Carey Docter reports: The University of Wisconsin-Parkside notified approximately 15,000 students on Thursday, March 27th of the potential exposure of personal data. Notifications were sent to the most recent email and U.S. mail addresses on file. The data that is potentially at risk includes names, addresses, telephone numbers, email addresses, and Social Security numbers of students who…
Category: Malware
Pointer: Senate Commerce report on Target data breach
The Senate Committee on Commerce, Science, and Transportation released its report, “A “Kill Chain” Analysis of the 2013 Target Data Breach.” The report was prepared by the majority staff for Chairman Rockefeller.
Rosenthal Wine Shop discloses malware may have compromised customers’ payment card info
In response to a breach discovered on January 12, Rosenthal Wine Shop (Castle Creek Properties, Inc., dba Rosenthal the Malibu Estates) is notifying customers that malware may have compromised their payment card information: We recently learned that unauthorized individuals or entities installed malicious software on computer systems used to process credit card transactions at the Rosenthal wine…
Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It
I finally got around to reading this fascinating report by Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack for Bloomberg Businessweek. This goes far beyond other media coverage about how Target “missed” or “ignored” FireEye alerts and really gives more details of how the breach occurred.
Security firm report says Target data hack was low tech
Jennifer Bjorhus reports: The U.S. Secret Service has called the criminals behind Target Corp.’s monster security breach well-organized, “highly technical” and “sophisticated.” But cybersecurity firm McAfee Inc. said in a report out Monday that the heist was anything but exotic, describing the attack as a Breach 101 operation. The thieves used easily modified off-the-shelf malware, common methods…
Notice of Data Security Event – City of Pleasantville, New Jersey
On October 8, 2013 the City of Pleasantville (“Pleasantville”) discovered that a computer used by a Pleasantville employee was infected with malware. Pleasantville commenced an internal investigation into this incident. Pleasantville retained independent, third-party forensics experts to confirm the extent of this malware intrusion and to assist in remediating the issue. Pleasantville retained privacy and…