Breaches & Exposures

FTP login credentials at major corporations breached

Greg Masters June 26, 2009

A trojan has reportedly been uncovered that is harvesting FTP login data of major corporations, including the Bank of America, BBC, Amazon, Cisco, Monster.com, Symantec and McAfee.
 

Security can drive business, Microsoft survey finds

Angela Moscaritolo June 24, 2009

Information security presents a unique set of challenges, but it also can enable business, a new Microsoft survey says.
 

TJX settles over breach with 41 states for $9.75 million

Dan Kaplan June 23, 2009

The settlement is just one in a long line of payoffs that followed one of the largest reported data-loss incidents on record.
 

Malicous attacks increase

Dan Kaplan June 17, 2009

The number of breaches caused by insider malfeasance or hacker attacks is creeping upward, according to the nonprofit Identity Theft Resource Center. The organization said Tuesday that 18.5 percent of 250 breaches reported to the center so far this year were related to insider theft, compared to 15 percent last year and six percent in 2007. Similarly, the number of incidents caused by hackers rose to 18 percent this year, compared to 12 percent in 2008 and 14 percent in 2007. Combined, the two categories represent a 10 percent hike over last year. - DK
 

FTC releases FAQs on Red Flags Rules

Angela Moscaritolo June 12, 2009

A new frequently-asked-questions document aims to clear up some of the confusion around the Red Flags Rules.
 

Army ends ban on Facebook, Flickr, other social media sites

Angela Moscaritolo June 11, 2009

Updated: Certain U.S. Army bases that formerly blocked access to Web 2.0 sites now permit users to surf to sites such as Facebook and Flickr.
 

Heartland, RBS WorldPay lawsuits consolidated

Dan Kaplan June 11, 2009

A federal court body ruled this week on where lawsuits against RBS WorldPay and Heartland Payment Systems will be heard.
 

Virginia notifies breach victims

Dan Kaplan June 05, 2009

The Virginia Department of Health Professions this week began notifying about 530,000 people whose Social Security number was part of records that may have been exposed when hackers gained access to the agency's Prescription Monitoring Program database. The agency learned of the compromise when it received letters that the culprits were demanding a $10 million ransom be paid, or they would release some eight million patient records. State officials still are unsure what information may be at risk but said they are sending the letters as a precaution. — DK
 

List of U.S. nuclear facilities inadvertently posted on website

Chuck Miller June 03, 2009

In an inadvertent security breach, a document that detailed information on nuclear sites was posted on the Government Printing Office's website.
 

Bank sues Savvis over 2005 CardSystems breach

Angela Moscaritolo May 28, 2009

Utah-based Merrick Bank claims to have lost $16 million as a result of a 2005 breach of payment card processor CardSystems Solutions and is now seeking legal restitution.
 

Clinton White House data on missing National Archives drive

Angela Moscaritolo May 20, 2009

The National Archives and Records Administration (NARA) has lost an external hard drive that contained copies of sensitive data belonging to the Clinton administration, the agency confirmed Wednesday.
 

Website risks highlighted in two new studies

Greg Masters May 18, 2009

Two reports released this week confirmed the tidal shift in the type of websites into which cybercriminals are injecting malware.
 

Study: Majority of adolescents online have tried hacking

Greg Masters May 15, 2009

A new study from Panda Security found that 67 percent of teenagers surveyed admitted to having tried to hack into friends' instant messaging or social network accounts.
 

Defense Department insider charged with espionage

Angela Moscaritolo May 13, 2009

A Defense Department official has been charged with espionage conspiracy after allegedly selling classified U.S. government information to an agent of the People's Republic of China.
 

$12.6 million spent so far to respond to Heartland breach

Dan Kaplan May 08, 2009

The chief executive of Heartland Payment Systems said Thursday that the payment processor so far has spent $12.6 million in responding to the massive data breach that was announced in January.
 

UC Berkeley suffers breach

Dan Kaplan May 08, 2009

Hackers breached a server in the health services center at the University of California, Berkeley, and accessed the personal data of more than 160,000 people, the college announced Friday. The stored database records included Social Security numbers and health insurance and other medical information. The intruders, believed to be based overseas, burrowed their way in through a public website. The breach, which began in October and continued through April, affected former Berkeley students and possibly their spouses or parents if they were linked to insurance coverage. — DK
 

Report: Web app hacks can invade air traffic control systems

Dan Kaplan May 07, 2009

The Federal Aviation Administration (FAA) on Thursday shot down a U.S. Department of Transportation report that its air traffic control (ATC) systems have been compromised because of insecure web applications -- but the agency agreed with the report's call for better security.
 

U.S. missile defense information found in disk bought on eBay

Angela Moscaritolo May 07, 2009

A hard disk containing the launch procedures for a U.S. military missile defense system was recently purchased on eBay.
 

Computer bot profusion swells dramatically

Chuck Miller May 06, 2009

In the past three months, twelve million new computers have joined botnets worldwide.
 

Hackers seek payment after break-in on state health care site

Dan Kaplan May 05, 2009

Security experts remain puzzled how hackers orchestrated their compromise of a Virginia state health care website.
 

LexisNexis admits to another major data breach

Angela Moscaritolo May 04, 2009

About 32,000 people are being notified that their personal information may have been compromised after a breach at consumer data provider LexisNexis resulted in identity theft and credit fraud, the company has disclosed.
 

Heartland again PCI compliant

Dan Kaplan May 01, 2009

Breached payment card processor Heartland Payment Systems has been again certified compliant with the Payment Card Industry Data Security Standard (PCI DSS), the company announced Friday. In March, two months after the breach was disclosed, Visa removed Heartland from its list of compliant service providers. Some experts questioned whether the removal meant merchants risked being fined for doing business with Heartland, but Visa issued a statement saying this was not true. Heartland said it is expects to rejoin the Visa-approved list on Monday. — DK
 

California breach law rises

Dan Kaplan April 28, 2009

The California State Senate has passed a law, SB-20, that would require breached organizations to provide victims with additional information. The legislation would mandate that companies tell customers what type of personal information was breached and when the breach occurred. Currently, the state's pioneering SB-1386 law requires the breached entity to only say that a compromise occurred. The new bill, introduced by state Democrat Sen. Joe Simitian, who also sponsored SB-1386, is now up for approval in the state Assembly. — DK
 

Unencrypted laptop with 1 million SSNs stolen from state

Dan Kaplan April 24, 2009

The Oklahoma Department of Human Services is notifying more than one million state residents that their personal data was stored on a laptop that was stolen while in possession of an agency employee.
 

Despite downturn, IT security spending to increase

Angela Moscaritolo April 13, 2009

Management increasingly is recognizing security as a top business priority, which is resulting in higher budgets for some organizations despite the economic slowdown, according to a new survey.
 

Microsoft report shows scareware, file-fomat bugs on rise

Dan Kaplan April 08, 2009

So-called scareware programs top the list of internet threats, according to Microsoft's sixth Security Intelligence Report.
 

Report: U.S. power grid hit by hackers

Dan Kaplan April 08, 2009

Foreign spies have penetrated the U.S. power grid, and left behind malicious software that could be activated at a later date to disrupt the nation's electric system, according to a published report.
 

Tenn. welfare worker charged

Angela Moscaritolo April 07, 2009

A former child support services worker in Tennessee was arrested after selling the personal information of approximately 1,600 people to an undercover state crime investigator. Steven Gilmore, 27 of Nashville worked for Policy Studies, a private company that operates child support programs, where he had access to personal data. A federal criminal complaint alleges that on three occasions Gilmore sold a total of 35 names, birth dates, and Social Security numbers, according to a news release from the Tennessee Bureau of Investigation. — AM
 

Hannaford ruling coming

Dan Kaplan April 06, 2009

A U.S. District Court judge is set to decide this week whether Hannaford Bros. supermarket chain can be held liable for a 2008 breach that exposed some 4.2 million credit and debit card numbers. According to a report Thursday in the Portland (Maine) Press Herald, the company was sued by plaintiffs from several states, and the complaints were consolidated last summer into one lawsuit. Judge D. Brock Hornby will decide whether to certify the case as a class action, which would allow the suit to move toward trial. — DK
 

Cyberspace: An environment of inevitability for federal agencies

Gary McAlum, senior manager, Deloitte & Touche April 01, 2009

Success in today's cybersecurity environment of inevitability will require a multidisciplinary approach and the critical success factor is leadership.
 

Latest News

« Previous
Next »
Popular Topics
Analyst Reports & Industry Surveys Anti Spam Anti Spyware Anti Virus Apple Threats Application Security Breaches & Exposures Browser Flaws Browsers And Security CAN-SPAM Act Data Loss Prevention Endpoint Protection Facebook Government Industry Surveys Lawbreakers & Cybercrime Malware Mobile Endpoint Security Privacy Privacy Regulation Social Networks Spam Spam Techniques Trojans Vulnerabilities & Flaws