- FDIC reports five ‘major incidents’ of cybersecurity breaches since fall. From Washington Post. The Federal Deposit Insurance Corp. (FDIC) on Monday retroactively reported to Congress that five additional “major incidents” of data breaches have occurred since Oct. 30. FDIC also is launching “a new initiative to enhance security.”The incidents involved the breach of taxpayers’ personally identifiable information, The Washington Post has learned. In each case, employees with legitimate access to the information were leaving the agency when they inadvertently downloaded the data along with personal files. The individuals involved provided affidavits saying the data was not shared.
- Leading by example: the federal CISO and cybersecurity collaboration. From FCW. In 2015, there were 781 known data breaches in the United States, according to the Identity Theft Resource Center, exposing a staggering 169 million records. Records described as government/military accounted for 20.2 percent of those that were exposed via data breach, while healthcare accounted for 66.7 percent of compromised records. And given that many organizations do not report data breaches for fear of damaging their reputations, we know the true numbers are significantly higher.
- Researcher arrested after reporting hole in elections site. From The Register. Vanguard Cybersecurity man David Levin was arrested after exploiting and disclosing SQL injection vulnerabilities that revealed admin credentials in the Lee County state elections website. The Florida Department of Law Enforcement says the 31-year-old Estero man hacked into Lee County state elections website on 19 December. Levin faced three third-degree felony counts of property crime. Levin was released on a US$15,000 bond.