Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: Cybersecurity

OPM, DoD Announce Identity Theft Protection and Credit Monitoring Contract

OPN News Release: ” The U.S. Office of Personnel Management (OPM) and the U.S. Department of Defense (DoD) today announced the award of a $133,263,550 contract to Identity Theft Guard Solutions LLC, doing business as ID Experts, for identity theft protection services for 21.5 million individuals whose personal information was stolen in one of the largest cybercrimes ever carried out against the United States Government. These services will be provided at no cost to the victims whose sensitive information, including Social Security numbers, were compromised in the cyber incident involving background investigations. ID Experts will provide all impacted individuals and their dependent minor children (under the age of 18 as of July 1, 2015) with credit monitoring, identity monitoring, identity theft insurance, and identity restoration services for a period of three years. This task order was awarded under GSA’s Blanket Purchase Agreements (BPA) for Identity Monitoring, Data Breach Response and Protection Services which GSA awarded today. The U.S. Government, through the Department of Defense, will notify those impacted beginning later this month and continue over the next several weeks. Notifications will be sent directly to impacted individuals.  For more information, or to sign up for email alerts, please visit https://www.opm.gov/cybersecurity.”

Health Care and Cyber Security: Increasing Threats Require Increased Capabilities

KPMG – “Four-fifths of executives at healthcare providers and payers say their information technology has been compromised by cyber-attacks. At the core of the increased risk to healthcare organizations is the richness and uniqueness of the information that the health plans, doctors, hospitals and other providers handle. Apart from typical financial fraud, there is alsoContinue Reading

EY, LANL make new cybersecurity tools available to private sector

News release: “Ernst & Young LLP and Los Alamos National Laboratory have formed a strategic alliance to deliver some of the most advanced behavioral cybersecurity tools available to the commercial market. “Cybersecurity attacks are ever more frequent and more sophisticated, and they destroy the trust needed to conduct business,” said Duncan McBranch, Chief Technology OfficerContinue Reading

Appeals Court Upholds FTC’s Data Security Authority

EPIC – “A federal appeals court ruled that the Federal Trade Commission can enforce data security standards. In FTC v. Wyndham, the agency sued Wyndham hotels after the company exposed financial data of hundreds of thousands of customers. The company argued that the FTC lacked authority to enforce security standards, but the court disagreed. EPICContinue Reading

FCW obtained official timeline of OPM data breach

FCW.com: “An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data and the government’s step-by-step response. It illuminates a sequence of events that lawmakers have struggled to pin down in public hearings with Obama administration officials. The timeline makes clear that the heist of dataContinue Reading

Mandatory Minimum Sentencing: Federal Aggravated Identity Theft

CRS report vai FAS – Mandatory Minimum Sentencing: Federal Aggravated Identity Theft – Charles Doyle, Senior Specialist in American Public Law. August 20, 2015. “Aggravated identity theft is punishable by a mandatory minimum sentence of imprisonment for two years or by imprisonment for five years if it relates to a terrorism offense. At least thusContinue Reading

Administrative Investigation, Improper Use of Web-based Collaboration Technology, VA Office of Info Tech

Office of Inspector General Office of Veterans Affairs – Report Number: 13-03054-463 – Redacted – 8/17/2015. “VA employees improperly used Yammer.com, a Web-based collaboration technology, which was not approved or monitored as required by VA policy. Further, the website had vulnerable security features, recurring website malfunctions, and users engaged in a misuse of time andContinue Reading

How Victims Can Regain Control Mitigate Threats in Wake of OPM Breach

 “In June 2015, the Nation learned that the personnel records of 21.5 million United States citizens had been exfiltrated by an unknown adversary from the Office of Personnel Management, one of the largest known breaches in the history of the U.S. Government.  The immediate public outcry included congressional hearings attributing the breach to OPM administrators andContinue Reading

Invincea 1H 2015 Advanced Endpoint Threat Report

Nextgov: “Malicious code Russians reportedly used to jimmy open a White House network and malware Chinese hackers reportedly used to rupture insurer Anthem’s network were similar — and free, according to new research…The Anthem hackers compromised the Social Security numbers and other personal information of about 80 million customers. The White House hackers infiltrated anContinue Reading

Binaryedge Report – more than petabyte of data on unsecured servers

Via Digital Guardian – “The research firm Binaryedge says it found more than a petabyte of data stored in high performance databases like MongoDB is exposed to the public Internet.”

Paper – Is Biblioleaks Inevitable?

Dunn AG, Coiera E, Mandl KD. Is Biblioleaks Inevitable? J Med Internet Res 2014;16(4):e112 “In 2014, the vast majority of published biomedical research is still hidden behind paywalls rather than open access. For more than a decade, similar restrictions over other digitally available content have engendered illegal activity. Music file sharing became rampant in theContinue Reading

Another Snowden Reveal – Telecom Giant Provides Massive Data Pipeline to NSA

NYT and ProPublica investigative reports: “The National Security Agency’s ability to spy on vast quantities of Internet traffic passing through the United States has relied on its extraordinary, decades-long partnership with a single company: the telecom giant AT&T. While it has been long known that American telecommunications companies worked closely with the spy agency, newlyContinue Reading