Priya Anand reports: Criminals are exploiting a vulnerability in about 87,000 e-commerce websites that puts information including customers’ stored credit-card data at risk. The online shopping websites were susceptible to a chain of weaknesses on the platform Magento, which runs on about one-third of online shops, as of Friday morning, according to the Tel Aviv,…
Category: Commentaries and Analyses
Connecticut state law reveals huge extent of data privacy losses
Mackenzie Rigg reports that since a Connecticut law requiring breaches be reported to the Attorney General was enacted on Oct. 1, 2012, more than 1,100 reports have been made to Attorney General George Jepsen’s office, including 445 in 2013 and 447 in 2014. Read more on News Times about the types of breach reports the state has…
Out of prison and off the Internet
Remember Higinio Ochoa (“w0rmer” or @Anonwormer) of Cabin Cr3w? This site had reported on some of their hacking activities back in the day. “Back in the day” meaning before Ochoa was arrested and went to prison. Alex Goldman has a story on Digg about Ochoa’s life as an offline programmer following his release from prison. You young…
Congress to banks: Admit you’ve been hacked!
Jose Pagliery reports: Banks have lost so much consumer information to hackers this year that two members of Congress are asking them to come clean with the extent of the damage. Tuesday morning, 16 financial institutions will receive letters from Sen. Elizabeth Warren and Rep. Elijah E. Cummings asking them to admit that they have…
The hotly disputed black magic of data breach cost estimates
Robert Hackett reports: A single stolen customer record costs probably somewhere between $0.58 and $201. What’s the best model? A few weeks ago Fortune visited a law firm where one partner lamented the quality of cost estimates for big companies suffering data breaches—a vital consideration for businesses seeking to manage their risk and score reasonably priced insurance…
Point-of-Sale vendor has used the same admin password for 25 years
Alan Martin reports: A major vendor of point-of-sale terminals has not changed the default passwords used on its devices in a quarter of a century, researchers have revealed at RSA 2015. The firm was not named during the presentation by Charles Henderson and David Byrne for security reasons, but it is said to be a widely used manufacturer. Although…