Amendments to TITEPA: Breach Notification and Privacy in Texas

by Sarah Harvey / December 15, 2022

Organizations are experiencing increasing commercial pressure from their business customers and individual consumers to provide timely, clear, and adequate breach notification. Now, organizations are facing increasing regulatory pressure to provide timely, clear, and adequate breach notification. One of the most recent regulatory changes apply to the Texas Identity Theft Enforcement and Protection Act (TITEPA). These changes create additional regulatory requirements and force businesses to disclose certain security breaches directly to…

How Much Is Your Data Worth to Hackers?

by Sarah Harvey / June 14, 2023

How much do you think a buyer on the dark web would pay for stolen data? How much would you estimate a hacker can profit off of personal data? The truth is, the price of stolen data is worth the risk for hackers but always costly for organizations that store, process, transmit, or destroy personal data. How Do Hackers Make Money? When a system is breached and personal data is…

10 Most Common SOC 2 Gaps

by Sarah Harvey / June 13, 2023

In 2019, State Farm notified policyholders of a cybersecurity attack in the form of credential stuffing, a tactic often used by hackers that relies on a lack of password maintenance. State Farm took proper measures to reset passwords and notify affected parties of the attack, but what if State Farm employees were properly implementing multi-factor authentication practices from the start? Would this attack have even happened? How could State Farm…

Lessons Learned from the Imperva Data Breach

by Sarah Harvey / December 15, 2022

In August 2019, a third-party bug bounty discovered a data breach that exposed email addresses, hashed and salted passwords, API keys, and TLS keys for a subset of Imperva’s, a leading provider of Internet firewall services, cloud WAF users. This proves that no matter the vendor, you must perform your due diligence to ensure your own security won’t be at risk by working with a certain vendor – even if…

Lessons Learned from Capital One’s Incident Response Plan

by Sarah Harvey / December 15, 2022

There were many missteps that led to the Capital One breach, but what’s the one thing that went as planned? From our perspective, Capital One’s incident response plan seemed to function as intended. Incident response is incredibly important following a breach – that’s why having a plan and team in place is required by so many information security frameworks. The data proves the importance of incident response plans as well.…