I wish companies would heed my advice and get the bad news out at all once instead of staying in the news cycle as each new revelation hits the media. We are starting to get numbers on the hack of Nationwide Insurance and Allied Insurance that I reported here on November 17: Georgia reports 28,467…
Category: U.S.
Scripps College reports second breach this year
It has not been a great year for infosecurity for Claremont-based Scripps College, it seems. Back in July, they disclosed that an employee had been sharing student financial aid applications with an unauthorized individual on and off since 2008. The employee was not thought to have any malicious intent, but it was still a breach,…
IRS says states must encrypt electronic tax records; Governor Haley attempts to extricate her feet from her mouth (UPDATED)
UPDATE: See comment by Don Moffett below this post who notes that the Governor was actually correct and the IRS’s statement is incorrect. Governor Nikki Haley of South Carolina should stop talking about the massive databreach at the Department of Revenue and let someone who actually knows something about data security speak for the state….
Stolen thumb drives might hold personal data on Ramstein students
Jennifer H. Svan reports: The theft of five thumb drives from an unlocked vehicle may have compromised the personal information of hundreds of pupils, their parents and staff members at a Defense Department school in Germany, school officials said Wednesday. Parents of more than 900 students at Ramstein Intermediate School were notified of the possible…
Two Utah websites claim hacker attacks cost them $180K; @ItsKahuna challenges the price tag
Back at the beginning of the year, the Salt Lake City Police Department and Utah Chiefs of Police were among a number of law enforcement organizations hacked in #OpPiggyBank. A hacker whose Twitter handle is @ItsKahuna was subsequently charged in the incidents. Now John Anthony Borell is challenging the organizations’ claims about what the hacks…
Forensic report on SCDOR breach
Here’s Mandiant’s report on the breach at the South Carolina Department of Revenue. From the Executive Summary, a summary of the attack: Summary of the Attack A high level understanding of the most important aspects of the compromise are detailed below. 1. August 13, 2012: A malicious (phishing) email was sent to multiple Department of…