The Weekly Five

The top five must-reads

We like to write our own articles, but we think others do it well, too

1. CafePress finally admits to being hacked

23,205,290 unique email addresses are thought to have been stolen by hackers from CafePress’s systems alongside passwords weakly stored as base64 SHA-1 encoded hashes. Some of the stolen records came complete with names, home addresses, and phone numbers.According to CafePress, “in a small number of cases” the last four digits of customers’ credit card numbers and credit card expiration dates have also been exposed. (GrahamCluley)

2. Click2gov experiences second large scale data breach since 2017

For the second time since 2017, the third-party government bill-payment portal Click2Gov has experienced a significant data breach affecting thousands of individuals in multiple cities across the U.S. (SC)

3. Who has to comply with New York’s new SHIELD Act?

The SHIELD Act amends New York’s data breach notification statute, General Business Law §899-aa, to update its definitions.* The Act also creates a new §899-bb, requiring substantive data security controls by any person or business that owns or licenses computerized data, including the defined “private information” of a New York resident.** In doing this, New York has brought itself into line with a number of states concerning how they define a data breach, and, where applicable, what substantive security controls they require. (JDS)

4. CEOs are finally pushing for federal privacy legislation; privacy advocates worry this will erode current privacy protections

In an open letter to Congress, 51 top CEOs in the United States requested swift passage of new federal privacy legislation. (CPO)

5. DoorDash confirms breach affected 4.9 million customers and merchants; only those who joined prior to April 5, 2018 were impacted

Food delivery service DoorDash confirmed a data breach affecting 4.9 million customers and merchants took place in May and included general PII and partial payment card information. (SC)