Data breach law links for Sept 9, 2016.  

Key takeaways: you’re not immune from data breaches; maintain at least some semblance of security; have a plan.

1. 43 million is an awful lot of customers to notify that their Last.Fm accounts were hacked, or why 123456 isn’t a secure password. Read more….

2. And another company not using hashed passwords….. Rambler.ru. Another reminder why 000000 isn’t a secure password. Read more….

3. Congressional Report Slams US Office of Personnel Management on Data Breach:

“Probably the most incisive portion of the assessment is the timeline of major events in the breach, which details a series of miscalculations on the part of the OPM leadership. The analysis paints the picture of a chronic — almost willful — underestimation by senior leadership at OPM about the seriousness of the threat facing the agency, until it was too late.”

Read more at krebonsecurity….

4. Make a plan, practice the plan, appoint a delegated authority. Sounds like good advice. Worth reading an excellent article by Linda Musthaler on networkworld.com

5. An older article, but just to remind you that nobody is safe from data breaches, not even Google: read more….

6. 20 second of physical access with a $50 device is all that’s need to steal login credentials. How are you supposed to protect against that? Good article here, by Dan Goodin.

7. Data Privacy Law: The 5 different areas businesses should be concerned with. Read more…..