Jose Pagliery reports: Banks have lost so much consumer information to hackers this year that two members of Congress are asking them to come clean with the extent of the damage. Tuesday morning, 16 financial institutions will receive letters from Sen. Elizabeth Warren and Rep. Elijah E. Cummings asking them to admit that they have…
Category: Commentaries and Analyses
The hotly disputed black magic of data breach cost estimates
Robert Hackett reports: A single stolen customer record costs probably somewhere between $0.58 and $201. What’s the best model? A few weeks ago Fortune visited a law firm where one partner lamented the quality of cost estimates for big companies suffering data breaches—a vital consideration for businesses seeking to manage their risk and score reasonably priced insurance…
Point-of-Sale vendor has used the same admin password for 25 years
Alan Martin reports: A major vendor of point-of-sale terminals has not changed the default passwords used on its devices in a quarter of a century, researchers have revealed at RSA 2015. The firm was not named during the presentation by Charles Henderson and David Byrne for security reasons, but it is said to be a widely used manufacturer. Although…
Oregon state data center security flaws found in 2012 still not fixed
Hillary Borrud reports: Three years after state auditors identified security weaknesses at Oregon’s main data center in Salem, the state has yet to fix some of the problems. The vulnerabilities were outlined in a secret March 2012 letter to Michael Jordan, who, at the time, was director of the Department of Administrative Services, which manages…
The long road to catching “Bitcoin Baron,” the “Internet’s most inept criminal”
Jack Smith IV has a piece on Randall Charles Tucker (a/k/a “Bitcoin Baron”), who was recently arrested. Smith’s piece includes a recap of some of Tucker’s attacks on sites, but also includes chat transcripts that give insight into his thinking and behavior. The Observer article will be of interest to those interested in the motivation and…
Samsung ‘investigating’ claims of fingerprint hack on Galaxy S5
Alex Hern reports: Samsung is “investigating” claims from security researchers that hackers can steal copies of fingerprints from the company’s 2014 flagship Galaxy S5 smartphone, as well as other Android devices, by exploiting a weakness in the operating system’s handling of biometric data. According to security firm FireEye, Android fails in its attempts to render fingerprint…