Oh eBay! How could you let this happen!? All of those passwords lost, all of us scrambling to change our passwords. Why doesn’t this happen to anyone else?
It does. Daily. And it will continue to happen if companies and governments continue to ignore the security of your data.
For you, Joe Sixpack and Joan Winebottle, how are you supposed to find out if your private information has been leaked or stolen? Most of you can name one incident, from the past year, at best: eBay’s horrendous data breach. Some of you can name two – eBay and Target. Don’t be upset, there really aren’t many ways to keep on top of this other than trusting major news outlets and the companies we use to let us know.
Or is there? You’ll be shocked to see how many different organizations are tracking this sort of thing and reporting to anyone who will listen. You can listen too!
An outfit in Russia is faithfully reporting data leak news for all kinds of leaks. Could be a stolen government laptop or a huge database dump from a major retailer. There are several things to like about InfoWatch’s Data Leakage News service. First, you can get the news in English, German, and of course, Russian. There is some discrepancy between the news in each language, though.
You’ll get the most up-to-date news on the English page. Second, you can subscribe to it via Really Simply Syndication (RSS) feed in your favourite feed reader, English only though. If you’re not using RSS feeds, look into them. They’re a great way to get just the news you want, quickly.
Of course the service isn’t entirely out of the goodness of their hearts; they do run a healthy business in data protection products and services as well. It makes sense to make people aware of the problem, if you have solutions for that very problem.
SC Magazine – The Data Breach Blog
The folks over at SC Magazine have extensive coverage and also provide insight into data breaches. Unfortunately, they are split between the US site, providing coverage presumably for the western hemisphere, and the UK site, providing coverage for everyone on the right side of the Atlantic over to the Pacific.
SC Magazine does have a Twitter feed providing instant info about information security in general. Again, this service is fragmented into the US Twitter and UK Twitter divisions as well. Why couldn’t they put this into one nice package? It’s easy enough to follow both of them, I suppose.
ITPRO offers IT analysis and business insight with it’s news web site. The Data Leakage section not only covers breaches as they are reported but, like the tag line says, offers insight into the causes, impact, and prevention of data breaches.
It’s a good adjunct to straight-out announcement of breaches. By following up on an event, we can all learn from it and know better what we can do, as individuals and businesses, to lessen the frequency and impact of such events.
In a similar vein to ITPRO, CRN offers data breach news and analysis. You can follow the Data Leakage page or you can sign up for their general IT security RSS feed. The information is presented in a way skewed towards IT businesses, yet is still quite useful to the average person.
Sites like this make a good second or third source for information, if you want to keep on top of data loss. They may not get the announcement of a breach out as quick as other sites, but they offer greater context to the issue of data security in general.
DATALOSSdb – Most Recent Data Loss Incidents
An initiative of the Open Security Foundation, this site has data loss incident reporting done right. Can I say it any plainer? Even in the screenshot below, you can see that they report on a data loss involving as few as 11 users right up to eBay’s impact on 145 million users. Chances are, if a data breach has been reported, you’ll see it here first. The only downside right now is that it is focused mainly on the US. The news is gathered from states’ sources and volunteer reporting. With your support though, this well-designed service could grow to be a world-wide resource. I hope it does!
DATALOSSdb catalogues each incident with it’s own page so that it functions like a wiki for every breach. There’s a summary of the event, timeline, references for sources, costs summary, and of course comments. You can even add attachments relevant to the breach. Perhaps news clippings or short videos related to an event.
On top of providing an easy-to-read list of events, it is an actual database out of which you can draw customized information. You can filter by a great number of criteria, such as: data types, sectors, sources, and breach types. You can get their information delivered via e-mail newsletter, , and Twitter.
When you look at the Primary Sources page on the site, you’ll see that a lot of the information is available from government organizations. What you can learn from this is that federal, state, provincial, and municipal governments may have their own news feeds about data loss. Check the sites of those government organizations related to you, to see if they do have a policy of reporting data breaches as they happen.
The worst data breaches are the ones you never hear about. You don’t get a chance to respond to those and lessen the damage to yourself. However, with all the resources in this article, and all the ones that will surely be mentioned in the comments, you can stay abreast of breaches. You can also take some more steps to making sure that your credit cards are safe online and your cloud data is secure. After all, we’re all in this together.