Jason C. Gavejian writes: On January 1, 2015, Delaware employers who dispose of records which contain the unencrypted personal identifying information of employees must take steps to ensure the privacy of such information. The bill, H.B. 294, was recently signed by Delaware’s Governor Jack Markell. Delaware also enacted a companion bill, H.B. 295, in July which imposed the…
Category: Of Note
Bash bug: Shell Shocked yet? You will be … when this goes WORM
Darren Pauli reports: Much of the impact of the Shell Shocked vulnerability is unknown and will surface in the coming months as researchers, admins and attackers (natch) find new avenues of exploitation. The vulnerability, coined Shell Shocked by researcher Robert Graham, existed in the Bash command interpreter up to version 4.3 and affected scores of servers,…
Data on up to 750,000 Japan Airlines mileage club members may have leaked
Kyodo reports: Japan Airlines Co. said Wednesday that personal information on up to 750,000 JAL mileage club members may have leaked after someone gained unauthorized access to the company’s computer system The data include members’ names, addresses, birthdays and email addresses, the company said, adding that it has not confirmed the leak of passwords or…
Jimmy John’s Confirms Breach at 216 Stores
Brian Krebs reports: More than seven weeks after this publication broke the news of a possible credit card breach at nationwide sandwich chain Jimmy John’s, the company now confirms that a break-in at one of its payment vendors jeopardized customer credit and debit card information at 216 stores. […] The statement from Jimmy John’s doesn’t…
Failure to patch Oracle leaves students and kids at risk of info theft
Jake Tapper reports that some organizations still haven’t patched Oracle, leaving sensitive information at risk of hacking: This month, [researchers] found that a weakness in Oracle’s software – that the company discovered in 2012 and provided a patch for – still remains a huge vulnerability to any customer that missed or ignored that news. Seely…
Home Depot update puts number of unique card numbers possibly compromised at 56,000,000
Home Depot has issued an update on the breach disclosed earlier this month. The company reports that it has completed “a major payment security project that provides enhanced encryption of payment data at point of sale in the company’s U.S. stores, offering significant new protection for customers. Roll-out of enhanced encryption to Canadian stores will be complete…