Jennifer Bjorhus reports: The U.S. Secret Service has called the criminals behind Target Corp.’s monster security breach well-organized, “highly technical” and “sophisticated.” But cybersecurity firm McAfee Inc. said in a report out Monday that the heist was anything but exotic, describing the attack as a Breach 101 operation. The thieves used easily modified off-the-shelf malware, common methods…
Category: Commentaries and Analyses
Experian Lapse Allowed ID Theft Service Access to 200M Consumer Records – Krebs
Brian Krebs writes: In October 2013, KrebsOnSecurity published an exclusive story detailing how a Vietnamese man running an online identity theft service bought personal and financial records on Americans directly from a company owned by Experian, one of the three major U.S. credit bureaus. Today’s story looks deeper at the damage wrought in this colossal misstep by one…
No consensus on notifying victims of data breaches, but I have a few thoughts
Eric Tucker of Associated Press reports: The data breach at Target Corp. that exposed millions of credit card numbers has focused attention on the patchwork of state consumer notification laws and renewed a push for a single national standard. Most states have laws that require retailers to disclose data breaches, but the laws vary wildly….
Behind The Scenes—What One Major University Learned After A Data Breach
Jeanne Price of idRADAR interviewed a University of Maryland spokesperson about their recent breach. The interview provides a nice insider’s perspective on breach response, and you may wish to read it all here. Perhaps the most startling revelation was this one: UMD did not have a data breach crisis plan in place before the event,…
NY: Audit of Frontier Central School District finds inadequate security and policies for mobile devices
An audit of Frontier Central School District by the Office of the New York State Comptroller was released yesterday. The audit covered the period July 1, 2010 — August 22, 2013 and included audit of mobile device use and security. As background: there are six schools in operation within the District, with approximately 5,100 students and 1,000 employees. The…
How the feds brought down a notorious Russian hacker
Donna Leinwand Leger and Anna Arutunyan report: Sasha Panin called himself “Gribodemon,” and his evil works in the world of cybercrime have bedeviled millions. Panin is a 20-something Russian computer whiz who until a few years ago lived in obscurity with his grandmother in this struggling riverside city. Working from a Moscow apartment, federal prosecutors…