Joanna Smith reports from Ottawa: An internal investigation at the Office of the Auditor General found that about 22 per cent of the encrypted USB drives entrusted to employees were lost, according to newly released documents. […] “The management of these USB drives was not strictly enforced. Employees were given IT Security information sessions on…
Category: Commentaries and Analyses
Data Breaches Hit Half of America: Verizon Report
David Morrison writes: Almost half of all American consumers (45%) said data security breaches have compromised their personal payment information or that of a household member, according Verizon’s 2015 PCI Compliance Report. The document suggested credit unions and other card issuers might suffer damage from card security breaches until consumers start using payment cards with embedded…
“University of Racism” hacked; will others go after U. of Oklahoma student records?
“Because none of them seem to give a shit…” – a hacker commenting on the lack of response to notifying the U. of Oklahoma that he had hacked them. This blogger has repeatedly lamented the generally inadequate data security in the education sector and the fact that no federal agency actually enforces data security at the post-secondary…
Adventures in breach alerts, Saturday edition
If you’re going to misdirect a fax containing personal information, you probably don’t want to misdirect it to a security firm with a blog. SLC Security reports that they received faxes from William Farrell, CPA of Cary, NC containing what appeared to be payroll information. When they tried to contact the firm using the contact email prominently posted on the firm’s…
Saving Private Files: what extortionists demand for decrypting user data
Kaspersky Lab writes: Computer users in many countries are increasingly falling victim to so-called encryption malware – programs that encrypt important data on infected computers and then demand a ransom to decrypt it. In 2014, over 7 million attempts to carry out such attacks were made against Kaspersky Lab users alone. Kaspersky Lab experts have…
Court’s Interpretation of Merchant Services Agreement Limits Retailer’s Liability to Card Brands for Data Breach
Gregory Bautista and Melissa Ventrone of Wilson Elser write: On January 15, 2015, the U.S. District Court for the Eastern District of Missouri ruled that fees, assessments and costs imposed by the credit card brands on Schnuck Markets, Inc. (Schnuck), a grocery chain estimated to have had 2.4 million customers’ credit and debit card information compromised by…