Isaac Wolf reports: A month ago, two phone carriers participating in a federal benefit program were alerted that sensitive customer records, including Social Security numbers and bank-account records, were freely posted online. Now, Oklahoma-based TerraCom Inc. and affiliate YourTel America Inc. — the companies that collected the records — say they don’t plan to notify…
Category: U.S.
Proxy advisory firm settles SEC charges over data breach: info for concert tickets and meals deal incurs $300,000 fine
Sarah N. Lynch reports: Institutional Shareholder Services has settled civil charges by U.S. regulators that an employee of the prominent proxy advisory firm shared nonpublic voting data in exchange for meals and concert tickets. The Securities and Exchange Commission said on Thursday that ISS, a unit of MSCI Inc, will pay a $300,000 penalty and…
Vendini hacked; customers’ credit card numbers possibly accessed
Krister Rollins reports: The Maine Attorney General’s office is issuing an alert for people who may have used an out-of-state service for buying tickets for shows and other forms of entertainment recently. The service, Venidini (sic), Inc., has been hacked, exposing financial information for tens of thousands of customers. Vendini sent a letter to Maine’s…
Data breach puts DHS employees at risk of identity theft
Jason Miller reports: Tens of thousands of current and former Homeland Security Department employees are at risk of identity theft after officials discovered a vulnerability in the vendor’s system for processing background investigations. All DHS employees working in the headquarters office, for the Customs and Border Protection and for the Immigration and Customs Enforcement components…
Blaming the discoverer of a breach probably not a wise move
More on the Lifeline breach involving TerraCom and its affiliate YourTel America: Scripps Howard News Service has its report on the breach here, and has also published a companion piece with video of how they discovered the breach. As reported previously, Scripps reports that when notified of the leak, TerraCom had accused Scripps of accessing…
Who – if anyone – is responsible for notifying victims of some breaches?
I’ve blogged a number of times about how although law enforcement may uncover breaches or data theft, the victims often do not get notified in a timely fashion – if at all. Here are just a few scenarios where no one may notify people whose data have been stolen: Law enforcement discovers a handwritten list…