Do data breaches have consequences? Will Equifax CIO serve jail time for insider trading?

“Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.” Richard R. Best, SEC - Atlanta Division For years many in the cybersecurity/data breach space have been saying that somebody is going to have to go to jail before corporate decision-makers begin to take cybersecurity … Continue reading Do data breaches have consequences? Will Equifax CIO serve jail time for insider trading?

Do data breaches have consequences? Law firm closes due to irreparable damages to its reputation

The once prestigious 40-year law firm Mossack Fonseca, infamously known for its data breach that revealed the Panama Papers, is closing at the end of the month. The reason, in its words: “The reputational deterioration, the media campaign, the financial siege and the irregular actions of some Panamanian authorities have caused irreparable damage, whose obligatory … Continue reading Do data breaches have consequences? Law firm closes due to irreparable damages to its reputation

Marine corp data breach lesson: human error is often the cause and is preventable

There has been a data breach emanating from the U.S. Marine Corps Forces Reserve that impacted 21,426 individuals. The breach exposed their sensitive personal information such as truncated social security numbers, bank electronic funds transfer and bank routing numbers, truncated credit card information, mailing address, residential address and emergency contact information. Calm down and press the … Continue reading Marine corp data breach lesson: human error is often the cause and is preventable

What is “reasonable cybersecurity” and how do courts view it? (SecureWorld interviews)

What is "reasonable cybersecurity" and how do courts view "reasonable cybersecurity"? See KnowB4's discussion of these interviews These are two excellent questions that I was asked and I answered, as succinctly as I could, in two short interviews with SecureWorld. Tell me what you think about my answers. What Is Reasonable Cybersecurity? - SecureWorld article … Continue reading What is “reasonable cybersecurity” and how do courts view it? (SecureWorld interviews)

Uber’s CISO Makes Case for Uniform National Data Breach Notification Law

Uber's Chief Information Security Officer (CISO), John Flynn, made a case for a uniform national data breach notification law in his testimony to members of Congress (see penultimate paragraph of full written testimony): I would like to conclude by stating that we strongly support a unified, national approach to data security and breach standards. We are … Continue reading Uber’s CISO Makes Case for Uniform National Data Breach Notification Law