RiskBased Security reports: We are pleased to release our Data Breach QuickView report that shows that 2014 is on pace to replace 2013 as the highest year on record for exposed records, and the recently reported exposure of 1.2 billion email addresses and user names has not been included. The 1331 incidents reported during the first half…
Category: Commentaries and Analyses
Is your firm violating the Data Protection Act or begging for a hack of its Twitter account? (updated)
ThreeUK, who claim to have a 45% share of all mobile traffic in the UK, has a social media presence on Facebook and Twitter. They also have a dangerous practice of requesting customers provide personal details such as full name, phone number, postcode, and date of birth via direct messages (DM) to their support team, e.g.,…
Comptroller DiNapoli: Schools Must Do More to Limit Access to Sensitive Student Databases
Yes, it’s as bad as I’ve been saying for years. Now if they will just audit the NYC Department of Education, too. Employees in six upstate New York school districts had inappropriate computer access to sensitive student data and were able to change student grades and attendance records without proper authorization, according to an audit released today…
White-hat hackers lifted 560,000 corporate passwords in 31 days. We’re all screwed.
Richard Byrne Reilly reports: The password you use to log into your company network likely sucks. That’s the maybe-not-so-astonishing revelation from a group white-hat hackers who probe for vulnerabilities in corporate networks for a living. Over the course of a year, the hackers at Trustwave attacked more than 626,000 accounts throughout corporate America and were able to successfully crack…
1.4 Million Taxpayers Exposed to ‘increased risk of fraud and identity theft’ by IRS
J.D. Tuccille writes: The geniuses at the Internal Revenue Service gave sensitive data on over a million taxpayers to a printing contractor wiout checking the bona fides of any of the contractor’s employees, says the Treasury Inspector General for Tax Administration. The news comes from a report dated last month but just released to the public. This…
SEC failed to guard sensitive information
Kevin Cirilli reports: An internal government report obtained by The Hill says the Securities and Exchange Commission has failed to properly guard sensitive nonpublic information. [READ INSPECTOR GENERAL REPORT.] The report from the SEC’s Inspector General says the agency failed to clear the room during non-public executive session votes of the five-member board. It also…