It's clear that major data breaches have become not just a topic of mainstream news, but they're occurring with such frequency and potential devastation that they're almost deserving of a 24-hour news desk.
The House Subcommittee on Commerce, Manufacturing and Trade heard from Sony and Epsilon about breaches that adversely affected consumer information. Both companies support a national data security and breach notification law.
Organizations looking to improve their privacy management in the event of a breach "have to continually plan and prepare," says Nationwide's Chief Privacy Officer Kirk Herath. That means putting into writing a comprehensive plan.
Lockheed Martin, the country's largest military contractor, is investigating the root of a "significant and tenacious" attack against its information network. Could this attack be linked to the RSA SecurID hack earlier this year?
Many organizations are unprepared to adequately respond to a breach, security expert Bob Chaput says. "Breach notification planning is just a fundamental, basic part of risk management in the new millennium," he adds.
The recent Sony and Epsilon breaches sent a strong reminder that companies lack transparency and aren't prepared to respond to a breach once it occurs, says Kirk Herath, Chief Privacy Officer at Nationwide Insurance Companies.
Two stories stand out when I look back on the month of May: the POS PIN pad swap scheme that hit Michaels crafts stores in more than 20 states and the insider job at Bank of America that led to $10 million being stolen from some 300 customer accounts.