In light of news reports that company executives did little to strengthen cyber-defenses, the group that seems most overlooked in the aftermath of the breach is Yahoo! customers.
More troubling than the poor incident response (including reporting) at FDIC is the apparently complete inability of the agency to prevent large-scale data exfiltration.
Mossack Fonseca failed to understand even basic information security and privacy principles and lacked the IT management skills or oversight necessary to ensure that they were adequately protecting their own and their clients’ information.
My notification letter arrived on November 23, 137 days after the public announcement and approximately 200 days after OPM says it discovered the incident.
The breach highlights the general insufficiency of any corporate security program that fails to carefully consider the risk exposure represented by trusted third parties given access to or custody of sensitive information.
Subsequent disclosures and updates about the OPM incident paint a troubling picture of the poor security practices that facilitated the attack and delayed its discovery.
As an internal investigation continues into the massive data breach reported last week by Anthem, the company has confirmed reports that administrators who discovered the breach in late January noticed unusual activity on Anthem’s database systems…
CSO Online Headlines Dark Reading
SecurityArchitecture.com