Data Privacy + Security Insider

Leveraging Knowledge to Manage Your Data Risks

TCM Bank, a subsidiary of ICBA Bancard Inc., notified some 10,000 credit card applicants in the past week that their names, addresses, dates of birth, and Social Security numbers were compromised between March 2017 and the middle of July 2018. TCM assists approximately 750 community and smaller banks with issuing credit cards to account holders. According to TCM, a website configuration that was mismanaged by a third-party vendor, exposing the data. TCM refused to name…
Last weekend, in Venezuela, the Venezuelan President, Nicolas Maduro, was attacked by two armed drones carrying explosives that were detonated while Maduro was delivering a speech on live television during a military ceremony. Although Maduro was not struck by the explosives, his administrative officials called it an assassination attempt. This drone attack was the most recent of assassination attempts against Maduro, who was declared the winner of the election in May of this year, meaning…
Many readers questioned me about the Wall Street Journal article this week entitled, “Facebook to Banks: Give Us Your Data, We’ll Give you Our Users.” The questions and comments ranged from “Can they really do this?” to “This is outrageous!” Without getting into a legal analysis, there are laws that banks have to follow when disclosing our personal information to third parties. The most well-known law applicable to banks is the Gramm-Leach-Bliley Act (GLBA). If…
The Department of Homeland Security (DHS) has indicated that Russian hackers successfully attacked the energy, nuclear, aviation and critical manufacturing sectors through targeted phishing campaigns throughout 2017. According to DHS, the coordinated attacks started in 2016 with one compromise that was dormant for a year until other infiltrations occurred. The hackers targeted real people by downloading open-source information such as photographs on company websites and other publicly available information, and then tricked employees into entering…
While meeting with Russian President Vladimir Putin, President Trump was given a soccer ball, symbolic of the 2018 World Cup played in Russia. Bloomberg has reported that the soccer ball contained a chip, known as near-field communication (NFC) tag, which can transmit information to nearby cellphones, presumably including Trump’s as well. The chips can send content to mobile devices and users of the soccer ball can put their phones close to the ball and access…
As of last week, more than 100,000 Remote Pilot Certifications have been issued by the Federal Aviation Administration (FAA) for individuals to fly commercial and recreational (those not qualifying as “model aircraft”) drones. This number of remote pilots is only after the final Small Unmanned Aircraft Systems (sUAS) rule went into effect on August 29, 2016. Under the sUAS rule (Part 107), an individual who seeks to operate a drone must have a Remote Pilot…
The BBC recently posted a story about one of its employees who had access through a mobile app to someone else’s video footage of their home security camera. The security camera was manufactured by Swann. Following the story, a group of security researchers from Pen Test Partners decided to check it out and bought several cameras and started testing them. They were able to switch video feeds from one camera to another through the cloud…
As we noted earlier this year, Saks Fifth Avenue LLC, Saks Incorporated, and Lord & Taylor previously disclosed, on April 1, 2018, that some of their customers’ personal information may have been compromised in a data breach. Those companies all share the Canadian business group Hudson’s Bay Company (collectively with Lord & Taylor LLC, Saks Fifth Avenue LLC, and Saks Incorporated, “Defendants”) as their corporate parent. As a result of the breach, it is…
In light of the rise in use of drones in the national airspace, there has been some confusion regarding the Federal Aviation  Administration’s (FAA) authority over navigable airspace and federal preemption for state and local drone laws. In response, the FAA released a statement regarding federal versus local drone rulemaking authority. In that statement, the FAA said, “Congress has provided the FAA with exclusive authority to regulate aviation safety, the efficiency of navigable airspace and…
The Federal Energy Regulatory Commission (FERC) announced on July 19, 2018, that it is directing the North American Electric Reliability Corporation (NERC) “to develop and submit modifications to the NERC Reliability Standards to augment the mandatory reporting of cybersecurity incidents, including incidents that might facilitate subsequent efforts to harm the reliable operation of the bulk electric system (BES).” The rule will become effective 60 days after it is published in the Federal Register. The 64-page…