Sally Beauty has updated its report on a security breach first disclosed by security researcher Brian Krebs: In a new statement on their website, they write: As we previously stated on March 5th, our systems detected an unauthorized attempted intrusion into our Sally Beauty Supply LLC network. At the time of this discovery, we immediately…
Category: Hack
Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It
I finally got around to reading this fascinating report by Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack for Bloomberg Businessweek. This goes far beyond other media coverage about how Target “missed” or “ignored” FireEye alerts and really gives more details of how the breach occurred.
Be Careful Beating Up Target (Part 1)
Craig Carpenter of AccessData writes: A flurry of stories surfaced this week, including those in Bloomberg BusinessWeek and InformationWeek, highlighting signals of compromise that Target apparently “missed” or even “ignored”, resulting in the theft of 40 million credit card accounts. Clearly the Target breach was serious and wide-ranging, as it affected a large number of customers and even hit…
University of Central Oklahoma discloses hack, notifying those affected
From their website (h/t, KFOR): Letter to the UCO Community – March 13, 2014 Dear UCO Community Member, On March 12, 2014, the University of Central Oklahoma discovered a breach of sensitive personal information due to unauthorized access to information stored on one of our servers. Some members of the university community are being directly…
MI: More Credit Card Info. Compromised at Montcalm County Market
A breach involving Carson Village Market, reported previously on this blog, continues to result in new fraudulent charges on customers’ cards, and customers who used their card since January 1 are now being advised to cancel their cards. WOOD has the story.
Courts Reining In What it Means to be a “Hacker” Under the Computer Fraud and Abuse Act (CFAA)
Ralph C. Losey of Jackson Lewis writes: The Computer Fraud and Abuse Act (“CFAA”) is an anti-hacker statute that prohibits unauthorized access, or the exceeding of authorized access, of computers connected to interstate commerce. 18 U.S.C. § 1030. Violators are subject to both criminal and civil liability. Employers have long taken advantage of the CFAA’s civil remedies to “sue former employees…