Dimitry Belorossov, a/k/a Rainerfox, has been sentenced to four years, six months in prison following his guilty plea for conspiring to commit computer fraud. Belorossov distributed and installed Citadel, a sophisticated malware that infected over 11 million computers worldwide, onto victim computers using a variety of infection methods. According to U.S. Attorney Horn, the…
Category: Of Note
Patreon Hacked: Some User Information Compromised (UPDATE: Data Dumped?)
Brady Dale reports: Another company has been hacked, but this time it’s one that’s working to help creative people support their work and keep the lights on as they do so: Patreon. The company facilitates ongoing, recurring payments to creative people or projects as a way of showing support for what they do. Jack Conte, CEO…
Watchdog: Top Secret Service official wanted information about Chaffetz made public
Shades of J. Edgar and dirty politics! I’m classifying this as a privacy breach and also an infosec breach as these data were supposed to be protected. Carol D. Leonnig and Jerry Markon report: The Secret Service’s assistant director urged that unflattering information the agency had in its files about a congressman critical of the service should be made public,…
Trump International Hotel & Tower Las Vegas notifying customers that malware was present in payment card system for more than one year (UPDATE 1)
Norton Rose Fulbright, a law firm representing The Trump Hotel Collection, is sending out notifications to customers who used a payment card at Trump International Hotel & Tower Las Vegas between May 19, 2014, and June 2, 2015. They write: Although an independent forensic investigation has not conclusively determined that any particular customer’s payment card information was taken…
Does the FTC really assess compliance with consent orders? If so, how well?
Add this analysis and commentary by Chris Hoofnagle to your must-read list. Assessing the Assessments When companies settle FTC charges, they often agree to extended periods of oversight by the Agency. The FTC requires companies to be regularly assessed by an outside firm during the oversight period. In my forthcoming book, I argue that this assessment…
The disappointing truth about data privacy and security
Ben Rossi writes: Cloud providers boast compliance to the highest security standards, including state-of-the art physical protection of hosting facilities, electronic surveillance and ISO 27001 certifications, to name a few. While such efforts may sound impressive, in reality they offer absolutely no defence to enterprises seeking a security model that cannot be owned, and provide…