Experian breach highlights need for collaboration among government agencies

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.insidecounsel.com/2015/10/13/experian-breach-highlights-need-for-collaboration

In yet another massive cyber breach into American companies, Experian — a
huge global credit monitoring firm — experienced a hack that reportedly
exposed the personal data of 15 million T-Mobile customers. As T-Mobile is
a wireless company doing all it can to dig itself out of the fourth spot in
the U.S. telco line-up (behind Verizon, AT&T, and Sprint), this new is
naturally dire for both customer and brand. The focus now turns to what
regulatory bodies — namely the FTC (Federal Trade Commission) and FCC
(Federal Communications Commission) — will do about this breach, and how to
move forward to reimburse customers if necessary and protect against future
hacks.

But the answers, as we know now with cyber security issues, are not so
black and white. Craig A. Newman, a leading legal authority on cyber
security and chair of the Privacy and Data Security practice at Patterson
Belknap Webb & Tyler LLP, says that — from a legal perspective — the data
that has been compromised in the Experian breach sits in between the FTC
and the FCC, one for its charge of protecting consumers from unfair trade
practices, and the other for ensuring that telcos protect customer
information.

What’s at the crux here is the jurisdiction of both entities; Newman writes
in his blog that the FCC has started to flex its enforcement muscles,
particularly highlighted by its $25 million settlement with AT&T over a
consumer data breach. And the FTC’s Director of Bureau Consumer Protection
Jessica Rich as publicly stated that there is no rivalry between the two
agencies.

Although rivalry might be the wrong word for the jurisdictional
complications regarding cyber breaches. As has become clear over the last
several years, the U.S. government has inadequate procedures and policy for
dealing with mass cyber hacks, and is not the only country to be struggling
so. In fact, international bodies on a broad scale are grappling to
understand the origins and attribution of such massive breaches, only to
fail. In turn, the government-based agencies have their work cut out for
them. Newman writes:

“The Experian hack will likely challenge the thesis that federal agencies
can work together on data breaches. The information compromised by hackers
falls in the laps of both the FTC and FCC.”

It is clear that a new order is required to investigate, understand,
analyze, and ultimately change the approach to large-scale cyber crime.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!