Microsoft data leak points to expansive industry-wide security vulnerabilities
Microsoft made headlines this week when it was discovered that nearly 250 million customer service and support records were exposed on the Web through several unsecured cloud servers. But that’s only a glimpse into wider cloud-security weaknesses throughout the industry.
Proposed bill seeks to help non-federal entities improve cyber-security
A new bill proposed by Congress would install a federal “cyber-security state coordinator” in each state to facilitate non-federal entities’ access to technical know-how, training, communications, and other resources for improved cyber-security.
Lawmakers push for FTC probe into Envestnet data sales
Democratic Sens. Ron Wyden and Sherrod Brown and Rep. Anna Eshoo sent a letter to the Federal Trade Commission urging the agency to investigate Envestnet’s selling practices regarding consumer financial data.
Equifax must spend ‘a minimum of $1B’ for data security
A massive data breach that was “entirely preventable” will cost credit-reporting agency Equifax another $1 billion to beef up its cyber-security efforts.
Cyber-threats, regulatory change highlight top-10 risks study
Cyber-incidents, business interruption, and changes in legislation and regulation are the three biggest risks to companies globally, according to research by German insurer Allianz.
FTC strengthens orders in data security cases
Chief compliance officers seeking more guidance from the Federal Trade Commission on how the agency has improved its orders in data security cases will find helpful a recent blog post by Andrew Smith, director of the Bureau of Consumer Protection.
U.S. government warns: Be prepared for Iran cyber war
The killing of Iranian general Qassem Soleimani in a U.S. airstrike may bring about cyber warfare, the U.S. government has warned in a security bulletin.
Wawa data breach part of ‘concerning’ industry trend?
While Wawa continues to investigate the source of a widespread data breach that put thousands of customers at risk, its connection to a recent Visa alert suggests other retailers should be on the lookout for similar threats to their cyber-security infrastructure.
New COSO guidance addresses cyber-risk management
Boards of directors, audit committee members, and executive management teams interested in learning how to apply COSO’s Enterprise Risk Management framework to protect against cyber-attacks now have new guidance available.
Top EU advisor: Clauses used for EU-U.S. data transfers ‘valid’
Big Tech can breathe a sigh of a relief that the mechanisms it uses to transfer data outside of the European Union to “third countries” provide sufficient privacy protection, according to a key advisor to the EU’s top court.
Widespread Wawa data breach puts thousands at risk
Convenience store chain Wawa announced it has suffered a massive data breach that has affected “potentially all” of its store locations, compromising the debit and credit card information of thousands of customers.
SEC names new cyber chief
The Securities and Exchange Commission announced the appointment of Kristina Littman as chief of the Division of Enforcement’s Cyber Unit.
Introducing ‘The Excellence in Compliance Awards’
Compliance Week is making some changes to its annual awards for 2020, evolving the “Top Minds” recognition into a full-blown, specifically targeted awards program dubbed “The Excellence in Compliance Awards.”
U.S. consumers express unease over personal data collection
A recent survey says a majority of Americans don’t trust data privacy policies and procedures, even while U.S. companies are hastening to enhance them in advance of the California Consumer Privacy Act’s implementation.
10 things you need to know about CCPA compliance
It’s go-time for compliance as the clock ticks toward the Jan. 1 effective date of the California Consumer Privacy Act.
Report: Investor confidence in audit committees high; more transparency needed
The 2019 Audit Committee Transparency Barometer indicated investor confidence in audit committee effectiveness was strong (81 percent) and had increased 10 percentage points since the first report was issued in 2014.
Data-driven compliance can create business success
Smart uses of data analytics show companies can not only improve their compliance programs with technology, but actually create bottom-line results for their companies as well.
Best practices for choosing the right data privacy software
Don’t expect a plug-and-play technology solution to this complex new problem.
Proactive approach needed in today’s cyber-crime environment
An expert sheds light on behavioral science-driven solutions that help businesses prepare for a breach before it happens.
Cyber-security glossary
For those unfamiliar with the vernacular involved with cyber-security and the methods by which bad actors attempt to access restricted data, we present this glossary of common terms.
Verizon finds payment security declines for 2nd consecutive year
Although the Payment Card Industry Data Security Standard (PCI DSS) launched back in 2004, 15 years later, most organizations still struggle to adhere to it.
Data protection compliance lessons from UniCredit breach
UniCredit announced its cyber-security team has identified a data breach that compromised the personal records of approximately three million clients in Italy, highlighting critical compliance lessons for those in the financial services industry.
Big Tech, banking policymakers clash over cloud computing
The “move fast and break things” mantra of the tech world rubs up against a more rigid banking industry as the two find their way in the cloud—but is more legislation really necessary?
NIST provides guidance on how to bridge privacy, cyber-security processes
NIST’s new draft Privacy Framework offers much-needed guidance to help companies align their data privacy and cyber-security risk management practices.
DoorDash data mishap showcases hazards of third-party vendors
DoorDash announced an incident of unauthorized third-party access to user data—a reminder companies need to mind the cyber-security of vendors in addition to their own.
Juniper settles FCPA case with SEC for $11.7M
Juniper Networks has reached an $11.7 million settlement with the SEC for violations of the Foreign Corrupt Practices Act concerning its sales practices in Russia and China.
Mastercard reveals data breaches in third-party loyalty program
Mastercard is investigating two data breaches relating to a loyalty program it ran in Germany following a leak of personal information that saw customers’ names, addresses, and credit card numbers circulating on the internet.
European Central Bank announces data breach
The European Central Bank announced unauthorized parties breached the security measures protecting its Banks’ Integrated Reporting Dictionary (BIRD) Website, which is hosted by an external provider.
Capital One hacker may have targeted dozens more
It appears Capital One may be just one in a long list of companies and organizations to be victimized by what now appears to be the inner workings of a serial hacker, in what the Department of Justice is calling one of “the largest cyber intrusions and data thefts in ...
Facebook loses appeal, faces costly privacy class action
The ruling of a federal appeals court has Facebook once again at risk of facing fines north of $1 billion for alleged misuse of users’ biometric data.
Cisco’s $8.6M settlement for security flaws has broader ramifications
Cisco has reached an $8.6 million settlement for knowingly selling video surveillance software with critical security vulnerabilities. It’s believed to be the first cyber-security whistleblower case of its kind successfully litigated under the False Claims Act.
Capital One announces massive data breach
Capital One Financial announced a hacker obtained the personal information of approximately 100 million individuals in the United States and approximately six million individuals in Canada.