breach analysis

A Missouri state bill requiring notification of the state attorney general as well as of individuals whose records have been exposed just took a step closer to becoming law. As reported in the St. Louis Business Journal on April 1: Missouri businesses would be required to notify consumers when their personal or financial information is…

Read More Mo-mentum on centralized breach reporting?

March 15-21 is “Sunshine Week“, a government transparency initiative described by its main proponents as a national initiative to open a dialogue about the importance of open government and freedom of information. Participants include print, broadcast and online news media, civic groups, libraries, non-profits, schools and others interested in the public’s right to know. The…

Read More Happy Sunshine Week

According to ZDNet, “Coleman donor data breached in January, but donors alerted by Wikileaks not campaign:” Donors to Minnesota Senator Norm Coleman’s campaign got a rude awakening this week, thanks to an email from Wikileaks. Coleman’s campaign was keeping donor information in an unprotected database that contained names, addresses, emails, credit card numbers and those…

Read More "No Evidence" and Breach Notice

Salon reports “Identity theft up, but costs fall sharply:” In 2008, the number of identity theft cases jumped 22 percent to 9.9 million, according to a study released Monday by Javelin Strategy & Research. The good news is that the cost per incident — including unrecovered losses and legal fees — fell 31 percent to…

Read More Javelin ID theft survey

So the 2008 Ponemon breach survey is out and I’m reading through it, but I wanted to expand on the headline: “Ponemon Study Shows Data Breach Costs Continue to Rise.” This is the report’s figure 3: Left to right, those are “detection and escalation,” notification, “ex-post response” and “lost business.” I note that 2 fell,…

Read More First Impressions of the 2008 Ponemon Report