Sony, Citigroup, Michael’s stores, Epsilon, Massachusetts unemployment recipients, Texas state retirees, etc., etc.  Data breaches this year have affected hundreds of millions of accounts of all stripes and it might just be time for a new law.

OK, new law haters, there’s some rationale here. Wildly inconsistent reporting by companies (and government agencies) has left consumers ignorant of their status as victims. And wildly inconsistent levels of security of personal data has caused some companies to give up their customer records to thieves by the million.

Data breach news tends to trickle out and usually those affected find out quite some time after their information has been sent to parts unknown. Citi

Full Article…

Sony estimates the massive data breach affecting 100 million PlayStation Network, Qriocity, and Sony Online Entertainment customers have cost $171 million so far.   However, lawsuits and regulatory fines could push that figure much higher.

The money has been spent on providing identity theft protection to affected customers, costs from welcome back programs that offer services for free, customer support costs, network security enhancement costs, legal and consulting costs, as well as lost revenue, Sony said.

Sony stressed that it has not received “any confirmed reports of customer identity theft issues, nor any confirmed misuse of credit cards” from the data breaches.

The company acknowledged that class action lawsuits have been filed against the company and some of its subsidiaries and regulatory inquiries have been initiated. These

Full Article…

A massive data breach at Sony’s PlayStation Network has left customers worrying about that their personal information including credit card information. Sony is hoping to ease concerns by offering free identity theft protection to affected customers.

The PlayStation Network links gamers worldwide in live play and serves the company’s Qriocity movie and music services.

Sony says the identity theft protection will be free for 12 months after enrollment. The company says account holders should expect an email in coming days with instructions on how to enroll.

Those who enroll will receive monthly status reports and alerts if the program detects their personal information is being misused. The program also includes an insurance policy that provides up to $1 million in relief for covered costs for a year after an identity theft incident.

Customers will have until June 18th to sign up for the program.

Sony shut down its PlayStation Network on April 20, a day after it said it began investigating unusual activity. The

Full Article…

It seems that major data breaches are happening on a daily basis these days.  Just recently we had the much covered Epsilon breach, as well as the recent attack on security provider Barracuda Networks – just to name a few.

Today we are speaking with Greg Reber, founder and CEO of AsTech Consulting. Si

Full Article…

Health Net who provides health insurance to 6 million people nationwide, has suffered a large data breach affecting around 2 million people.

The California based company lost data servers containing health and financial records for 1.9 million customers. The personal data also included Social Security numbers.

“While the [internal] investigation continues, Health Net has made the decision out of an abundance of caution to notify the individuals whose information is on the drives,” the company said in a statement.

 “Health Net has agreed to provide two years of free credit monitoring services to its California enrollees, in addition to identity theft insurance, fraud resolution and restoration of credit files, if needed,” department spokeswoman Lynne Randolph said in a statement.

In January, Health Net learned it was missing some computer server drives, when its information-technology vendor couldn’t find them, the state Attorney General’s Office said Monday. The drivers

Full Article…

A California lawmaker has introduced a bill that would update the state’s current data breach notification law, SB-1386.  The new bill would include additional requirements for organizations that lose sensitive data.  This is the third time the bill has been proposed.

The proposal, introduced Thursday by Democratic state Senator Joe Simitian would require breach notification letters contain specifics of the incident.  This would include the type of personal information exposed, a description of what happened, and advice on steps to take to protect oneself from identity theft. The new law would also require organizations suffering a breach affecting 500 or more people to submit a copy of the alert letter to the state attorney general’s office.

The proposed bill has gone to former Governor Arnold Schwarzenegger twice now, but both times was vetoed. 

Simitian said in a news release that he hopes the new administration, led by Governor Jerry Brown, “will give this issue a fresh look.”

“This new measure makes modest but helpful changes for consumers,” Simitian said. “By requiring n

Full Article…