Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/21/2015
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AS DATA BREACHES IN NEW YORK TRIPLE, GILLIBRAND ANNOUNCES BIPARTISAN CYBER SECURITY MEASURES

Between 2006 and 2013, Number of Data Security Breaches Reported to NY Attorney General Tripled, Exposing 22.8 Million Personal Records

Washington, D.C. - U.S. Senator Kirsten Gillibrand today introduced two bipartisan bills to better prepare businesses and protect consumers against cyber security attacks and dangerous data breaches. In New York State alone, the number of data security breaches reported to the Attorney General tripled between 2006 and 2013, exposing a total of 22.8 million personal records. The Cybersecurity Information Sharing Credit Act introduced with Senator Jim Moran (R-KA) and the Data Breach Notification and Punishing Cyber Criminals Act introduced with Senator Mark Kirk (R-IL) would establish a comprehensive, national approach to defending against 21st century data threats.

“Hackers have put consumers and businesses in their crosshairs, and have shown they can easily access confidential information we trust can and should remain private. It’s time to improve our security and establish standards that better protect consumers in New York and across the country,” said Senator Gillibrand. “This legislation is an important first step toward a national solution and opportunity to address our vulnerabilities, strengthening defenses against emerging data breaches, taking necessary safeguards to help victims and prosecuting perpetrators of these attacks.”

“Consumers and businesses face constant and evolving threats from cyber criminals who seeks to do us harm. When it comes to detecting and preempting these threats and protecting American consumers from identity theft and financial fraud, information sharing within trusted industry networks has proven to be a valuable tool across numerous sectors of our economy,” said Senator Moran. “The Cyber Information Sharing Tax Credit Act will make participation in these vital ISACs more accessible for all companies, especially those who may not fully understand their risk of cyber-attack or who would not otherwise have the resources to participate in an information sharing organization. As more industries and businesses participate, these networks will help businesses understand and improve their cyber posture and ensure the timely dissemination of information on emerging and increasingly sophisticated cyber threats.”  

“Last year there were more than 780 data breach incidents that exposed millions of Americans’ credit card numbers and personal information like medical history and Social Security numbers,” Senator Kirk said. “By creating a low-cost, easy to implement standard for companies to notify consumers when personal information is stolen and increasing penalties on cyber criminals, we can stay ahead of the hackers and better protect Americans from cyber crimes.”

“Consumers are at a greater risk of hackers stealing their personal information than ever before,” said New York Attorney General Eric Schneiderman. “A national, comprehensive strategy to protect corporations, families and businesses from data breaches is long overdue. I applaud Senator Gillibrand for backing an important tool in stopping future attacks

The Cybersecurity Information Sharing Credit Act would give businesses a tax credit for sharing information about cyber threats with other related businesses. The bill would establish a network of industry-specific groups called Information Sharing and Analysis Centers (ISAC), which would monitor and disrupt cyber-attacks for businesses. ISACs addresses security vulnerabilities through a singular point of response to cyber threats to one business or an entire industry. The refundable credit allows businesses the opportunity to upgrade their online defenses and participate in an information sharing network without high upfront costs. The credit covers expenses including payment to participate in an ISAC.

The Data Breach Notification and Punishing Cyber Criminals Act sets a stronger standard for companies to notify in their data has been breached, and increases penalties for cybercrimes. The bill raises the maximum allowable fines and imprisonment for many of the statutes which cyber criminals are charged: identity theft, conspiracy to commit access device fraud, obtaining information from a protected computer without authorization and computer hacking with intent to defraud. It requires consumers to receive notification within 30 days of discovery of data breaches with a description of information potentially accessed, how to inquire about what personal information was breached, and how the information was unlawfully acquired. There will be a new directive for diplomats at the State Department for apprehending and prosecuting cyber criminals as a top priority in ongoing negotiations in countries that do not have an extradition with United States.

The number of data security breaches reported annually to the New York Attorney General more than tripled between 2006 and 2013. Approximately 5,000 separate data breaches were reported in that period by businesses, nonprofits, and government entities, exposing a combined 22.8 million personal records of New Yorkers.  An unprecedented 7.3 million records exposed in 2013 alone, costing organizations doing business in New York more than $1.37 billion. Since 2006, 241 institutions reported at least three security breaches and five of the ten largest breaches occurred since 2011. At the end of 2014 leading into 2015, there were several high profile data breaches, surpassing normal financial data such as credit cards and pin numbers. Last December, corporate emails, films and personal data were leaked from Sony Pictures. This past February, Anthem Inc. lost millions of customer data including: social security numbers, birthdays, medical IDs and personal addresses.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24285
PUBLISHED: 2021-04-12
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
CVE-2021-29379
PUBLISHED: 2021-04-12
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover pa...
CVE-2015-20001
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
CVE-2020-36317
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
CVE-2020-36318
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.