Feb 16, 2016

In this episode

Class action lawsuit against SuperValu dismissed

• No damage (use of stolen information) so there's no case?
• As time passes, risk of use of stolen data, according to judge, decreases
• The precedent appears to be that in order to sue, you have to prove damage (imagine that?)
• http://legalnewsline.com/stories/510661014-data-breach-class-action-against-grocery-chain-dismissed

Nieman Marcus - breached again (with another lesson this time)

• http://www.bankinfosecurity.com/neiman-marcus-reports-new-breach-a-8843
• So is it official, not having MFA is weak authentication?
• Is someone accessing accounts through the web interface with stolen passwords a “breach”?
• Encryption would have done nothing to save any of this information as it was accessed through the interface.
• Did they have account lockout?  What's the rest of the story here?

Hacker steals and releases information on 30,000 FBI and DHS employees

• The biggest weakness is always the human who wants to be helpful
• What does this mean for the enterprise, when gov falls victim?
• http://dailycaller.com/2016/02/10/having-trouble-hacking-government-agencies-just-call-their-help-desks/

Hacked toy company tries a different tactic

• VTec gets hacked, changes TOS
• New TOS is "we'll be hacked, too bad so sad" is what it amounts to
• Is this realistic? Should this be the new standard?
• http://motherboard.vice.com/read/hacked-toy-company-vtech-tos-now-says-its-not-liable-for-hacks