Worth re-visiting in light of the Supreme Court’s ruling in Spokeo v. Robins: Consumers whose personal information was accessed in a cyberattack should not have to show someone stole their identities or ruined their credit to have standing to sue the hacked company, according to a friend-of-the-court brief filed in a federal appeals court. Washington-based Electronic…
Category: Business Sector
Fur Affinity goes read-only while it strengthens security after recent attacks
First Fur Affinity posted this in their forums: It was brought to our attention last night (May 16) that someone had obtained a copy of Fur Affinity’s source code via the recent “ImageTragick” exploit in the ImageMagick library (a common server-side image processing software). This exploit was patched earlier in this month, but not before a…
UK: Tesco call centre worker fined over customer data breach
So what do you think the penalty/fine should be for an employee wilfully emailing themselves customer data that they had no business copying and taking? Jail time? A monetary penalty? Community service? Keep in mind that the defendant had to return from Lithuania to be sentenced. Sounds serious, right? BBC reports that Thomas Wengierow, 47, who…
O’Charley’s suffers payment card network compromise, notifies customers
Dave Williams reports: Diners who ate at an O’Charley’s restaurant between March 18 and April 8 may have been affected by a data breach, Georgia Attorney General Sam Olens warned Friday. Read more on Atlanta Business Chronicle. O’Charley’s statement, posted today on their web site, explains what happened and offers tips for guests to protect themselves. It appears that…
A second inadequately secured Mexican voter list exposes data on more than 2 million voters
MacKeeper security researcher Chris Vickery writes: This is just a quick note to explain that I discovered another publicly exposed Mexican database on Wednesday, May 20th. I reported it to the Mexican electoral authority (INE) that same day. Today, INE held a press conference and reported that the database has been taken offline. Their initial…
Insider breach – Shapeshift’s story
@SwiftonSecurity kept telling everyone on Twitter that we #MUSTREAD the story of what happened at Shapeshift.io. And with good reason: it’s a phenomenal account of an insider breach told with the kind of refreshing honesty that’s often missing in most breach disclosures. It also reads like a thriller. I’m going to give readers a different…