Over on Security Bistro, Linda Musthaler discusses the recently disclosed Spec’s breach and the fact that Spec’s knew about the breach but was asked not to disclose it by law enforcement. We’ve seen this many times – delays in notification so as not to interfere with a law enforcement investigation. But should there be some…
Category: Malware
RK Internet notifies customers after malware snags their information
When RK Internet (“Rural King”) became suspicious on March 7th that their web server had been compromised, they brought in forensic investigators. Those investigators discovered that malware had been injected, and for transactions that occurred between February 6 until March 12, customers names, debit or credit card number with security code and expiration date, telephone…
Possible data breach affects roughly 15K U. Wisconsin -Parkside students
Carey Docter reports: The University of Wisconsin-Parkside notified approximately 15,000 students on Thursday, March 27th of the potential exposure of personal data. Notifications were sent to the most recent email and U.S. mail addresses on file. The data that is potentially at risk includes names, addresses, telephone numbers, email addresses, and Social Security numbers of students who…
Pointer: Senate Commerce report on Target data breach
The Senate Committee on Commerce, Science, and Transportation released its report, “A “Kill Chain” Analysis of the 2013 Target Data Breach.” The report was prepared by the majority staff for Chairman Rockefeller.
Rosenthal Wine Shop discloses malware may have compromised customers’ payment card info
In response to a breach discovered on January 12, Rosenthal Wine Shop (Castle Creek Properties, Inc., dba Rosenthal the Malibu Estates) is notifying customers that malware may have compromised their payment card information: We recently learned that unauthorized individuals or entities installed malicious software on computer systems used to process credit card transactions at the Rosenthal wine…
Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It
I finally got around to reading this fascinating report by Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack for Bloomberg Businessweek. This goes far beyond other media coverage about how Target “missed” or “ignored” FireEye alerts and really gives more details of how the breach occurred.