Saturday, February 15, 2014

Just in case you needed another example of how big this breach was...
The Target breach is having some effects we might not normally anticipate. Stephen Dean reports that the bank that issues debit cards used for state unemployment benefits has been so tied up reissuing credit and debit cards from the Target breach that people waiting for unemployment debit cards have been delayed in receiving them. And the problem is not just confined to Indiana, Dean reports.


As I suggested yesterday, I think a reasonable person, once notified that their personal data may have been taken, would take steps to prevent or at least mitigate future harm. How is this expense not the direct result of the breach?
I had noted the Galaria opinion and order over on databreaches.net, but Judy Selby has a discussion of the ruling in terms of the impact of the Supreme Court’s ruling in Clapper that is worth noting here:
Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused. In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held that the plaintiffs did not sustain an injury sufficient to confer standing to sue Nationwide following a 2012 hacking incident during which their personally identifying information (PII) was stolen.
The plaintiffs alleged that as a result of the breach, they incurred and will continue to incur damages consisting of
(1) the imminent, immediate, and continuing increased risk of identity theft, identity fraud and/or medical fraud;
(2) out-of-pocket expenses to purchase credit monitoring, internet monitoring, identity theft insurance and/or data breach risk mitigation products;
(3) out-of-pocket expenses incurred to mitigate the increased risk of identity theft, identity fraud and/or medical fraud, including the costs of placing and removing credit freezes;
(4) the value of time spent mitigating the increased risk of identity theft, identity fraud and/or medical fraud;
(5) the substantially increased risk of being victimized by phishing;
(6) loss of privacy; and
(7) deprivation of the value of their PII.
The court grouped those alleged damages into three categories:
(1) increased risk of harm/cost to mitigate increased risk;
(2) loss of privacy; and
(3) deprivation of value of PII.
The plaintiffs asserted claims for violation of the Fair Credit Reporting Act (FCRA), negligence, invasion of privacy and bailment, but they did not allege that their PII was misused or that their identity was stolen. Nationwide moved to dismiss the complaint based on lack of standing and failure to state a claim.
Read more on Data Privacy Monitor.


Good on ya, India!
Shalini Singh reports:
The Parliamentary Standing Committee on Information Technology in its report titled “Cyber-Crime, Cyber Security and Right to Privacy”, which was submitted on February 10, has admonished the Government for dragging its feet on a privacy legislation.
[...]
The Committee rejected outright the government’s contention that the IT Act was sufficient to protect the privacy of citizens and human rights. The Committee, after receiving the evidence, not only expressed its “extreme” displeasure, but in fact accused the Government of having “diverted the issue stating that the Department of Personnel and Training is still in the process of evolving legislation to address concerns of privacy, in general, and it is still at drafting stage.”
Read more on The Hindu BusinessLine.


Something my Computer Security students could use.
Apple Publishes Secure Coding Guide for Developers
Apple has published a new guide designed to help developers of Mac OS and iOS applications build more secure programs by design.
“Secure coding is important for all software; if you write any code that runs on Macintosh computers or on iOS devices, from scripts for your own use to commercial software applications, you should be familiar with the information in this document,” Apple advised in the 123-page guide.
The Secure Coding Guide from Apple is available online in HTML format or as a PDF file.


For my students to explore... I'll share just one idea.
7 Really Free Things You Can Do On Amazon Without Spending A Single Dime
… Boost Your Online Visibility
Reputation too. Amazon is a social network under the surface. There may not be friend lists and status updates, but there’s a lot you can do to make your voice heard around the community. It starts with creating a public profile after you log into Amazon.com with an account. Anything you do on Amazon will be tied to this profile. The obvious way to get some online cred is through relevant and responsive reviews. It helps all the more if you can craft the review like a small blog post with helpful hints and tips. Expert online reviewers are a breed of their own and they influence many a buying decision. An interesting study in 2012 found that Amazon consumer reviews are just as good as professional experts when it comes to determining quality of books.
Become a trusted Amazon Vine reviewer and see how you get free stuff from Amazon. You can also create a So You’d Like to… guide to share your advice, experiences, and product recommendations with consumers.


Something for Valentine's Day. True or not?
All Romantic Relationships Are Digital Now
According to a new Pew Internet survey, 72 percent of Americans adults who are seriously partnered—married or otherwise—say the Internet has had “no real impact at all” on their relationship.


Well, I like to read it.
Miami-Dade County says that it’s moving forward with the school district’s plans for a massive 1:1 computing roll-out, starting this spring. The $200,000 initiative will distribute Hewlett Packard and Lenovo Windows 8 devices. More via Education Week.
Linux.com highlights the move of Penn Manor High School in Lancaster, Pennsylvania to laptops that run Ubuntu. “We encourage our students to install software and lift the hood of the system to better understand what makes it tick,” says the district’s IT director.
Meanwhile, in Los Angeles… bwa ha ha ha ha! Oh, and LAUSD school officials “have failed for now in their efforts to get full access to a digital curriculum that the school system purchased in June,” reports The LA Times.
,,, The code-sharing site GitHub announced GitHub for Education with discounts for students and teachers. [Also some free access Bob]

No comments: