Down The Security Rabbithole

In this episode   Class action lawsuit against SuperValu dismissed No damage (use of stolen information) so there's no case? As time passes, risk of use of stolen data, according to judge, decreases The precedent appears to be that in order to sue, you have to prove damage (imagine that?) http://legalnewsline.com/stories/510661014-data-breach-class-action-against-grocery-chain-dismissed Nieman Marcus - breached again (with another lesson this time) http://www.bankinfosecurity.com/neiman-marcus-reports-new-breach-a-8843 So is it official, not having MFA is weak authentication? Is someone accessing accounts through the web interface with stolen passwords a “breach”? Encryption would have done nothing to save any of this information as it was accessed through the interface. Did they have account lockout?  What's the rest of the story here? Hacker steals and releases information on 30,000 FBI and DHS employees The biggest weakness is always the human who wants to be helpful What does this mean for the enterp