Two More Health Insurers Report Data Breach

Network Computing Dark Reading

Advertise

About Us

Threaded | Newest First | Oldest First

[close this box]

xmarksthespot,
User Rank: Strategist
3/17/2015 | 9:34:47 PM

Your rights when critical data is stolen; demand fair compensation

I'll state my bias, since that's appropriate in this case. I am an information security professional. However, I am also a person very interested in consumer issues and consumer rights.

You have rights as a customer of organizations which failed basic security in their infrastructure. Basic prevention techniques could have made exploitation much more difficult. Do you think 1 year of credit monitoring will fully protect you? The answer it is not even remotely close to even the basic protection required. Identify theft may be the least of their worries. In some of these cases there are bank account numbers floating around.

This is getting to be a major confidence issue on the banking system.

At a minimum, I feel lifetime credit protection should be mandated, and the ability to pay for lifetime credit locks. That is the absolute most basic thing they should pay. What would that cost? Well, to lock credit reports is $5 or more for each one (at this time). In addition, if you want a loan or needed a credit check, you have to pay for unlocks. Is it your fault you need that unlock? Demand an adequate amount of money to pay for lifetime credit locks and unlocks and credit monitoring. Even with credit locks, the credit is opened for a window of time where others could exploit it. This is serious and corporations shouldn't be trying to weasel their way out of their liability by offering one year of credit monitoring.

Reply | Post Message | Messages List | Start a Board

Sara Peters,
User Rank: Author
3/18/2015 | 8:54:02 AM

Re: Your rights when critical data is stolen; demand fair compensation

@xmarksthespot Well, I agree with you, that one or two year/s of credit monitoring doesn't help all that much if Social Security numbers were compromised, because SSNs last forever. They might get stolen today and still be used fraudulently 10 years from now.

I doubt there will come a time when companies are required to do as you suggest, but maybe if they were, they would be inspired to invest in more security measures.

Reply | Post Message | Messages List | Start a Board

SgS125,
User Rank: Ninja
3/18/2015 | 10:48:01 AM

Lifetime?

I agree that the free monitoring will not really help for most cases of fraud and abuse of PII, but what about having to show damage if you require a company to provide you with lifetime protection?

There are many cases of data breach in 2014, not all lead to financial loss of identity theft.

Perhaps if someone wins a lawsuit showing some strong evidence of lifelong risk of loss then we can make the solution fit the problem.

You will always have the risk of Identity Theft even if your information was not lost in a data breach. A dedicated foe can cause as much damage as a script kiddie using SQL injection.

Reply | Post Message | Messages List | Start a Board

ajones980,
User Rank: Strategist
3/19/2015 | 1:48:05 PM

Not two companies - the same one, same breach.

Lifewise & Premera are basically the same company. Note that their careers links take you to a premera.com job site. This, combined with the same content at premeraupdate.com and lifewiseupdate.com, appears to show that this is one attack on one target.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Emerging Cybersecurity Technologies - A Dark Reading Mar 23 Event

Black Hat USA - August 5-10 - Learn More

Black Hat Asia - May 9-12 - Learn More

More Informa Tech Live Events

White Papers

How Machine Learning, AI & Deep Learning Improve Cybersecurity

State of Email Security

Ransomware Resilience and Response: The Next-Generation

Ransomware Is On The Rise

State of Ransomware Readiness: Facing the Reality Gap

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

The Promise and Reality of Cloud Security

Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2023-25135
PUBLISHED: 2023-02-03

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are...

CVE-2022-4634
PUBLISHED: 2023-02-03

All versions prior to Delta Electronicâ€™s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.

CVE-2023-0123
PUBLISHED: 2023-02-03

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.

CVE-2023-0124
PUBLISHED: 2023-02-03

Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.

CVE-2023-24613
PUBLISHED: 2023-02-03

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend bin...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]