Statement from the U.S. Attorney’s Office for the Northern District of California on the “Paypal13:” Thirteen defendants pleaded guilty in federal court in San Jose yesterday to charges related to their involvement in the cyber-attack of PayPal’s website as part of the group “Anonymous,” United States Attorney Melinda Haag announced. One of the defendants also…
Category: Commentaries and Analyses
JPMorgan Chase breach update: pile on…
The JPMorgan Chase Ucard breach reported previously on this blog affects residents of numerous states. As such, not only do I expect to see lawsuits filed, but state attorneys general will likely jump into the act to protect their respective residents. Did JPMorgan Chase promptly notify their residents and are they offering enough remediation and…
NYS Comptroller finds IT security deficits in towns of Babylon and Salina
Every so often I post audit reports from the NYS Comptroller’s Office. Last week, the office posted two completed audits worth noting here: The Town of Babylon was audited for the period January 1, 2011 — July 31, 2012. In addition to significant concerns about the town’s financial health conditions and other matters, one of…
Over half of Austin, Texas departments don’t even have policies on collecting, storing, or accessing PII – city auditors
Summary from Protection of Personally Identifiable Information (PII) Audit by City of Austin auditors (November 2013): The objective of this audit was to evaluate the process for protecting PII that is collected and/or stored by the City. The audit scope included the City’s policies and procedures related to the protection of PII for Fiscal Year…
Payment Card Industry Security Standards Council Issues Updates to Data Security Standard
Earlier this month, the Payment Card Industry Security Standards Council (PCI SSC) released Version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS), which includes several enhanced security requirements that will affect how businesses protect payment card data in their systems. The updated standard calls upon businesses to take a more active role in…
Update: Arrest in Sachem schools data breach (update1)
There has been another development in a data breach involving the Sachem Central School District on Long Island (previous coverage here and here). As I commented previously, it sounded to me like they suspected an insider breach but it wasn’t clear if it was an employee or a student hacker they suspected. Well, now we…