aware of what information
we collect, how we use it, and under what circumstances, if any, we disclose it.
If at any point we decide to use personally identifiable information in a manner
different from that stated at the time it was collected, we will notify users by
way of an email. Users will have a choice as to whether or not we use their
information in this different manner. We will use information in accordance with
the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at [email protected]

If for some reason you believe Mondaq Ltd. has not adhered to these
principles, please notify us by e-mail at [email protected] and we will use
commercially reasonable efforts to determine and correct the problem promptly.

Article source: http://www.mondaq.com/australia/x/587852/Franchising/Mandatory+data+breach+bill+finally+introduced+into+Parliament+What+does+this+mean+for+franchisors

,

No Comments

Experian Says Data-Breach Report Bid ‘Eviscerates’ Privilege …

Law360, New York (April 24, 2017, 5:32 PM EDT) — Experian struck back Friday against a bid by T-Mobile customers to get their hands on investigation documents related to a 2015 data breach that exposed 15 million consumers’ personal information, saying the report was prepared solely at the discretion of their counsel for defense purposes and is therefore privileged.

At issue in the consolidated proposed class action playing out in California federal court is a report prepared by third-party cybersecurity firm Mandiant, which the T-Mobile USA Inc. customers allege in an April 12 motion to compel…

Article source: https://www.law360.com/articles/916261/experian-says-data-breach-report-bid-eviscerates-privilege

,

No Comments

Iowa veterans warned of possible data breach

On April 21, the Iowa Veterans Home (IVH) began notifying thousands of residents, former residents and applicants that their personal information may have been compromised.

How many victims? 2,969

What type of information? The possibly compromised information included, but are not limited to: name, mailing address, phone number, medical information and Social Security number.

What happened? In February, three IVH workers fell for a phishing scam and provided an unknown person with their credentials to enter their three email accounts. IVH believes the issue was found and corrected before anyone entered and removed data from these accounts.

What was the response? IVH worked with the state Office of the Chief Information Officer to recover from the incident and put in place the proper protocols to stop a similar event from happening in the future. Although it does not believe any information was taken, as a cautionary maneuver the facility is notifying all those who might be affected and has set up a toll-free number for people to call, 1-800-645-4591.

Quote: “We cannot determine that any records were actually breached, however, in an overabundance of caution, we are including every possible resident and applicant, estimated at 2, 969.”

Sources: Iowa Veterans Home, KCCI

Article source: https://www.scmagazine.com/iowa-veterans-warned-of-possible-data-breach/article/652340/

,

No Comments

Over 1,000 hotels affected by data breach | 13 WTHR Indianapolis

Individuals with disabilities may contact Jerry Luna at [email protected], or 317.655.5680, for assistance with access to the public inspection files.

All content © Copyright 2000 – 2017 Video Indiana, Inc. and WTHR. All Rights Reserved. For more information on this site, please read our Privacy Policy, and Terms of Service, and Ad Choices.

Article source: http://www.wthr.com/article/over-1000-hotels-affected-by-data-breach

,

No Comments

Experian Says Data-Breach Report Bid ‘Eviscerates’ Privilege

Law360, New York (April 24, 2017, 5:32 PM EDT) — Experian struck back Friday against a bid by T-Mobile customers to get their hands on investigation documents related to a 2015 data breach that exposed 15 million consumers’ personal information, saying the report was prepared solely at the discretion of their counsel for defense purposes and is therefore privileged.

At issue in the consolidated proposed class action playing out in California federal court is a report prepared by third-party cybersecurity firm Mandiant, which the T-Mobile USA Inc. customers allege in an April 12 motion to compel…

Article source: https://www.law360.com/privacy/articles/916261/experian-says-data-breach-report-bid-eviscerates-privilege

,

No Comments

One in eight people have suffered a healthcare data breach

One in eight consumers in England have had private medical information about them stolen from systems that lack the right level of security, according to a survey.

The survey of 1,000 people in England showed that most (78%) think healthcare providers should be responsible for protecting this information, while only 40% believe they themselves have responsibility.

The findings, from a survey of 7,580 people carried out by Accenture in seven countries, revealed that more than half (56%) of data breaches in England concerned medical identity theft and that people who have experienced a breach lost an average of £172 as a result.

Pharmacies were the most likely to be the weak link in security, according to respondents, with 35% claiming that a breach happened at a pharmacy. This compared with 29% who blamed a hospital, 21% an urgent care clinic, and 19% a doctor’s office.

A quarter of victims had their NI number compromised and 18% saw their biometric identifiers compromised. The stolen data was used for fraud, according to 82% of victims.
 
“Patients must remain more vigilant than ever in keeping track of personal information, including credit card statements and health records, which could alert them to breaches,” said Aimie Chapple, managing director of Accenture’s UK health.

“Similarly, health organisations must monitor patient information more carefully and remain transparent with those affected in the event of a breach to swiftly resolve the issue without losing consumers to competitors.”
 

Although breaches are occurring, 84% of the people surveyed still trust healthcare providers to keep their healthcare data secure, but only 59% trust the government and 42% trust health technology companies.

Almost all (95%) of people who were victims of a breach said the company holding their data had taken some type of action.
 
“The time to assure consumers that their personal data is in secure, capable hands is now,” said Chapple. “When a breach occurs, healthcare payers and providers should be able to swiftly notify those affected, with a plan of action on how to remedy the situation and prevent it from happening again.”

Article source: http://www.computerweekly.com/news/450417274/One-in-eight-people-have-suffered-a-healthcare-data-breach

,

No Comments

Lifespan Informs 20k Patients of Data Breach

Cleveland — March 23-24, 2017
San Jose — April 13-14, 2017
Chicago — May 11-12, 2017
Boston — June 15-16, 2017
Nashville — June 27-28, 2017
Denver — July 18-19, 2017
Philadelphia — August 10 – 11, 2017
St. Petersburg — September 20-21, 2017
Raleigh — October 19-20, 2017
Beverly Hills — November 9-10, 2017
Dallas — December 14-15, 2017

Article source: https://www.healthcare-informatics.com/news-item/cybersecurity/lifespan-informs-20k-patients-data-breach

,

No Comments

Over 1000 hotels affected by data breach | 13 WTHR Indianapolis

Individuals with disabilities may contact Jerry Luna at [email protected], or 317.655.5680, for assistance with access to the public inspection files.

All content © Copyright 2000 – 2017 Video Indiana, Inc. and WTHR. All Rights Reserved. For more information on this site, please read our Privacy Policy, and Terms of Service, and Ad Choices.

Article source: http://www.wthr.com/article/over-1000-hotels-affected-by-data-breach

,

No Comments

Details of over a million Aadhaar numbers published on Jharkhand govt website

Digital identities of more than a million citizens have been compromised by a programming error on a website maintained by the Jharkhand Directorate of Social Security.

The glitch revealed the names, addresses, Aadhaar numbers and bank account details of the beneficiaries of Jharkhand’s old age pension scheme.

Jharkhand has over 1.6 million pensioners, 1.4 million of whom have seeded their bank accounts with their Aadhaar numbers to avail of direct bank transfers for their monthly pensions.

Their personal details are now freely available to anyone who logs onto the website, a major privacy breach at a time when the Supreme Court, cyber-security experts and opposition politicians have questioned a government policy to make Aadhaar mandatory to get benefits of a variety of government schemes and services.

When HT reporters logged onto the site, they could drill down to get transaction-level data on pension paid into scores of pension accounts.

The publishing of Aadhaar numbers is in contravention of Section 29 (4) of the Aadhaar Act. Earlier this year, the Unique Identification Authority of India (UIDAI) blacklisted an Aadhaar service provider for 10 years for publishing the Aadhaar number of MS Dhoni, former captain of the Indian cricket team.

The authority has also filed at least eight police complaints in the past month against private parties for “illegally collecting” Aadhaar numbers of citizens – information that the Jharkhand government has now put into the public domain. UIDAI did not respond to queries sent by HT.

At present, the Supreme Court is considering the legality of a government decision to make it mandatory to provide an Aadhaar number when filing income tax returns.

In Jharkhand, officials were surprisingly sanguine about the breach, suggesting that they had been aware of the situation for several days.

“We got to know about it this week itself. Our programmers are working on it, and the matter should be addressed very soon,” said MS Bhatia, secretary of the state’s social welfare department.

Bhatia declined to comment on the legal implications of publishing this information.

“Will the CEO of UIDAI take any action against the government of Jharkhand for making this dataset public? And if they don’t, does that mean they condone this act?” said Pranesh Prakash, policy director at the Centre for Internet and Society.

The data breach, senior Congress leader Jairam Ramesh said, “makes a complete mockery of all that Jaitley and Ravi Shankar Prasad have said in Parliament.”

Problems with Aadhaar-based authentication and enrollment, Ramesh added, had also meant that many vulnerable people had been denied their legally mandated welfare entitlements.

Article source: http://www.hindustantimes.com/india-news/in-massive-data-breach-over-a-million-aadhaar-numbers-published-on-jharkhand-govt-website/story-EeFlScg5Dn5neLyBzrkw1I.html

,

No Comments

Aussie enterprises reactive to security needs to combat data breaches

And Australia and a majority of its Asia Pacific counterparts — 55% to be precise — do not conduct risk assessment studies as a precautionary measure and say they will only do so if there was a security breach or suspected breach.

The study, conducted for LogRhythm by research firm Frost Sullivan, found that approximately 16% of Australian enterprises do not have an action plan in place ahead of any potential security breach, the highest compared to the other countries and regions in the study – Singapore, Malaysia and Hong Kong.

LogRhythm says the data suggests that most enterprises react to data breaches based on previous experience, with the study finding that 80% of organisations in the Asia-Pacific region are confident that their corporate data has not been compromised, while 50% believe their corporate data will not be compromised within the next 12 months.

Enterprises in Asia-Pacific also indicated that the main barriers to implementing a round-the-clock cyber threats system include budgetary constraints and the lack of prior history experiencing a major breach.

LogRhythm says respondents of the survey also indicated that they are likely to outsource if a cyber threat system vecame necessary.

Currently, enterprises in Hong Kong have the highest rate of outsourcing 24/7 security service to a third party while enterprises in Australia, Singapore and Malaysia and prefer to manage it in-house.  

And in Australia 35% of enterprises have a security operations centre operated locally in-house, while 19% outsource to a managed security service provider.

“It is encouraging to hear that Asia-Pacific enterprises are confident about their resiliency against cyber threats. However, these enterprises must ensure that their sense of confidence is not misplaced by proactively conducting cyber-risk assessment within their organisation,” said Bill Taylor-Mountford, vice-president Asia-Pacific and Japan for LogRhythm.

“A risk assessment study will help organisations accurately understand where they are placed in the security maturity model. This is, by far, the best way to measure an organisation’s cyber resilience. The survey revealed that organisations in the region are rather more complacent – performing risk assessment test only after a breach.”

According to Taylor-Mountford, forward-thinking organisations are more proactive in the way they see cyber attacks.

“While they know that a resilient enterprise is not one that won’t be breached, they are always ready, and able to quickly detect and respond to any potential breach. It is because of this mindset that they are less likely to suffer from any material business impact even if they were breached.”

Touted as a multi-billion-dollar business, LogRhythm notes that cyber crime has been on the agenda for world and business leaders globally, with research firm ASD estimating that the Asia-Pacific cyber security market will “mushroom to US$30.39 billion by 2020”.

Taylor-Mountford says the cyber security market in Asia-Pacific was estimated to be around US$17 billion in 2015, but investment in security intelligence and analytics tools was only 2.8%, a fraction of what enterprises spent on perimeter defence.

And, he says, the sophistication of cyber attacks today has, however, raised the need for integration and proficiency in threat mitigation, as deploying latest tools purchased off the shelf has become inadequate.

Charles Lim, industry principal analyst, Frost Sullivan, says, “A passive stance and legacy threat detection software do not suffice if we want to win the war against cyber crime”.

“To do this effectively, more enterprises need to shift from a reactive model focusing on perimeter defence tools to a holistic approach combining security intelligence, analytics and human expertise. This is, therefore, no longer a choice, but a necessity.”

To access the survey and whitepaper — “Exploring Cyber Security Maturity in Asia: A study of Enterprise Corporate Executives, IT Executives IT Practitioners’ Perceptions towards Cyber Security Readiness in Asia-Pacific’ — click here.

Article source: http://www.itwire.com/security/77771-aussie-enterprises-reactive-to-security-needs-to-combat-data-breaches.html

,

No Comments