Standard Post with Image

Gemalto releases findings of 2016 Breach Level Index

The release issued by Gemalto, a leading company in digital security, indicates that “the Breach Level Index is a global database that tracks data breaches and measures their severity based on multiple dimensions, including the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted”.  The Index calculates that in 2016, “1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported”.

You can access the Gemalto release
Standard Post with Image

Israel adopts Regulations on Data Security and Breach Notification

The Israeli Parliament, the Knesset, has adopted Regulations reforming the existing information security regulations and introduces, for the first time in Israel, an overarching data breach notification requirement.  All Israeli entities will be subject to the Regulations, that impose obligatory data security and breach notification requirements on any individual and entity in Israel that owns, manages, and/or maintains a database containing personal data.  The Regulation will enter into force on 30 March and foresees a period of 12 months for data handlers to implement it.

Standard Post with Image

33.7 mln US accounts, many of which from government departments, leaked from a commercial corporate database

Dun & Bradstreet is one of the many business services firms that sells databases to marketers that send targeted email campaigns.  The leaked data were acquired by Dun & Bradstreet from NetProspex in 2015, in a deal worth $ 125 mln.  The data concerned government departments and large corporate among which: the Department of Defense, with 101,013 employee records, followed closely by the US Postal Service, The US Army, Air Force, and Department of Veterans Affairs, AT&T, Boeing, Dell, FedEx, IBM, Xerox, Wal-Mart, CVS, The Ohio State University, Citigroup, Wells Fargo Bank National Association, and the Kaiser Foundation Hospitals.  The data breach can be dangerous for targeted phishing.  Dun & Bradstreet has minimized the event issuing just a media release stating: “We’ve carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day. Based on our analysis, it was not accessed or exposed through a Dun & Bradstreet system […]”.

Standard Post with Image

The US issues the first even cybercrime charges against two Russian Federal Security Service agents and two criminal hackers

On Wednesday 15, March 2017 the US Department of Justice has announced that 4 individuals, among which two Russian Federal Security Service agents, have been indicted with cybercrime charges in relation to the massive hack of Yahoo information.  In a very tense moment for the US-Russia relations, the statement of the US Department of Justice reports that the stolen information was used to “obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, US and Russian government officials and private-sector employees of financial, transportation and other companies […]”.

The full statement of the US Department of Justice is accessible here
Standard Post with Image

The French Commission Nationale de l’Informatique et des Libertés publishes a 6 points guideline to prepare for the EU GDPR

The French Commission Nationale de l’Informatique et des Libertés has publishes a 6 points guideline to help organizations and businesses be ready for the EU GDPR and avoid complaints for compliance violations.  The 6 points are: appoint a DPO; make a data mapping; establish a prioritization of compliance actions; create a risk management system; organize internal processes; keep documentation and compliance measures.

The guideline can be found at the CNIL website