Brian Krebs reports: The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures: According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information. Several files being…
Category: Of Note
German Constitutional Court Rejects the Extradition of “World’s #2 Hacker” to US
Germany’s top court won’t agree to extradite an alleged hacker to the U.S. until it is assured the hacker won’t face a “disproportionate” sentence, if convicted. The Associated Press reports that the Federal Constitutional Court overturned a lower court’s approval of Ercan Findikoglu’s extradition: It said Frankfurt’s regional court needs to obtain assurances from U.S. authorities that…
Report: FIN4 Hacker Group Targets Pharma Execs For Insider Edge On Stock Market
Angelo Young reports: A group of financially savvy computer hackers has been stealing data from more than 100 organizations, mainly targeting publicly traded health care, pharmaceutical and biotechnology companies, to gain insider knowledge and game the stock market. The news underscores the vulnerabilities of corporate computer networks and the many ways that cybercriminals use low-tech “social…
Italy: Garante introduces ‘progressive’ mandatory breach notification
DataGuidance reports: The Italian Data Protection Authority (Garante) issued, on 26 November 2014, its general resolution on biometrics (‘the Resolution’), which includes a new 24-hour data breach notification obligation. The requirement was introduced a means of balancing the new simplified rules on authorisation for use of biometrics which will no longer require the Garante’s prior…
Data Security Auditor May be Drawn Into Data Breach Class Action for Failing to Identify Vulnerabilities
DrinkerBiddle reports a development in Storm v. Paytime, Inc., No. 14-cv-01138-JEJ (M.D. Pa.): In August, Paytime, Inc., a payroll services company, moved to dismiss a putative class action filed in the wake of a data breach in which the personal and financial information of more than 230,000 people was compromised. Paytime argued that the plaintiffs lack standing, have failed to plead…
Regin: Top-tier espionage tool enables stealthy surveillance
Symantec reports: An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities…