2005, Information Security, Privacy and Risk - Information Management Today

2005

Information Security

Privacy

Risk

Canadian Flair Airlines left user data leaking for months

Security Affairs

SEPTEMBER 26, 2023

This increases the risk of passengers’ personal information, such as emails, names, or addresses, ending up in the wrong hands. Flyflair.com belongs to the Canadian ultra-low-cost carrier Flair Airlines, founded in 2005. The leak consisted of publicly accessible environment files hosted on the flyflair.com website.

Phishing

Phishing Access Security Privacy

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Trending Sources

HHS Settles Potential HIPAA Violations with Concentra Health Services and QCA Health Plan Inc.

Hunton Privacy

APRIL 28, 2014

On April 23, 2014, the Department of Health and Human Services (“HHS”) announced settlements with two health care companies stemming from allegations of inadequate information security practices in the wake of investigations involving stolen laptop computers. Concentra Health Services (“Concentra”) and QCA Health Plan Inc. (“QCA”)

Data breaches

Data breaches Risk Encryption Compliance

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

NERC $10,000,000 Fine of Public Utility Highlights the Need for Cybersecurity Preparedness and CIP Compliance Programs

Data Matters

FEBRUARY 26, 2019

Although none of the violations resulted in any reported outages, NERC concluded that the cumulative effect of the violations posed a serious risk to the reliability of the bulk U.S. A clear theme throughout the settlement is the necessity to create a top-down, enterprise-wide culture of compliance and cyber risk management.

Energy and Utilities

Energy and Utilities Compliance Cybersecurity Risk

OCR Settles Two HIPAA Cases with Public Health Centers in Oregon and Mississippi

Hunton Privacy

JULY 28, 2016

These vulnerabilities included (1) storing electronic protected health information (“ePHI”) on a cloud-based server without entering into a business associate agreement (“BAA”) with the cloud provider; (2) conducting inadequate risk analyses; and (3) failing to implement a mechanism to encrypt and decrypt ePHI.

Compliance

Compliance Security awareness Risk Encryption

Alleged Violations of a Privacy Policy

Hunton Privacy

FEBRUARY 4, 2009

A recent federal court decision offers a detailed analysis of several theories of liability for violations of a privacy policy. During her visit, she provided Jackson Hewitt with confidential information such as her Social Security number, date of birth and driver’s license number. Jackson Hewitt Tax Service Inc.,

Privacy

Privacy Insurance Risk Access

G Suite users’ passwords stored in plain-text for more than 14 years

Security Affairs

MAY 22, 2019

“We made an error when implementing this functionality back in 2005: The admin console stored a copy of the unhashed password. To be clear, these passwords remained in our secure encrypted infrastructure.” This practice did not live up to our standards. ” continues Google.

Passwords

Passwords Encryption Access Cloud

Federal Trade Commission Comes out Swinging: Two-Day Enforcement Haul Totals More than $18.5 Million

Hunton Privacy

OCTOBER 20, 2009

The FTC alleged violations of the Children’s Online Privacy Protection Act (“COPPA”) and Section 5 of the FTC Act. This agreement, which expands the company’s obligations under the original consent order, follows a security breach that occurred in 2008. Yesterday, the FTC announced that ChoicePoint, Inc.

Privacy

Privacy Sales Information Security Marketing

Liability for Data Security Auditors

Hunton Privacy

JUNE 16, 2009

The offer was contingent upon CardSystems achieving certification under VISA’s Cardholder Information Security Program (“CISP”), which is the predecessor to the Payment Card Industry Data Security Standard (“PCI DSS”). Data security auditors would likely increase the price of audits to account for the increased risk.

Security

Security Data breaches Information Security Encryption

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

JANUARY 25, 2018

2005); United States v. When disclosing matters relating to the investigation, limit such disclosures to facts alone, not findings, conclusions, protected communications or other matters of judgment, unless the company has carefully weighed and considered the benefits and risks of making such disclosures and potentially waiving the privilege.

Data breaches

Data breaches Communications Financial Services Privacy

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

On August 11, 2021, the Federal Financial Institutions Examination Council (FFIEC)1 issued guidance establishing risk management principles and practices to support the authentication of users accessing a financial institution’s information systems and customers accessing a financial institution’s digital banking services (the Guidance).

Authentication

Authentication Access Risk Financial Services

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Starting with her first desktop on a Unix machine at age 12, Eva Galperin’s contributions to cybersecurity include research on malware and privacy. Carey | @marcusjcarey.

Cybersecurity

Cybersecurity e-Discovery Passwords Information Security

List of Data Breaches and Cyber Attacks in 2023

IT Governance

JUNE 1, 2023

Meanwhile, you can subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. With that out of the way, it’s time to move on to May 2023.

Data breaches

Data breaches Insurance Personal data Ransomware

European Data Privacy Day Expert Panel Provides 30-Year Retrospective on UK Data Protection

Hunton Privacy

FEBRUARY 1, 2013

On January 28, 2013, the London office of Hunton & Williams marked European Data Privacy Day with the launch of the fourth edition of Data Protection Law & Practice , written by Senior Attorney Rosemary Jay. During her tenure, people began to speak of “privacy.”. The Emergence of the “Surveillance Society” – 2002 to 2009.

Data Privacy

Data Privacy Privacy Computer and Electronics Education

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

ForAllSecure

JANUARY 22, 2023

Having a common framework around vulnerabilities, around threats , helps us understand the information security landscape better. Literally, how the rebellion fighting the Empire has echoes in how we approach and mitigate information security threats. SHOSTACK: So, um, you come again, came about, actually in 2005.

Cloud

Cloud Security IT Authentication

Canadian Flair Airlines left user data leaking for months

New York Enacts Stricter Data Cybersecurity Laws

Webinars

Trending Sources

HHS Settles Potential HIPAA Violations with Concentra Health Services and QCA Health Plan Inc.

Webinars

NERC $10,000,000 Fine of Public Utility Highlights the Need for Cybersecurity Preparedness and CIP Compliance Programs

OCR Settles Two HIPAA Cases with Public Health Centers in Oregon and Mississippi

Alleged Violations of a Privacy Policy

G Suite users’ passwords stored in plain-text for more than 14 years

Federal Trade Commission Comes out Swinging: Two-Day Enforcement Haul Totals More than $18.5 Million

Liability for Data Security Auditors

Protection of Privilege in the Aftermath of a Data Breach

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Top Cybersecurity Accounts to Follow on Twitter

List of Data Breaches and Cyber Attacks in 2023

European Data Privacy Day Expert Panel Provides 30-Year Retrospective on UK Data Protection

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

Stay Connected