Since California passed its pioneering data breach notification law in 2003, many other states and some countries have followed suit. Here's a closer look at the status of breach notification requirements in four regions.
The breach notification site LeakedSource claims that social networking website MySpace has been hacked, with 360 million credentials containing 427 million encrypted passwords compromised. But LeakedSource acknowledges the age of the credentials is unknown. And the veracity of the data remains in question.
Troy Hunt, who runs one of the most prominent services for discovering if your data has been exposed in a breach, shares his thoughts on LinkedIn's recent breach and how his approach to disseminating data breach details continues to evolve.
Start preparing immediately for the EU's new General Data Protection Regulation - even though it doesn't go into force for two more years - because it mandates a number of new privacy and security requirements, warns cybersecurity expert Brian Honan.
The U.S. Congress delves into the issue of whether CISOs should report to CIOs, a topic that leads the Friday, May 27, 2016, edition of the ISMG Security Report, an on-demand audio report offered every Tuesday and Friday.
After years of debate, the EU's General Data Protection Regulation has finally passed. What impact - if any - will the GDPR have on business and future legislation in India? Security experts weigh in on this debate.
Hackers reportedly stole $250,000 from Bangladesh's Sonali Bank in 2013, in what's now the fourth case involving malware attacks and injecting fraudulent money-transfer requests into the SWIFT interbank messaging network.
The business of executive email hacking is booming, with hundreds of millions of dollars lost in fraudulent wire transfers. But businesses can improve their processes to avoid inadvertently transferring funds to fraudsters, according to one expert.
E-commerce retailers face an ongoing battle: Their websites are constantly hit by bots using stolen credentials to try to take over accounts. What can companies do to protect themselves? Akamai's Michael Smith offers advice.
A Japanese ATM cash-out scheme that stole $19 million from South Africa's Standard Bank in less than three hours illustrates why devising better ways to mitigate the risks posed by such schemes must be a priority for financial institutions in markets - including the U.S. - that still rely on mag stripe debit cards.
Cyberattacks have gained regulatory attention worldwide. But the world doesn't need more regulation to address new threats, says Steve Durbin of the Information Security Forum. Instead, government must work more closely with the private sector.
Identity and access management should empower businesses, satisfying customers and other stakeholders who need secure access to an enterprise's data and systems, says security expert Jeremy Grant, former leader at the federal government's National Strategy for Trusted Identities in Cyberspace.
As Europe counts down to implementing its General Data Protection Regulation, which will require EU-wide data breach notifications for the first time, similar efforts to enact a single federal law in the United States remain stalled.
LinkedIn failed to force all users to reset their passwords after a 2012 breach of at least 6.5 million credentials came to light. But it turns out the breach actually compromised 167 million accounts. Whoops.