Ellen Messmer reports: An in-depth study of data-breach problems last year where hackers infiltrated 312 businesses to grab gobs of mainly customer payment-card information found the primary way they got in was through third-party vendor remote-access applications or VPN for systems maintenance. “The majority of our analysis of data-breach investigations — 76% — revealed that the third-party responsible for…
Category: Commentaries and Analyses
More breaches caused by staff than hackers
From InfoSecurity: The 2012 data protection survey undertaken by the Irish Computer Society (ICS) shows that a higher number of data breaches are the result of internal failures and lack of awareness than are the result of external theft. The survey involved more than 300 Irish IT administration and management staff and was undertaken in…
Hungarian citizen who attempted to extort Marriott International into giving him a job sentenced to prison
As an update to a case previously mentioned on this blog, Dow Jones Newswire reports that Attila Nemeth has been sentenced to 30 months in prison for attempting to extort Marriott International into giving him a job by illegally acquiring their confidential propietary data. Nemeth, who arguably should be considered for a role in any reality…
Hacked companies still not telling investors
Joseph Menn reports that despite SEC guidance, companies that have been hacked are still not disclosing breaches to their investors. Read more on Reuters.
MD: Social Security, some credit card numbers were stored on public USM server
Andrew Ujifusa reports: The University System of Maryland until recently had been storing information, including Social Security and some credit card numbers, of thousands of prospective students on a server that the public can access, according to a state audit this week. The revelation was among seven findings from a study conducted by the General…
Study Examines the Aftermath of Data Breaches
A press release from Experian Data Breach Resolution and the Ponemon Institute: Nearly everyday consumers willingly provide their personal information to organizations online with no hesitation, neglecting to realize how that information can be exposed due to employee negligence, insider maliciousness, system glitches or attacks by cyber criminals. With Data Privacy Day (Saturday, January 28) right…