Commentaries and Analyses

Pangilinan raises anew risks of espionage, breach of data privacy on entry of China-owned telco

Mario Casayuran reports: Minority Senator Francis N. Pangilinan raised on Wednesday espionage and data privacy questions on the entry of third telecommunications company (telco), Dito Telecommunity Corporation, a consortium which includes a China-owned company, into the Philippine communications industry after it was a given a tentative agreement to install towers inside Philippine military camps....

Analyzing Careless Users, An Often Overlooked Threat

Many have written about how to mitigate the risks posed by malicious insiders. But what about the vulnerabilities associated with Careless Users? What actions can healthcare organizations take to better prevent a breach caused by internal negligence? The Clearwater CyberIntelligence® Institute analyzed the Critical and High risks found in Clearwater’s IRM|Analysis™ database, specifically focusing...

Enhancing the Security of Data Breach Notifications and Settlement Notices

Ryan Amos, Mihir Kshirsagar, Ed Felten, and Arvind Narayanan write: We couldn’t help noticing that the recent Yahoo and Equifax data breach settlement notifications look a lot like phishing emails. The notifications make it hard for users to distinguish real settlement notifications from scams. For example, they direct users to URLs on unfamiliar domains that are not...

A leak report quietly disappears, leaving questions in its wake

On October 8, Jeremiah Fowler reported that he had discovered a non-password protected database that contained what appeared to be information regarding healthcare workers and traveling nurses.  If you had read the report on Security Discovery at the time, you would have read that almost one million people were potentially affected. Based on that...