Gareth Halfacree reports on a somewhat atypical breach with a poor incident response by Cool Components: Hobbyist electronics specialist Cool Components has been hit with an apparent data breach in which persons unknown have made off with its customer email list – but the company claims its investigation has turned up no evidence of security issues….
Month: February 2016
Wakey, Wakey: Breached Credit Union Comes Out of its Shell
From the we-tried-to-notify-you dept. Brian Krebs reports: Notifying people and companies about data breaches often can be a frustrating and thankless job. Despite my best efforts, sometimes a breach victim I’m alerting will come away convinced that I am not an investigative journalist but instead a scammer. This happened most recently this week, when I told a California credit…
Restitution amount must reflect complete accounting of intended loss: court
There’s an update to an insider breach case previously noted on this site involving a former employee of Citadel LLC and Tradeworx Inc. An opinion out of the 7th Circuit Court of Appeals may offer some small measure of hope to defendants in CFAA cases when it comes to restitution for theft of proprietary information and costs of…
RubberStamps.net, Incipio notify customers of breaches
While uKnowKids had a somewhat despicable disclosure of their breach that involved shooting the messenger, here are two positive examples of breach disclosures I came across this week: RubberStamps.net notified about 7,000 customers that its web site was compromised between November 3, 2015 to December 11, 2015. In a well-written letter, Scott Lee, the President and CEO, Superior Labels, Inc. explained that…
Thieves Are Using Ransomware Programs to ‘Kidnap’ People’s Data Until They Pay
John Dyer has a report on ransomware with some interesting statistics: An October study by Cisco Systems’ Talos security unit estimated that unnamed hackers using Angler Exploit — just one of a handful of commonly used ransomware bugs — netted $60 million annually. In December, a Kaspersky Lab report found that ransomware infections doubled last year compared to 2014….
Operation Blockbuster Coalition Ties Sony, Other Destructive Attacks to Lazarus Group
Michael Mimoso reports: The nation-state sponsored hacker group allegedly behind the 2014 attack against Sony Pictures Entertainment has been linked to similar intrusions against a number of companies in South Korea including the Dark Seoul and Operation Troy attacks. A coalition of security companies called Operation Blockbuster, including Kaspersky Lab, Novetta, AlienVault, Invincea, ThreatConnect, Volexity, Symantec,…