Nearly 450 Million Consumer Records with PII Exposed in 2018

According to the Identity Theft Resource Center, who just released their 2018 End-of-Year Data Breach Report, the number of data breaches fell by nearly 25 percent compared to 2017, but the number of compromised records containing personally identifiable information (PII) more than doubled to 446.5 million.

Although the total number of data breaches declined in 2018, according to the Identity Theft Resource Center (ITRC), it was still the second highest number of data breaches reported in one year since the ITRC has been keeping track.

Read More

Germany Issues First GDPR Fine Following Data Breach at Social Media Company

Nearly 2 million username and password combinations along with 330,000 email and password combinations were exposed in a data breach impacting German social media platform Knuddels.de. The company received a €20,000 fine related to the EU’s General Data Protection Regulation (GDPR) because the passwords exposed were stored in plain text.

Read More

Many Not Ready for GDPR Requirements Including 72 Hour Breach Notification

The European Union’s General Data Protection Regulation (GDPR) goes into effect May 25th and will apply to any collecting and storing information on EU consumers, with fines for non-compliance as high as €20 million or 4 percent of annual revenue. Despite the hefty potential penalties, just 52 percent of organizations said they will be GDPR compliant by the May deadline in a recent survey.

Replacing the EU Data Protection Directive, GDPR brings several new requirements and challenges for organizations that use data to track online behavior or market goods or services to consumers in the EU, regardless of where the organization is based.  Comprised of 91 articles, GDPR has been a challenge for many organizations who must adjust their data collection policies and disclosures.

Read More

NYPD Trials New Skimming Detection Device “Skim Reaper”

A computer science professor and two graduate students invented a device used to check ATMs and card readers to detect the presence of a skimming device. Dubbed the Skim Reaper, the New York Police Department has been using a handful of these devices since February to combat card skimming.

Card skimming at ATMs, gas pumps and other locations is a major source of the compromised payment card information used to commit fraud today. Card skimmers install an additional piece of hardware known as a read head to copy a payment card’s data, but a new device was designed to detect their presence, while providing an alert to the ATM user that a card skimmer may be installed.

Read More

FTC Chair Nominee and New Federal Reserve Chairman Each Mention Data Breaches as a Critical Concern

As the FTC considers and confirms nominees to fill vacant commission seats, those interviewed speak to the still growing threat of data breaches and say this is a top priority for the government agency. Meanwhile, the House Financial Services Committee asks new Fed Chairman Jerome Powell what approach he will take to secure data, following more than 50 data breaches involving the Federal Reserve in the last seven years.

In a Senate confirmation hearing with Joseph Simmons, one of three people recently nominated to chair the Federal Trade Commission (FTC), the anti-trust lawyer spoke to the threat of data breaches that has continued to increase. “They’re becoming much more significant, much more frequent, and I think that’s a real serious concern for us and I think we need to pay much more attention to it,” he said.

Read More

Uber Sat on Data Breach Affecting 57 Million Users for Over 1 Year

Uber, one of the latest companies to suffer a data breach, is suffering backlash not just for the 57 million user accounts compromised following the breach, but the company’s failure to disclose the breach until more than one year after it occurred. The company is now facing scrutiny from Congress and potential legal repercussions.

The data breach occurred in October, 2016 when two hackers stole data from a third party server. The data included names, phone numbers and email addresses of 57 million riders and drivers, where driver’s license information was compromised for many Uber drivers as well.

Read More