breach analysis

Governor Brown of California has signed a strengthened breach notification bill, which amends Sections 1798.29 and 1798.82 of the California Civil Code in important ways. Previous versions had been repeatedly vetoed by Arnold Schwarzenegger. As described[.DOC] by its sponsor’s office, this law: Establishes standard, core content — such as the type of information breached, time…

Read More California gets a strengthened Breach Notification Law

JC Penney, Wet Seal: Gonzalez Mystery Merchants JCPenney and Wet Seal were both officially added to the list of retail victims of Albert Gonzalez on Friday (March 26) when U.S. District Court Judge Douglas P. Woodlock refused to continue their cloak of secrecy and removed the seal from their names. StorefrontBacktalk had reported last August…

Read More J.C. Penny knew best

Precision blogging gets the scoop: You’re probably talking about this terrible security disaster already: the largest database leak ever. Arweena, a spokes-elf for Santa Claus, admitted a few hours ago that the database posted at WikiLeaks yesterday is indeed the comprehensive 2009 list of which kids have been naughty, and which were nice. The source…

Read More Biggest Breach Ever

It’s been a bad couple of weeks for residents of Connecticut and their personal health information. First Blue Cross Blue Shield had a laptop stolen with enough PHI that over 800K doctors were notified that their patients were at risk, including almost 19K in Connecticut. Connecticut’s attorney general said Monday that he’s investigating insurer Blue…

Read More Connecticut Attorney General On The March

There’s new papers by two law professors whose work I enjoy. I haven’t finished the first or started the second, but I figured I’d post pointers, so you’ll have something to read as we here at the Combo improvise around Cage’s 2:33. Paul Ohm has written “Broken Promises of Privacy: Responding to the Surprising Failure…

Read More New on SSRN

The nation’s Social Security numbering system has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth. The findings, published Monday in The Proceedings of the National…

Read More Social Security Numbers are Worthless as Authenticators

According to ZDNet, “Coleman donor data breached in January, but donors alerted by Wikileaks not campaign:” Donors to Minnesota Senator Norm Coleman’s campaign got a rude awakening this week, thanks to an email from Wikileaks. Coleman’s campaign was keeping donor information in an unprotected database that contained names, addresses, emails, credit card numbers and those…

Read More "No Evidence" and Breach Notice