A reader sent in this breach notification he received yesterday. Stay with it because although it starts out talking about the security of their recipes and how important accuracy is to them, eventually they get around to notifying people that their names, dates of birth, street and e-mail addresses, and passwords may have been accessed…
Category: Breach Types
Franchises from at least three national pizza chains hacked (update2)
Scott Thomas Anderson reports: The rampant hacking of credit cards and ATM accounts that has hit Amador County is partly the result of “malicious software” installed at a Martell business, according to investigators from Amador County Sheriff’s office. Worse yet, six months of online victimization may not be over for some locals, particularly for those…
Out of sight, but not out of court
I’ve been busy recently, backfilling DataLossDB.org. I’m currently working on 2007 (because who wants to tackle 2008 until we have to, right?). In the process, I’ve been reminded of some breaches that most of us probably never paid much attention to or followed up on. As a case in point, consider this entry in my…
San Jose federal grand jury indicts alleged computer hacker (updated)
Howard Mintz reports: A federal grand jury on Thursday indicted an alleged computer hacker who is accused of trying to extort $1 million from a Redwood City-based online company by stealing its private data and threatening to release it publicly. In a three-count indictment handed up in San Jose federal court, prosecutors allege Chetan Suresh…
Senator Leahy introduces Personal Data Privacy and Security Act of 2011
Senator Leahy has introduced the Personal Data Privacy and Security Act of 2011. I haven’t had time to read it yet, but just skimming it, I some good provisions in there, but I also see two immediate concerns: 1. It appears to apply only to electronic data (not paper records), and 2. The definition of…
Readers question whether Epsilon breach was really names and email addresses only (updated to include response from Epsilon)
From comments under another blog entry, it seems clear that a lot of people are not believing Epsilon’s assurance that the breach involved names and email addresses only. I received the following email, which I am reproducing except for redacting the name of the sender and the name of the Epsilon employee and their phone…