Steve Ragan reports: The LinkedIn compromise has been linked to a number of confirmed incidents where data exfiltration has taken place. It’s possible these incidents are only the tip of the iceberg though, as many of the organizations compromised are service providers with access to customer networks. […] Multiple industry sources have shared additional details…
Category: Commentaries and Analyses
UK: Firms face £20million fines for losing your private data: Report also says firms’ bosses should be penalised if businesses suffer a date breach
Ian Drury and James Solomon report: Companies will face fines of up to £20million if they lose customers’ personal data in cyber-attacks. A damning report by MPs called for watchdogs to be given the ability to hammer firms in the pocket if they fail to safeguard sensitive information. Bosses should also be penalised if their…
The week in security: Breach costs arrested but CISOs risk the axe over reporting
David Braue reports: The latest study of data-breach costs found Australian businesses bucking global trends by driving down the average cost of data breaches. There was little shelter for CISOs however, with warnings that they could increasingly risk losing their jobs if they can’t improve their reporting of security postures before the breaches happen. Might be time to not…
To the anonymous researchers who contacted me
Several weeks ago, I reported that some researchers had contacted me anonymously to give me a slew of vulnerabilities they had uncovered in their research. As a result of the FBI’s over-the-top raid on Justin Shafer, they had become scared of trying to notify entities of what they had found. They left it up to me to decide…
Equifax service remains mum about client reports of tax refund fraud
Back in April, DataBreaches.net noted that Stanford University was notifying its employees about tax refund fraud. The fraud appeared to result from perpetrators downloading employees’ W-2 information from the university’s vendor, W-2 Express, and then using the info to file fraudulent returns. W-2 information typically includes an employee’s name and address, their wage and salary information, as well…
IE: Civil Service payroll system to be audited following data breach
Elaine Edwards reports that PeoplePoint, the payroll service for about 31,000 Irish civil servants, is being audited in the wake of two breaches and other complaints. A November, 2015 breach was previously reported on DataBreaches.net, as was a more recent one in April. Edwards reports: Since PeoplePoint’s introduction [in 2013], there have also been reports…