By Tony Cole, CTO, Attivo Networks Cybersecurity experts know that attacks targeting government and critical infrastructure organizations are nothing new. Still, over the past two years, the effects of those attacks have begun to reverberate into the public consciousness. Incidents like the Colonial Pipeline hack and the attack on the Oldsmar, Fla., water treatment facility …
FREMONT, Calif. – May 21, 2019 – Attivo Networks®, the award-winning leader in deception for cybersecurity threat detection, today announced that Brian Finch, a leading cybersecurity regulation and government affairs advocate, has joined its Advisory Board. Finch joins current board members, Lance Spitzner, Marshall Heilman, and Bill Ender in providing Attivo Networks expert insights on cybersecurity industry regulation, certifications, and the incorporation and application of deception technology.
A year and nearly four months after the measure was introduced, the NIST Small Business Cybersecurity Act officially passed after President Donald Trump signed the legislation into law. Originally proposed as H.R. 2105 in April 2017, the act was later absorbed into U.S. federal law S.770, and requires the director of the National Institute of …
Last week, two top Democrats, Sens. Mark Warner, D-Virginia, and Elizabeth Warren, D-Mass., called for increased governmental oversight over credit reporting agencies and stiff penalties for those agencies should they fail to protect consumers’ personal information.
But credit reporting agencies are far from the only companies that house consumers’ data.
Banks, credit unions, insurance companies, title insurers, and other companies are also tasked with safeguarding the information they possess.
And now, the trade groups that represent many of those companies are also asking for the government to enact new data security rules.
In a letter sent earlier this month to House Energy and Commerce Committee Chairman Rep. Greg Walden, R-Oregon, and Rep. Bob Latta, R-Ohio, the chairman of the House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection, a collection of 22 trade groups say that they support new data security legislation because their member companies take data security “very seriously.”
The groups also lay out their vision for how that data security legislation should look.
Two senators on Wednesday proposed “massive and mandatory” fines for data breaches at Equifax Inc. and other credit reporting companies, starting at $100 for each consumer whose sensitive information is compromised.
The bill from Sens. Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) would add a $50 fine for each additional piece of compromised personally identifiable information for each consumer. The penalties would double in cases where the credit reporting firm did not comply with federal data security standards or failed to notify officials of the breach in a timely manner.
If the legislation had been in place when Equifax had a data breach last year that exposed the Social Security numbers and birth dates of as many as 145.5 million Americans, Equifax would have faced a fine of at least $1.5 billion, the senators said.
The bill, called the Data Breach and Compensation Act, would direct the Federal Trade Commission to funnel half of any fine to compensate affected consumers. The agency could levy fines of as much as 75% of the credit reporting company’s gross revenue from the prior year.
“Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax — and provides robust compensation for affected consumers — which will put money back into people’s pockets and help stop these kinds of breaches from happening again,” Warren said.
The Equifax data breach, made public in September, sparked bipartisan outrage, partly because the hack took place after the company failed for several months to fix a software flaw that federal officials had warned about in March.
Equifax also bungled the aftermath of the breach, waiting nearly six weeks to notify the public after learning of the hack and then initially making people give up their right to sue if they wanted free credit monitoring and identity theft protection. Equifax later backtracked on that requirement.