Here’s Mandiant’s report on the breach at the South Carolina Department of Revenue. From the Executive Summary, a summary of the attack: Summary of the Attack A high level understanding of the most important aspects of the compromise are detailed below. 1. August 13, 2012: A malicious (phishing) email was sent to multiple Department of…
Category: Hack
Haley admits hacking errors; revenue chief resigns
Governor Haley has now walked back some of her more irritating claims about South Carolina’s massive data breach. Seanna Adcox of Associated Press reports: A report on a massive security breach at the South Carolina tax collection agency shows the state could have done more to protect personal information for nearly 4 million taxpayers, Gov. Nikki…
Data Breach Class Action against Popular Video Game Developer Dismissed for Failure to Plead Adequate Damages
An update on the Valve/Steam breach… Alan Pate writes: In a ruling this past Wednesday, November 14th, a Federal Judge in the Western District of Washington dismissed a class action against video game developer Valve Corporation. The class action stemmed from a November 6th, 2011 data breach of Valve’s popular online video game distribution platform,…
Breach notification done right? (Nationwide hack, updated)
I spend a lot of time criticizing breach notifications, so it’s nice when I can occasionally point to a positive example. Without considering whether the breach could have been prevented, consider this notification letter from Nationwide Insurance, dated November 16: We want to make you aware that a portion of our computer network was criminally…
Adobe investigates alleged customer data breach (updated)
Jeremy Kirk: Adobe said Wednesday it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database. The information was released on Tuesday on Pastebin by a self-proclaimed Egyptian hacker named “ViruS_HimA.” The hacker, who claimed the database accessed holds more than 150,000 records, posted…
Za: PayGate confirms credit breach
Bianca Capazorio reports on a payment processor breach in South Africa that occurred back in August but is first being acknowledged this week by the firm, PayGate: The Payments Association of SA (Pasa) said on Friday that “the card data emanating from these online transactions seems to have been stored in a manner which does…