Extent of identity theft and data breaches largely hidden
Tuesday, July 21, 2009
Despite stricter laws on disclosure of data breaches in places like California, a lack of proper incentives in reporting incidents may keep private companies from accurately reporting the extent of data theft, according to a web security expert at Hewlett-Packard.
Because compliance laws vary from state to state and are vaguely worded, many companies do not report data breaches in a timely manner, if at all, writes Todd Densmore at HP's security lab blog.
Densmore points out that disclosure policies only serve to highlight the number of incidents, while not necessarily encouraging a more proactive approach to data security.
That could be changing. Beginning August 1, the Federal Trade Commission will begin enforcing a Red Flags Rule that requires creditors and financial institutions to implement a written Identity Theft Prevention Program designed to detect the warning signs of identity theft in their day-to-day operations.
Beginning in 2010, Massachusetts will require all Social Security numbers, bank account numbers and credit card numbers to be encrypted when transmitted wirelessly or on public networks and when carried on portable devices like laptops, PDAs and flash drives.
"Preventative security medicine is the best and most cost effective policy," Densmore said in his post. "The cost of preventative security pales in comparison to the cost of cleaning of the mess after getting breached."
Related News:
Password security a tall order for many web users - 1.22.2010
A recently released study from tech researcher Imperva showed that the most popular password among users whose accounts were compromised in the recent RockYou data breach was as follows: 123456.
Facebook fixes "wrong friends list" mobile network security glitch - 1.22.2010
CNET reports that social media network Facebook has repaired a problem in the mobile version of its service that caused some mobile users to have full access to the friends lists of unassociated users.
Automated phishing scam hits bank customers - 1.14.2010
Phishing attacks do not target victims exclusively via email, experts say, pointing to a recent rash of automated phone calls that attempted to convince victims to give up sensitive banking information.
Scammers ride aftershocks of Haiti catastrophe - 1.14.2010
The Federal Bureau of Investigation has issued a warning to those who want to contribute to earthquake relief efforts in Haiti, saying that cyber criminals and other types of scam artists are trying to take advantage of an outpouring of humanitarian support.
Banking Trojans finding new vector with fake Outlook alerts - 1.11.2010
A spurious alert purporting to come from Microsoft Outlook has cropped up in recent weeks, according to a maker of email filtering software.
|
