Among other significant differences between the federal bill and the state’s notification law, according to the Consumer Federation of California: The federal law would eliminate a state requirement that the California attorney general be given notice of any security breach; it would allow the state attorney general to file a civil lawsuit but prevent individuals from suing over a data breach; it would no longer require breached companies to provide free ID theft protection services, such as credit monitoring and fraud alerts.
A bill pending in Sacramento would force Uber, Lyft and other ride-hailing companies to follow stricter privacy rules. AB886 specifies that the smartphone-ordered ride services cannot disclose any data on passengers except to combat fraud or other crimes. It also says the companies must destroy all personal information when customers cancel their accounts. “We want to put the consumers in the driver’s seat about who owns their data and personal information, instead of having them take a back seat,” said bill author Assemblyman Ed Chau.
These health data attacks give hackers all the information they need to assume a patient’s identity, launch targeted “phishing” attacks, clean out bank accounts and commit crimes under the victim’s name, said Pam Dixon, executive director of the World Privacy Forum, an arm of a nonprofit public interest research group in San Diego County. “What we have found with working with victims of medical identity theft is that most don’t find out for about two years,” Dixon said. “The sophisticated criminals who are committing these crimes are waiting to act on the data so there is less risk of being caught.”
In levying the $1.6 billion penalty for the San Bruno explosion, commissioners cited PG&E’s shoddy records, reckless practices and numerous safety violations leading up to the disaster. The 30-inch pipeline exploded when an incomplete seam weld that PG&E didn’t even know existed ruptured. Company records showed that the 1950s-era pipe had no seams, so PG&E never conducted the type of inspection that could have caught a flawed weld. Regulators found that PG&E had cut pipeline-safety spending during years when it was making record profits …
The information is being advertised for sale on the black market AlphaBay, a website that can only be accessed through the Tor browser, an anonymity-preserving network used by political dissidents, privacy-minded Internet users and criminals. One person using the alias “Courvoisier” claims to have “thousands” of “hacked accounts” for sale, each for as little as $1.