Skip to main content

 

Data Controller Notification Requirements (UK vs US):

In the UK, data controllers must notify their data subjects of data security breaches that pose a high risk to individuals' rights and freedoms, according to the General Data Protection Regulation (GDPR). Notification should occur "without undue delay" and, where feasible, within 72 hours of the breach being discovered.

In the US, there is no single federal law mandating data breach notification. Instead, notification requirements vary by state, with different laws governing when and how individuals must be notified of breaches.

 

The Largest Data Breach of the 21st Century: The largest data breach occurred with Yahoo in August 2013, which was discovered and publicly disclosed in December 2016. Data breach details include:

  • Number of Records Stolen: 3 billion user accounts
  • Type of Data Exposed: Usernames, email addresses, hashed passwords, and security questions and answers
  • Method of Attack: Exploitation of vulnerabilities in Yahoo's systems
  • Impact on Users: Potential identity theft, unauthorized account access, and phishing attacks
  • Response by Yahoo: Notification to affected users and enhancement of security measures
  • Financial Impact: The breach affected Yahoo's acquisition deal with Verizon, resulting in a reduced purchase price

 

Most Common Causes of Data Security Breaches:

  • Weak and Stolen Credentials
  • Application Vulnerabilities
  • Malware
  • Malicious insiders
  • Human Error

 

 

 Real-Life Examples of Common Causes:

  • Weak and Stolen Credentials: The 2013 Yahoo data breach affected 3 billion accounts due to stolen credentials, compromising usernames, email addresses, and security questions and answers.
  • Application Vulnerabilities: The 2017 Equifax data breach exposed personal information of 147 million individuals. Attackers exploited an unpatched vulnerability in the Apache Struts framework, leading to significant financial and reputational damage for Equifax.

 

Comments

Post a Comment

Popular posts from this blog

Mitigating damage after a data breach

  Mitigating damage after a data breach Data breach refers to the unauthorized access or exposure of sensitive information, typically resulting from a cyberattack or a security failure. It occurs when malicious actors exploit vulnerabilities in an organization’s systems, networks, or devices to steal, manipulate, or expose confidential data. Mitigate damages after a data breach requires a combination of technical, non-technical, and legal approaches to minimize harm, restore operations, and comply with legislation. Technical solutions to contain and prevent further compromises: ·          Isolated affected systems from the network to prevent any ongoing data exfiltration and data loss. ·          A forensic investigation should follow, preserving logs and creating digital forensic copies of affected systems for analysis. ·          Reset passwords and ...
Post a Comment
Read more

Physical Security Threats

  Physical Security Threats Faced by Organizations Physical security involves protecting an organization personnel, assets, and facilities from physical threats such as unauthorized access, theft, vandalism, insider threats and environmental hazards. It is a critical aspect of overall security because it helps prevent harm or loss that could disrupt operations, compromise sensitive information, or endanger lives.   Protective Measures Customizing security measures based on the organization's scale and needs is essential. Large companies like Plagonia can afford sophisticated systems, while smaller ones like Magic Memories might opt for cost-effective yet robust solutions. Large Company Perimeter Access Control ·        Single point of entry: Centralizing entry for both vehicles and pedestrians reduces vulnerabilities. ·        Visitor Card: A system that issues visitor cards combined with guards who ...
Post a Comment
Read more

Biometrics

Biometric authentication is a security process that uses unique physical or behavioural characteristics to verify individuals’ identity. Here are three commonly used methods, along with their advantages and disadvantages: Fingerprint Recognition: Biometric technology that identifies individuals based on the unique patterns in their fingerprints. Advantages: ·        Highly unique fingerprints are distinct even among identical twins. ·        Fast authentication with minimal user effort. ·        Compact and easy-to-integrate scanners. Disadvantages: ·        Can be compromised if fingerprints are stolen or copied. ·        May not work well for individuals with worn or damaged fingerprints. ·        Some materials (e.g., gloves or moisture) can affect accuracy.   Facial Recognition...
Post a Comment
Read more