Risk Based Security and the Open Security Foundation released a report this morning, Data Breach QuickView: An Executive’s Guide to Data Breach Trends in 2012. The report summarizes some of the major statistics for 2012, based on analysis of the incidents compiled in OSF’s DataLossDB. As most readers know by now, I am involved in…
Category: Commentaries and Analyses
Do Merchants That Outsource Payment Processing Still Have Risk From a Breach?
Craig Hoffman writes: Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk. The bakery’s letter to its customers stressed that it did not store card data on its computer systems, but the malware allowed an unauthorized person to gather card data as the…
How not to explain a breach, Sunday edition
I came across a media report on what appears to be a breach involving card numbers of guests and employees of Island Resort & Casino in Michigan. But was it their breach or not? Read the casino’s statement: We would like to address the many rumors that are in circulation regarding the harvesting of credit/debit…
Walmart: no, there’s been no breach of walmart.com
I was surprised to read a news report tonight that Walmart.com had been hacked. Part of my surprise was due to the fact that mainstream media did not have the story but a site called SandhillsExpress.com in Nebraska was reporting it: Ericka and Mike Hunt of Broken Bow were reviewing their bank account online this…
Maybe if we shout?
The food and beverage sector is the single largest segment of reported credit/debit card fraud. And it has been that way for a number of years now. Trustwave’s 2012 report said it accounted for 46.3% of reports, showing that despite efforts by card issuers and the PCI Compliance Council, consumers remain at significant risk when…
Insurance company need not defend accountant who lost sensitive client information
Having homeowner’s insurance is a good idea, but don’t count on it to protect you if your clients’ data is stolen from your property. Stephen E Wieker and Liisa M. Thomas and Winston & Strawn LLP write: The U.S. Court of Appeals for the Seventh recently ruled that Nationwide Insurance Co. has no duty to defend or…