Update: leaked login credentials claimed to be associated with Dropbox accounts are not Dropbox accounts, according to Dropbox. Rose Troup Buchanan reports: Hundreds of passwords to Dropbox accounts have been leaked in the latest security breach, with hackers threatening to release millions more account details in exchange for Bitcoin. Hackers, who were apparently able to access logins and…
Category: Of Note
Businesses should not need to publicize personal data breaches if data is encrypted, say EU ministers
Out-Law.com reports: Businesses should not need to notify consumers that their personal data has been lost or stolen if the data has been encrypted, EU ministers have said. Ministers in the Justice and Home Affairs Committee of the EU’s Council of Ministers backed the plans as part of a wider partial agreement reached last week on…
Kmart discovers it was breached in September; discloses breach in SEC filing (UPDATED)
Danny Yadron of the Wall Street Journal just tweeted that Kmart has disclosed a data breach in its SEC filing. Indeed, they have: On October 9, Kmart’s Information Technology team detected Kmart’s payment data systems had been breached and immediately launched a full investigation working with a leading IT security firm. The investigation to date indicates…
Dairy Queen update: almost 400 locations affected by Backoff malware
The Dairy Queen breach, first reported in August, is back in the news this week as more details emerged. In a statement issued yesterday, they write (emphasis added by me): International Dairy Queen, Inc. recently learned of a possible malware intrusion that may have affected some payment cards at certain DQ® locations and one Orange Julius® location…
Working Paper: Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005‐2014
Frederik Borgesius made me aware of this paper of note: Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005‐2014 Philip N. Howard CMDS Working Paper 2014.1 Center for Media, Data and Society School of Public Policy Central European University October, 2014 From the Executive Summary, the major findings over the past…
Huge Data Leak at Largest U.S. Bond Insurer
Brian Krebs writes: On Monday, KrebsOnSecurity notified the Municipal Bond Insurance Association — the nation’s largest bond insurer — that a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data. Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to…