Monday Morning News Kick Off: New Law Lets Banks Recover Data Breach Costs; and Industry Groups Question the Cybersecurity Act

Welcome to the Monday Morning News Kick Off post from the ITAC blog. As our loyal readers know, we like to pull together all of the major stories related to identity fraud, data breaches and cyber security in one place. Our aim is to provide our readers a single online destination for all the news that matters. For this week’s post, we highlight a story about a new law that lets banks recover data breach costs, as well as a piece about the Business Software Alliance (BSA) and the Information Technology Industry Council (ITI) questioning regulations in the Cybersecurity Act.

New Law Lets Banks Recover Data Breach Costs
Washington last week became the third state to pass legislation that will allow banks to recover certain costs and damages from retailers and credit card processors that suffer data breaches after failing to comply with current Payment Card Industry (PCI) standards. The law, which goes into effect on July 1 in Washington, follows similar laws passed in the states of Minnesota and Nevada and marks a fundamental change in the way government and private sector industries assign responsibility and accountability for preventing identity theft. Read the full eSecurityPlanet.com article here.

Interesting Data about Data Breaches
In a recent ESG Research survey, we asked security professionals at enterprise organizations (i.e. 1,000 employees or more) whether their organization had suffered a data breach within the last year. Here are the results: Yes, several incidents: 11%; Yes, one incident: 23%; No: 63%; and Don’t know: 3%. In total 34% of these enterprise organizations suffered at least one breach. This is consistent with other ESG Research surveys over the past 5 years, indicating that the data breach problem is not getting any better. Read the full post by Jon Oltsik of Network World here.

Protect Your Data from the Next ‘Card Hacker’
A federal judge sentenced the hacker behind the largest compromise of credit and debit card data in U.S. history to a 20-year sentence this week. While the exploits used to swipe data from over 130 million accounts went beyond cracking passwords, there are some basic precautions businesses should take to protect data from similar breaches and minimize the impact if a breach does occur. Alberto Gonzales, the attacker behind the notorious data breaches at TJ Maxx, and Heartland Systems–among others–caused nearly $200 million in damages for the companies, banks, and insurers impacted by his attacks. That figure doesn’t include the money, time, and mental anguish of the individual customers affected by the data breach. Read the full PC World article here.

Industry Groups Question Regulations in Cybersecurity Bill
A U.S. Senate committee has dropped some of the most controversial pieces of a wide-ranging cybersecurity bill that had been stalled for nearly a year, but some tech industry groups still have concerns about new regulations that the legislation would create for some companies. The U.S. Senate Commerce, Science and Transportation Committee, on March 24, approved the Cybersecurity Act by a voice vote, but representatives of trade groups the Business Software Alliance (BSA) and the Information Technology Industry Council (ITI) said they hope they will see changes to the bill before it moves forward. Read the full PC World Business Center article here.