Archive for February, 2009
Data Breach = Class-Action Lawsuit
In our sue happy society, it doesn’t seem to matter how or why a breach occured. It doesn’t matter if the data was touched, manipulated, or used for any purpose (including fraud). It doesn’t matter if the data was found intact and unobserved. If you have a data security breach of just [...]
Another Payment Processor Compromised!?
It looks like another payment processor has been breached by hackers. Although the name of the processor hasn’t been given yet, I thought it was interesting that in the news articles it states that this data was collected for up to 12 months. We don’t know yet how long the malware was in [...]
Data Breach State by State Comparison
http://datalossdb.org/statistics
When you compare a chart of the states that show the number of data security breaches to one that shows the states that have data breach notification laws, you might assume that the states that don’t require businesses to disclose this information would have fewer known breaches than most others.
The six states that [...]
2nd 20MM Class Action Lawsuit against RBS WorldPay
A firm in Philadelphia has filed a second class action lawsuite against RBS WorldPay in the amount of 20 million. This is after criminals stole 9 million in a highly coordinated ATM fraud scheme. See previous post here for more information.
It is becoming so that data breach is synonymous with [...]
P2P Greater Threat Than Theft & Media Loss
In a new from Dartmouth University, P2P applications were found to be a greater threat to healthcare data than theft & loss of portable storage media. The study is called “Data Hemorrhages in the Health Care Sector”. Apparantly Healthcare organizations often store sensitive data in forms such as word docs and excel. [...]
RBS WorldPay Breach tied to Massive ATM Fraud
Criminals stole 9 million dollars in a well coordinated attack. They used less than 100 cloned ATM cards at 130 ATMs in 49 different cities all in less than one hour.
http://www.myfoxny.com/dpp/news/090202_FBI_Investigates_9_Million_ATM_Scam
http://blog.wired.com/27bstroke6/2009/02/atm.html
Most Application Vulnerabilities Not Patched in 2008
In a new report from IBM, most application vulnerabilities were not patched in 2008. According to the report, 55% of application vulnerabilities are web applications. Of those, just about 75% have no patches available. With 80% of malware sites being hosted on legitimate websites, it offers an environment condusive to a great [...]
Veterans Administration to pay 20 million for data breach
-The VA willing to settle for 20 million in class-action lawsuit
-Robery in May 2006 of portable media and laptop containing personal information
-Media and laptop recovered with no sign that the data had been accessed or used
-26.5 million individuals are listed as part of the class-action lawsuit
http://www.cnn.com/2009/POLITICS/01/27/va.data.theft/
http://www.msnbc.msn.com/id/28880494/
Heartland Payment Systems Data Breach
Heartland Payment Systems of NJ announced (during the presidential inauguration) that they have experienced a data security breach that may well be the largest in US history. Although no one has specified an exact number of records compromised, the fact that they process about 100 million credit cards each month means the number will [...]
Beware of these 3rd Party Providers
A list of the 3rd party providers who were responsible for the compromise of their customers sensitive data. Data breaches by 3rd parties are becoming more and more prevenlant. Any time you grant access to sensitive data by a 3rd party, you should ensure they are following strick data security controls, policies, and procedures.