In light of the increasing ubiquity of data breaches, Government Accountability Office (GAO) released a report today recommending that Federal agencies should discontinue knowledge-based verification to strengthen their remote identity proofing processes and that the National Institute of Standards and Technology (NIST) should provide guidance in creating alternative identity proofing methods.






[…]

U.S. Customs and Border Patrol (CBP) officials confirmed that no more than 100,000 photos of travelers and license plates were compromised in a data breach CBP identified on May 31, according to The New York Times and Washington Post.






[…]

As the reality of cyber threats and data breaches becomes closer to normal life for private and public sector organizations, a Nominet report finds that while executives know cyber risks are high, they still lack resources and accountability for handling breaches and information security.






[…]

email security DMARC

The Government Accountability Office (GAO) said that information on the efficacy of identity theft insurance coverage is limited in a report yesterday, adding that it is unnecessary to mandate Federal entities to offer certain levels of identity theft services.






[…]

Several senators said today that high-profile private-sector data breaches like those disclosed by Equifax in 2017 and Marriott in 2018 serve to boost the urgency with which Congress should act to approve legislation that would implement the country’s first national private-sector cybersecurity regulations and procedures.






[…]

GSA General Services Administration

The General Services Administration’s Office of Inspector General said in a report issued Oct. 19 that it wants GSA’s IT Office (GSA IT) to provide a revised corrective action plan to improve the agency’s policies for responding to breaches of personally identifiable information (PII).






[…]

HealthCare.gov CMS

The Department of Health and Human Service’s Center for Medicare and Medicaid Services (CMS) reported a data breach of its HealthCare.gov site, with the attacker accessing the files of about 75,000 people, the agency said in a statement released Friday.






[…]

Facebook

Facebook said it informed users on Friday the company discovered attackers using a new technique to potentially take over user accounts–putting 50 million accounts at risk and forcing the company to take preventative action on 90 million accounts.






[…]

EPA Environmental Protection Agency

Conventional wisdom is that it takes a fairly long time to detect a cybersecurity breach. Typically, most research suggests, it takes two to three months, possibly longer. That may not be the case anymore, though, according to a recent report.






[…]

After the credit monitoring company Equifax announced that it had detected a data breach affecting potentially 143 million U.S. consumers, Rep. Ted Lieu, D-Calif., is calling for a House Judiciary Committee hearing to investigate the breach.






[…]

Jason Gray, chief information officer of Education, admitted at a House Committee on Oversight and Government Reform hearing that the agency should have informed Congress of the FAFSA breach at the same time it alerted the United States Computer Emergency Readiness Team and the inspector general.






[…]

Categories