Lessons from Zoom: Coronavirus exposes videoconference risks
Stay-at-home orders during the coronavirus pandemic have led to explosions of use for popular videoconferencing platforms, some of which have struggled to adjust to new privacy concerns.
Latest Marriott breach exposes 5.2M guests
Marriott International says a breach may have compromised the personal data of 5.2 million customers, the second significant data breach for the hotel chain since 2018.
App offers $1M bounty for proof of alleged hacking smear campaign
Popular face-to-face social networking app Houseparty is on the defensive amid claims of a data breach, offering a $1 million bounty for proof in what it believes may be a “paid commercial smear campaign.”
CCPA, SHIELD Act to take back seat during coronavirus pandemic?
With state attorneys general now fixated on “stay at home” directives amid the coronavirus pandemic, oversight of data privacy regulation may dip. But consumers—and the plaintiffs’ bar—are still watching.
Analysis: Cyber-attacks spike in Italy linked to coronavirus
Italy, a region in quarantine, is experiencing a spike in attempted cyber-attacks to capture the login credentials of employees working remotely. But not all the attacks have been successful, and that’s where the lessons lie.
5 tips to immunize yourself against coronavirus-emboldened hackers
In this time of fear and uncertainty, it’s more critical than ever to practice good cyber-security hygiene (just think of it as the technical version of proper handwashing).
Employees working from home to avoid coronavirus? Protect your data
With the coronavirus threat having moved on from disrupting your business’s supply chain to threatening your employees’ health at home, now is the time to implement that company-wide remote workplace plan.
Webcast: Regulatory update for financial services
FINRA’s Exam Priorities, Regulation BI, and the SEC’s Cybersecurity Guidance
T-Mobile data breach: A cautionary tale for all companies
For the second time in a matter of four months, T-Mobile announced it has suffered a data breach. Cyber-security experts say it’s a cautionary tale about the vulnerabilities of e-mail accounts that are not properly secured.
Virgin Media could face GDPR pressure after data breach
Virgin Media is likely to be in the GDPR crosshairs after disclosing a recent breach that affected approximately 900,000 customers to the U.K.’s data regulator.
U.K.’s ICO fines Cathay Pacific for pre-GDPR breach
The U.K. Information Commissioner’s Office has fined airline Cathay Pacific £500,000 (U.S. $643,000) for failing to protect the personal data of millions of customers.
Controversial facial image aggregator Clearview AI reveals breach
A company with a huge database of facial images informed its law enforcement customers this week that it suffered a data breach.
White paper: Achieving Compliance with TPRM Regulatory and Framework Requirements
Measuring compliance against third-party risk management requirements is complex and time consuming; and with growing numbers of data breaches originating with third parties and all the regulatory activity that comes as a result, it never lets up.
Reports: Bieber, Twitter’s Dorsey among 10.6M affected by MGM Resorts hack
Pop star Justin Bieber and Twitter CEO Jack Dorsey were among 10.6 million MGM Resorts guests to have their personal information exposed in a data breach last year, according to multiple reports.
Treasury Secretary sets goal for cryptocurrency regulation
Taking into account the Trump administration’s trade concerns involving cryptocurrencies, the Treasury Department has announced it will roll out new regulations later this year.
More than minor changes? Assessing the latest CCPA updates
The business community was already rushing to comply with the CCPA’s Jan. 1 effective date. But does this latest change ease the way to compliance or just raise more questions?
Equifax indictment and the making of a Chinese cyber-attack
The DOJ announced four members of the Chinese military have been indicted on charges of hacking into the computer systems of Equifax, ultimately resulting in the largest-ever breach of consumer data. From an ERM standpoint, the indictment offers an inside look at the making of a Chinese cyber-attack.
NIST seeks comment on ransomware, cyber-attack guidance
The National Institute of Standards and Technology is seeking input on a trio of draft guidance published in the past week. Two of the drafts address ransomware attacks, and the third addresses protecting against cyber-attacks in the supply chain.
First four ‘Excellence in Compliance Awards’ finalists revealed
Compliance Week is proud to announce its first four finalists for the “Excellence in Compliance Awards,” a newly formed program that recognizes individual achievement in one of 13 categories relating to risk and compliance.
Germany’s dual approach to data regulation under the GDPR
Germany is staying ahead of the game with an advanced crackdown on data privacy and competition law violations.
Avast dissolves analytics arm following privacy scandal
Avast maintains it always acted “fully within legal bounds,” but the British cyber-security company terminated the provision of data to its analytics arm, Jumpshot, after being accused of putting users’ privacy at risk.
Facebook reveals $550M settlement for Illinois privacy lawsuit
Facebook has reached a $550 million settlement in principle in connection with a class-action lawsuit it faced in Illinois over violations of a state biometric law.
SEC, NSA issue new cyber-security guidance
Two new guidance documents, one from the SEC’s Office of Compliance Inspections and Examinations and another from the National Security Agency, aim to help companies improve their cyber-security efforts, including managing vulnerabilities in the cloud.
Microsoft data leak points to industry-wide security vulnerabilities
Microsoft made headlines when it was discovered that nearly 250 million customer service and support records were exposed on the Web through several unsecured cloud servers. But that’s only a glimpse into wider cloud-security weaknesses throughout the industry.
Proposed bill seeks to help non-federal entities improve cyber-security
A new bill proposed by Congress would install a federal “cyber-security state coordinator” in each state to facilitate non-federal entities’ access to technical know-how, training, communications, and other resources for improved cyber-security.
Lawmakers push for FTC probe into Envestnet data sales
Democratic Sens. Ron Wyden and Sherrod Brown and Rep. Anna Eshoo sent a letter to the Federal Trade Commission urging the agency to investigate Envestnet’s selling practices regarding consumer financial data.
Equifax must spend ‘a minimum of $1B’ for data security
A massive data breach that was “entirely preventable” will cost credit-reporting agency Equifax another $1 billion to beef up its cyber-security efforts.
Cyber-threats, regulatory change highlight top-10 risks study
Cyber-incidents, business interruption, and changes in legislation and regulation are the three biggest risks to companies globally, according to research by German insurer Allianz.
FTC strengthens orders in data security cases
Chief compliance officers seeking more guidance from the Federal Trade Commission on how the agency has improved its orders in data security cases will find helpful a recent blog post by Andrew Smith, director of the Bureau of Consumer Protection.
U.S. government warns: Be prepared for Iran cyber war
The killing of Iranian general Qassem Soleimani in a U.S. airstrike may bring about cyber warfare, the U.S. government has warned in a security bulletin.
Wawa data breach part of ‘concerning’ industry trend?
While Wawa continues to investigate the source of a widespread data breach that put thousands of customers at risk, its connection to a recent Visa alert suggests other retailers should be on the lookout for similar threats to their cyber-security infrastructure.
New COSO guidance addresses cyber-risk management
Boards of directors, audit committee members, and executive management teams interested in learning how to apply COSO’s Enterprise Risk Management framework to protect against cyber-attacks now have new guidance available.
Top EU advisor: Clauses used for EU-U.S. data transfers ‘valid’
Big Tech can breathe a sigh of a relief that the mechanisms it uses to transfer data outside of the European Union to “third countries” provide sufficient privacy protection, according to a key advisor to the EU’s top court.
Widespread Wawa data breach puts thousands at risk
Convenience store chain Wawa announced it has suffered a massive data breach that has affected “potentially all” of its store locations, compromising the debit and credit card information of thousands of customers.
SEC names new cyber chief
The Securities and Exchange Commission announced the appointment of Kristina Littman as chief of the Division of Enforcement’s Cyber Unit.
Introducing ‘The Excellence in Compliance Awards’
Compliance Week is making some changes to its annual awards for 2020, evolving the “Top Minds” recognition into a full-blown, specifically targeted awards program dubbed “The Excellence in Compliance Awards.”
U.S. consumers express unease over personal data collection
A recent survey says a majority of Americans don’t trust data privacy policies and procedures, even while U.S. companies are hastening to enhance them in advance of the California Consumer Privacy Act’s implementation.
10 things you need to know about CCPA compliance
It’s go-time for compliance as the clock ticks toward the Jan. 1 effective date of the California Consumer Privacy Act.
Report: Investor confidence in audit committees high; more transparency needed
The 2019 Audit Committee Transparency Barometer indicated investor confidence in audit committee effectiveness was strong (81 percent) and had increased 10 percentage points since the first report was issued in 2014.
Data-driven compliance can create business success
Smart uses of data analytics show companies can not only improve their compliance programs with technology, but actually create bottom-line results for their companies as well.
Best practices for choosing the right data privacy software
Don’t expect a plug-and-play technology solution to this complex new problem.
Proactive approach needed in today’s cyber-crime environment
An expert sheds light on behavioral science-driven solutions that help businesses prepare for a breach before it happens.
Cyber-security glossary
For those unfamiliar with the vernacular involved with cyber-security and the methods by which bad actors attempt to access restricted data, we present this glossary of common terms.
Verizon finds payment security declines for 2nd consecutive year
Although the Payment Card Industry Data Security Standard (PCI DSS) launched back in 2004, 15 years later, most organizations still struggle to adhere to it.
Data protection compliance lessons from UniCredit breach
UniCredit announced its cyber-security team has identified a data breach that compromised the personal records of approximately three million clients in Italy, highlighting critical compliance lessons for those in the financial services industry.
Proofpoint, Hootsuite partner on compliance verification
Proofpoint and Hootsuite announced a partnership to allow real-time compliance verification on Hootsuite’s social media platform.
Trustwave launches security testing service
Trustwave announced Trustwave Security Testing Services, a comprehensive portfolio designed to give enterprises and government agencies the ability to acquire, apply, and fully manage security scanning.
Big Tech, banking policymakers clash over cloud computing
The “move fast and break things” mantra of the tech world rubs up against a more rigid banking industry as the two find their way in the cloud—but is more legislation really necessary?
NIST provides guidance on how to bridge privacy, cyber-security processes
NIST’s new draft Privacy Framework offers much-needed guidance to help companies align their data privacy and cyber-security risk management practices.
K2 Intelligence, Financial Integrity Network merge
K2 Intelligence announced it has signed a definitive agreement to acquire Washington D.C.-based advisory firm Financial Integrity Network (FIN).