One of the goals of our HITECH Law blog is to start dialogue and share information and insights in the ever changing world of cyber security. In our previous post, “Ten Easy Cyber Security Measures…”, we relayed some information from the FBI about thieves breaking into gas pumps and inserting card readers. One of our readers sent us some additional information we are passing along, with her permission.
“Some responsible retailers have studied how criminals are getting into pumps, and those retailers have invested a lot of time and money in pump protection after delivery from the manufacturer. Because the safety and security of our guests is of utmost importance to us, Thorntons has spent more than $1 million over the past 18 months to make our pumps more secure for our customers. To prevent card skimming at Thorntons’ pumps, we added card reader cages to every pump. Additionally, Thorntons installed other hardware to its pumps, inside and outside the pump, to protect the security of entry points where criminals try to access the pumps for purposes of installing skimmers. We inspect our pumps daily, closely monitor our systems, and stay abreast of technology updates so as to improve our pump security systems every day.”
Shelly S. Gibson, Chief Legal Officer/General Counsel, Thorntons Inc.
And speaking of sharing cyber threat information, The Cybersecurity Act of 2015 (the “Act”) was signed into law on December 18, 2015. The stated purpose of the Act is to encourage businesses to quickly share information about cybersecurity threats, incidents, security vulnerabilities and defense mechanisms with the federal government without liability provided the sharing is done in accordance with the Act. There is no duty to share information under the Act. The Act is not without controversy and concerns, however. Although the Act does not address the sharing of information business-to-business directly, businesses should be careful with whom security information is shared, the type of information shared and the manner in which information is shared so as to ensure that the information shared does not land into the wrong hands.