Just in case
you needed another example of how big this breach was...
The Target breach is
having some effects we might not normally anticipate. Stephen Dean
reports
that the bank that issues debit cards used for state unemployment
benefits has been so tied up reissuing credit and debit cards from
the Target breach that people waiting for unemployment debit cards
have been delayed in receiving them. And the problem is not just
confined to Indiana, Dean reports.
As
I suggested yesterday, I think a reasonable person, once notified
that their personal data may have been taken, would
take steps to prevent or at least mitigate future harm. How is this
expense not the direct result of the breach?
I had noted the Galaria
opinion
and order over on databreaches.net,
but Judy Selby has a discussion of the ruling in terms of the impact
of the Supreme Court’s ruling in Clapper that is worth
noting here:
Article
III standing has once again proved to be an insurmountable hurdle for
data breach class action plaintiffs whose personal information hasn’t
been misused. In Galaria
v. Nationwide Mutual Insurance Co., an Ohio federal court relied
on the United States Supreme Court’s decision in Clapper v.
Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held that the
plaintiffs did not sustain an injury sufficient to confer standing to
sue Nationwide following a 2012 hacking incident during which their
personally identifying information (PII) was stolen.
The
plaintiffs alleged that as a result of the breach, they incurred and
will continue to incur damages consisting of
(1)
the imminent, immediate, and continuing increased risk of identity
theft, identity fraud and/or medical fraud;
(2)
out-of-pocket expenses to purchase credit monitoring, internet
monitoring, identity theft insurance and/or data breach risk
mitigation products;
(3)
out-of-pocket expenses incurred to mitigate the increased risk of
identity theft, identity fraud and/or medical fraud, including the
costs of placing and removing credit freezes;
(4)
the value of time spent mitigating the increased risk of identity
theft, identity fraud and/or medical fraud;
(5)
the substantially increased risk of being victimized by phishing;
(6)
loss of privacy; and
(7)
deprivation of the value of their PII.
The
court grouped those alleged damages into three categories:
(1)
increased risk of harm/cost to mitigate increased risk;
(2)
loss of privacy; and
(3)
deprivation of value of PII.
The
plaintiffs asserted claims for violation of the Fair Credit Reporting
Act (FCRA), negligence, invasion of privacy and bailment, but they
did not allege that their PII was misused or that their identity was
stolen. Nationwide moved to dismiss the complaint based on lack of
standing and failure to state a claim.
Read more on Data
Privacy Monitor.
Good
on ya, India!
Shalini Singh reports:
The
Parliamentary Standing Committee on Information Technology in its
report titled “Cyber-Crime, Cyber Security and Right to Privacy”,
which was submitted on February 10, has admonished the Government for
dragging its feet on a privacy legislation.
[...]
The
Committee rejected outright the government’s contention that the IT
Act was sufficient to protect the privacy of citizens and human
rights. The Committee, after receiving the evidence, not only
expressed its “extreme” displeasure, but in fact accused the
Government of having “diverted the issue stating that the
Department of Personnel and Training is still in the process of
evolving legislation to address concerns of privacy, in general, and
it is still at drafting stage.”
Read more on The
Hindu BusinessLine.
Something
my Computer Security students could use.
Apple
Publishes Secure Coding Guide for Developers
Apple has published a
new guide designed to help developers of Mac OS and iOS applications
build more secure programs by design.
“Secure coding is
important for all software; if you write any code that runs on
Macintosh computers or on iOS devices, from scripts for your own use
to commercial software applications, you should be familiar with the
information in this document,” Apple advised in the 123-page guide.
The
Secure Coding Guide from Apple is available online in HTML
format or as a PDF
file.
For
my students to explore... I'll share just one idea.
7
Really Free Things You Can Do On Amazon Without Spending A Single
Dime
… Boost Your Online
Visibility
Reputation too. Amazon
is a social network under the surface. There may not be friend
lists and status updates, but there’s a lot you can do to make your
voice heard around the community. It starts with creating a public
profile after you log into Amazon.com with an account. Anything you
do on Amazon will be tied to this profile. The obvious way to get
some online cred is through relevant and responsive reviews. It
helps all the more if you can craft the review like a small blog post
with helpful hints and tips. Expert
online reviewers are a breed of their own and they influence many
a buying decision. An interesting
study in 2012 found that Amazon consumer reviews are just as good
as professional experts when it comes to determining quality of
books.
Become a trusted Amazon
Vine reviewer and see how you get
free stuff from Amazon. You can also create a So
You’d Like to… guide to share your advice, experiences, and
product recommendations with consumers.
Something
for Valentine's Day. True or not?
All
Romantic Relationships Are Digital Now
According
to a new Pew Internet survey, 72 percent of Americans adults who
are seriously partnered—married or otherwise—say the Internet has
had “no real impact at all” on their relationship.
Well, I like to read
it.
… Miami-Dade
County says that
it’s moving forward with the school district’s plans for a
massive 1:1 computing roll-out, starting this spring. The $200,000
initiative will distribute Hewlett Packard and Lenovo
Windows 8 devices.
More via
Education Week.
… Linux.com
highlights the move of Penn Manor High School in Lancaster,
Pennsylvania
to laptops that run Ubuntu.
“We encourage our students to install software and lift the hood
of the system to better understand what makes it tick,” says the
district’s IT director.
… Meanwhile,
in Los Angeles…
bwa ha ha ha ha! Oh, and LAUSD school officials “have failed for
now in their efforts to get full access to a digital curriculum that
the school system purchased in June,” reports
The LA Times.
,,,
The code-sharing site GitHub
announced GitHub
for Education with discounts for students and teachers. [Also
some free access Bob]
No comments:
Post a Comment