The Senate Committee on Commerce, Science, and Transportation released its report, “A “Kill Chain” Analysis of the 2013 Target Data Breach.” The report was prepared by the majority staff for Chairman Rockefeller.
Category: Business Sector
Cerberus notifies users to reset paswords after some users’ usernames and encrypted passwords accessed
Email sent to Cerebus App users today (confirmed by Cerebus): Hi [username], Our Security Team recently discovered and blocked suspicious activity on Cerberus servers. The investigation found no evidence that your account was in any way accessed or compromised. However, the attacker(s) were able to gain access to usernames and encrypted passwords for a subset of…
How big was the Sally Beauty breach?
Although Sally Beauty acknowledges that 25,000 payment cards may have been compromised in a recently disclosed breach, Brian Krebs challenges their statement by analyzing the zip codes of card data up for sale on an underground market, rescator.so. You can read his analysis here, but the short version is that Brian speculates that all Sally Beauty…
Rockefeller: Staff Report Details Target’s Missed Opportunities to Stop Massive Data Breach
Chairman John D. (Jay) Rockefeller IV today released a staff report titled, “A ‘Kill Chain’ Analysis of the 2013 Target Data Breach.” The report details how Target possibly failed to take advantage of several opportunities to prevent the massive data breach in 2013 when cyber criminals stole the financial and personal information of as many…
Sorenson Communications notifying employees after breach at payroll vendor’s
I’ve recently seen a number of reported breaches involving unnamed payroll vendor(s). I wish notification letters would name the breached vendor(s) so we’d know if it’s the same vendor or if a bunch of payroll vendors have recently been successfully attacked. Today’s report is from Sorenson Communications, who notified U.S. Sorenson Communications and CaptionCall@ employees that…
Chicago’s Trustwave sued over Target data breach
Ooh. Trustwave has been sued for their role in the Target breach. The plaintiffs in the potential class action lawsuit are Green Bank and Trustmark Bank John Pletz reports: Although the most serious allegations are leveled at Target, the suit alleges that Trustwave failed to identify deficiencies in the retailer’s IT systems. Trustwave’s software audits companies’ IT systems…