Links in “Cybersecurity/Data Breaches”

People will share passwords, forget them, do unsafe things to get their jobs done. Today's cybersecurity design requires zero empathy for human behavior, assuming that users will do everything wrong. [6/19/15]

FCC votes to exempt data breach and fraud alert messages from regulatory restrictions on calls and text messages to mobile devices, much to the banking industry's relief. But not everyone is happy. [6/19/15]

Virginia-based LastPass, a password managing service, disclosed and confirmed a breach of its databases. Hackers stole user email's and password reminders. [6/18/15]

It may be baseball, not banking, but if you had access to a competitor's list of favorite passwords and could access the folder where they keep their strategic plans, would you? Two key takeaways here: 1) it's all fun and games until the FBI and the Justice Department start investigating you, as they have the St. Louis Cardinals; and 2) if you have a favorite password you like to use on various sites, you're asking for trouble. [6/17/15]

Visa and MasterCard have confirmed that credit unions may disclose the name of merchants involved in data breaches.  This could eliminate some of the reputational risk when credit unions have to reissue cards to their members, but credit unions need to be careful to first confirm the name the merchant that has been breached in order to avoid potential legal issues. [6/17/15]

A popular cloud-based password management service is the latest to suffer a data breach. [6/16/15]

The FBI is reporting that it is seeing an increase in cyberattacks from a malware called “Punkey” named after the Punky Brewster TV character. The malware is designed to steal personal information from point of sale terminals and is increasingly being used in retail locations, such as restaurants, hotels, casinos and resorts. [6/15/15]

The NCUA’s Office of Inspector General has issued its audit report in which it finds that the agency does not require credit unions to encrypt member information during exams or use its tools to protect that information. The result is that sensitive member information could be at risk. [6/15/15]

More heat is on the U.S. Office of Personnel Management on the breach of up to 14 million records, as reports emerged that much of the stolen data were unencrypted. "There is no viable reason for sensitive government data to be left in a database that was cleartext and unencrypted, unless the goal was to have it stolen." [6/15/15]

Amid reports that the hack attack on federal employees' data was worse that first acknowledged, the Senate failed to advance a piece of cybersecurity legislation that was tacked onto a sweeping defense bill. "The cyber issue is so important that we shouldn't deal with it by stapling it to something else." [6/15/15]