Former Equifax CEO Richard Smith this week heads to Capitol Hill to testify about the massive breach suffered by the credit bureau. Lawmakers will likely focus on breach detection and response, information security practices and the suspicious timing of three executives' stock sales.
The recent Equifax mega-breach demonstrates how essential it is to have a robust, well-tested incident response plan in place that includes a strong public relations component, says Heath Renfrow, CISO at U.S. Army Medicine
Upscale supermarket chain Whole Foods Market says it's investigating a payment card breach affecting dozens of taprooms and an unspecific number of restaurants located inside its stores. But it says no point-of-sale systems at checkout lanes were compromised.
Leading the latest edition of the ISMG Security Report: an interview with NIST's Ron Ross about revised guidance on how to get C-suite executives to help shape information risk management. Also, DHS, FBI leaders outline goals for protecting the U.S. election system.
Haryana has launched its own cybersecurity framework. But some security practitioners question whether it's really necessary, given the national policy in place. And they point to a lack of detail in the state policy, such as the failure to spell out penalties to be imposed if a firm fails to protect data.
New York state's financial regulator has reportedly subpoenaed Equifax - in the wake of it suffering a breach affecting 143 million U.S. consumers - seeking extensive documentation, including when and how the credit-reporting agency discovered the breach and responded.
Fast-food chain Sonic Drive-In is investigating a potential breach involving customers' payment card data. Its alert follows a large, potentially related batch of stolen card data appearing for sale on a cybercrime "carder" marketplace called "Joker's Stash."
Organizations need to develop "a friendly business relationship" with law enforcement so they can share information about a data breach to help with the investigation, says Luis Cerritos of the Royal Canadian Mounted Police.
Richard Smith has exited the Equifax building. Following in the footsteps of the CIO and CSO, Richard Smith - Equifax's embattled CEO and board chairman - has "retired" following the company suffering a massive breach that has left millions of Americans at risk of identity theft.
The chairman of the Securities and Exchange Commission, Jay Clayton, promised the Senate banking committee Tuesday that his agency is pursuing numerous cybersecurity improvements in the wake of a May 2016 breach.
Experts speaking out on how boards of directors and CISOs must do a better job in strengthening board involvement on cybersecurity matters leads the latest edition of the ISMG Security Report. Also, "Catch Me if You Can" impostor Frank Abagnale on the Equifax hack.
"Big four" accounting firm Deloitte suffered a breach last year that may have exposed 5 million internal emails as well as usernames and passwords, client information and health details, the Guardian reports.
All the key players of a company's management group, including the CISO, need to be involved in the decision about whether to invest in cyber insurance, says Greg Markell of Ridge Canada Cyber Solutions, a cyber insurer.