Australia's Parliament has passed a mandatory data breach notification law that requires some organizations to tell consumers and regulators about an incident within 30 days or face hefty fines. But one security expert says the law has gaps that could pose risks.
The subscription-based breach notification service LeakedSource appears to have gone dry. Security expert Troy Hunt says the privacy writing has been on the wall for the site, owing to it selling access to stolen personal data.
U.S. authorities are reportedly investigating whether Yahoo should have notified investors faster about two separate data breaches that it suffered in 2013 and 2014. Until last year, one breach remained undetected and the full severity of the other was not understood.
A 2015 incident involving unauthorized access to a database that healthcare professionals use to check insurance eligibility of patients appears to have resulted in a breach affecting 220,000 individuals, according to just-released details.
The number of reported U.S. data breaches hit an all-time high in 2016, according to Identity Theft Resource Center. But for half of all breaches, the number of exposed records isn't known. And what about all of the breaches that just haven't come to light?
Most organizations have embraced more than one software platform to automate their critical business processes. Platforms are becoming more flexible, allowing users to customize or configure their own applications. As your use cases grow, you may question whether you should leverage an existing platform for your next...
As enterprises continue to outsource more aspects of their operations to third parties, they expose themselves to more shared risk. It can be a staggering responsibility. Most organizations understand the need to automate vendor risk management activities to keep up with increasing scope and scrutiny. Yet they...
Encryption keeps data confidential, but we're left unprotected from threats that may be embedded in the data. In fact, encryption actually conceals these threats and adds network performance burdens for organizations that wish to inspect encrypted traffic.
The first in a series on encryption, this technical brief...
Breach detection systems (BDS) are security products that offer timely detection of threats. When evaluating these products, customers must take into account traditional factors, such as security effectiveness, deployment options, performance and administrative capabilities.
Since cybercriminals prize new threats...
Replacing traditional antivirus (AV) with advanced endpoint protection (AEP) products may not be the best decision for every organization. If you do decide to switch, determining which AEP product is the best fit can be challenging as claims of capabilities and value differ between products.
This guide provides...
In a reminder of HIPAA's tough requirements for breach notification, federal regulators have issued a $475,000 financial settlement and corrective action plan for Chicago-based Presence Health tied to its tardy notification for a 2013 paper records breach affecting only about 800 individuals.
For the second year in a row, the vast majority of health data breach victims were affected by hacker attacks in 2016, and the trend shows no signs of abating. Experts offer forecasts for breach trends in the year ahead.
Community Health Plan of Washington, a not-for-profit insurance company, says a security vulnerability on the computer network of a business associate resulted in a breach affecting nearly 400,000 individuals.
A report foreseeing homegrown hacktivists showing their displeasure with President-elect Donald Trump by launching cyberattacks against U.S. government sites leads the latest edition of the ISMG Security Report. Also, the details behind the 1 billion-record hack of Yahoo.