Tue.Apr 03, 2018

article thumbnail

Panera Bread Data Leak Persisted For Eight Months

Data Breach Today

Database of Customer Information Left Exposed via Unauthenticated API Endpoint Panera Bread is warning that information on 10,000 customers has been inadvertently exposed. The data leak, however, persisted despite the company being alerted to the problem eight months ago, and there are signs that the victim tally may be much higher.

184
184
article thumbnail

A radical proposal to keep your personal data safe | Richard Stallman

The Guardian Data Protection

The surveillance imposed on us today is worse than in the Soviet Union. We need laws to stop this data being collected in the first place • Richard Stallman is president of the Free Software Foundation Journalists have been asking me whether the revulsion against the abuse of Facebook data could be a turning point for the campaign to recover privacy.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Do's and Don'ts of Reporting to the Board

Data Breach Today

CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics, says Jacob Olcott of BitSight. He offers advice for maximizing the opportunity in front of the Board.

124
124
article thumbnail

Steps to Mapping, Testing, and Implementing a Process

AIIM

This is an overview of what is involved when it comes to documenting how to automate your processes. Of course, the devil’s in the details, and certainly, this is not the only way, but after listening to and learning from hundreds of our industry’s best consultants and analysts (the benefit of producing so many webinars – I listen to them all), I think this is one approach for you to consider.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Verifying Vendors' Security Programs

Data Breach Today

Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview.

Security 124

More Trending

article thumbnail

LinkedIn Breach: Russian Suspect Extradited to US

Data Breach Today

Czechs Extradite Suspect Also Charged With Hacking Dropbox and Formspring Russian national Yevgeniy Nikulin, 30, has been extradited to the U.S. from the Czech Republic to face charges that he hacked LinkedIn, Dropbox and Formspring, offering at least some stolen data for sale.

Sales 113
article thumbnail

Facebook apologises for storing draft videos users thought they had deleted

The Guardian Data Protection

Facebook says ‘bug’ resulted in videos being kept, while CEO Mark Zuckerberg hits back at Apple chief Tim Cook’s ‘extremely glib’ attack Facebook continues to deal with the fallout of the Cambridge Analytica files , announcing policy changes and bug fixes aimed at undoing some of the company’s more controversial data collection features. On Monday, Facebook apologised for storing draft videos which users had filmed and then deleted, saying a “bug” resulted in them being indefinitely stored inste

article thumbnail

The Road to Actionable Threat Intelligence

Data Breach Today

Processing and parsing intelligence from all sources - external and internal, structured and abstract - across three important categories is essential to a proactive, predictive threat intelligence framework, says Verizon's Ashish Thapar

100
100
article thumbnail

Alabama Becomes Final State to Enact Data Breach Notification Law

Hunton Privacy

On March 28, 2018, Alabama became the final state in the U.S. to enact a data breach notification law. The Alabama Data Breach Notification Act of 2018 (S.B. 318) (“the Law”) goes into effect on May 1, 2018. Key Provisions of the Alabama Data Breach Notification Act of 2018: The law applies to “covered entities” and their “third-party agents.” “Covered entity” is defined as “a person, sole proprietorship, partnership, government entity, corporation, nonprofit, trust, estate, cooperative associat

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

5 Steps for Implementing an Effective Cyber SOC

Data Breach Today

Cyber SOCs, the next generation of security operations centers, need to use a new approach to detecting emerging attacks, says Aadesh Gawde of the IT risk consultancy ProVise Consulting, who offers implementation tips.

Risk 100
article thumbnail

MyFitnessPal data breach: 150 million app users affected

IT Governance

Last week it was confirmed that the personal details of approximately 150 million users of Under Armour’s MyFitnessPal app were compromised after criminal hackers acquired usernames, email addresses and hashed passwords. This is one of the biggest hacks in history and, although payment card data was not affected, app users are likely to be concerned.

article thumbnail

Public Hearing on IoT Risks

Schneier on Security

The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products. The information received from the public hearing will be used to inform future Commission risk management work.

IoT 74
article thumbnail

GDPR compliance for professional services firms: time to get on track

IT Governance

The General Data Protection Regulation (GDPR)’s compliance deadline is looming. Every organisation that processes personal data must be in compliance with the new law by 25 May or risk substantial regulatory fines from the Information Commissioner’s Office and legal action from aggrieved data subjects. If you haven’t already, your firm must start your compliance project straight away or risk being in non-compliance.

GDPR 69
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

RSA Conference 2018: Security Takes Center Stage

Thales Cloud Protection & Licensing

RSA Conference 2018 is just under two weeks away, and there isn’t a better moment to talk about data security and privacy. The theme for RSA this year is ‘Now Matters.’ Based on the countless data breaches, hacks and ransomware attacks that occurred in the past year, now certainly matters We saw new forms of ransomware with the WannaCry and Petya attacks that took place in the Spring of 2017 as a result of the Shadow Broker’s NSA data dump.

article thumbnail

How CISMP can help your information security career

IT Governance

A career in information security management is very alluring: it’s rewarding, there’s a high demand for skilled professionals and it comes with a generous salary. All you need to do to get started is gain a Certificate in Information Security Management Principles (CISMP). CISMP provides a broad introduction to information security management, making it ideal for either those looking to begin their careers in the field or professionals who want a deeper understanding of information security as p

article thumbnail

Top 10 Distributed Denial of Service (DDoS) Vendors

eSecurity Planet

Compare top 10 DDoS vendors on key characteristics such as use cases, delivery, intelligence, and pricing, to help your enterprise choose the best solution for your DDoS security needs.

article thumbnail

Paul Nakasone Will Have to Balance NSA Needs With US Cyber Command Background

WIRED Threat Level

The appointment of Paul Nakasone raises the question again: Should the NSA and Cyber Command be controlled by one man?

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Data Security and Protection (DSP) Toolkit launched for health and social care

IT Governance

For more than a decade, the Information Governance (IG) Toolkit has been the all too familiar – although not always welcome – annual obligation for healthcare organisations to demonstrate their accord compliance with the Department of Health (DoH) standards for data security. 31 March 2018 marked the final submission date for the IG Toolkit v.14.1, which has now been replaced with the new, more comprehensive Data Security and Protection (DSP) Toolkit.

GDPR 61
article thumbnail

The Guardian view on Grindr and data protection: don’t trade our privacy | Editorial

The Guardian Data Protection

The idea that people’s HIV status and physical location should be used by advertisers is unsurprising in the tech world and horrifying outside it. Outrage at this is justified The gay hookup app Grindr, used by millions of people every day to find sexual partners, has been sharing its users’ HIV status with third parties. There could not be a more dramatic illustration of the pervasive nature of the data economy.

Privacy 57
article thumbnail

The Digital Core: Powering efficiency and innovation for the Utilities industry

OpenText Information Management

As we embark on our Innovation Tour 2018, I’m reminded of a prediction from Gartner. In 2015, the firm suggested that 80% of processes and products will be reinvented, digitized or eliminated by 2020. It feels like we’re well on the way to proving Gartner right. I think the challenge is bigger for the Utilities industry … The post The Digital Core: Powering efficiency and innovation for the Utilities industry appeared first on OpenText Blogs.

article thumbnail

Panera Bread Leaves Millions of Customer Records Exposed Online

Dark Reading

Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.

62
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Customer satisfaction: The key benefit of EDI for small business

OpenText Information Management

According to the Harvard Business Review, it costs five to 25 times more to acquire a new customer than to retain an existing one. So how do you build customer satisfaction levels that lead to growing business and long-term profitable customer relationships? For small businesses at least, the implementation of an Electronic Data Interchange (EDI) … The post Customer satisfaction: The key benefit of EDI for small business appeared first on OpenText Blogs.

B2B 54
article thumbnail

Panera Bread Slammed After Keeping Massive Data Leak Quiet For Eight Months

Threatpost

Panera is in hot water after sitting on a massive data leak for eight months on its website - and then trying to downplay the amount of customers impacted by the leak.

IT 50
article thumbnail

U.S. Department of Commerce Posts Update of Actions to Support the Privacy Shield Frameworks

Hunton Privacy

On March 26, 2018, the U.S. Department of Commerce posted an update on the actions it has taken between January 2017 and March 2018 to support the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, the “Privacy Shield”). The update details measures taken in support of commercial and national security issues relating to the Privacy Shield.

Privacy 47
article thumbnail

Akamai DDoS Mitigation Solution: Overview and Analysis

eSecurity Planet

We review Akamai's DDoS solution, which handles up to 8 Tbps of network capacity while mitigating DNS-based DDoS attacks and protecting DNS services.

53
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

6 GDPR myths that can sabotage compliance efforts

Information Management Resources

Falling into the trap of believing any of the following points can lead to overconfidence, poor risk assessments, wasted effort and ultimately noncompliance.

article thumbnail

Google’s April Android Security Bulletin Warns of 9 Critical Bugs

Threatpost

Google updates its Android OS to address its own OS and component partners Qualcomm and Broadcom.

article thumbnail

Facebook scandal alarms China eyeing next frontier in AI battle

Information Management Resources

From robotics, to language and image recognition, to heath care and military applications, many expect artificical intelligence to drive future economic growth and define great power competition.