Out-Law.com reports: Businesses should not need to notify consumers that their personal data has been lost or stolen if the data has been encrypted, EU ministers have said. Ministers in the Justice and Home Affairs Committee of the EU’s Council of Ministers backed the plans as part of a wider partial agreement reached last week on…
Category: Of Note
Kmart discovers it was breached in September; discloses breach in SEC filing (UPDATED)
Danny Yadron of the Wall Street Journal just tweeted that Kmart has disclosed a data breach in its SEC filing. Indeed, they have: On October 9, Kmart’s Information Technology team detected Kmart’s payment data systems had been breached and immediately launched a full investigation working with a leading IT security firm. The investigation to date indicates…
Dairy Queen update: almost 400 locations affected by Backoff malware
The Dairy Queen breach, first reported in August, is back in the news this week as more details emerged. In a statement issued yesterday, they write (emphasis added by me): International Dairy Queen, Inc. recently learned of a possible malware intrusion that may have affected some payment cards at certain DQ® locations and one Orange Julius® location…
Working Paper: Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005‐2014
Frederik Borgesius made me aware of this paper of note: Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005‐2014 Philip N. Howard CMDS Working Paper 2014.1 Center for Media, Data and Society School of Public Policy Central European University October, 2014 From the Executive Summary, the major findings over the past…
Huge Data Leak at Largest U.S. Bond Insurer
Brian Krebs writes: On Monday, KrebsOnSecurity notified the Municipal Bond Insurance Association — the nation’s largest bond insurer — that a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data. Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to…
Vulnerable Disclosures obtains information on 10 banks breached
Vulnerable Disclosures – a blog that seems to be re-posting some of my work from here and from PHIprivacy.net without any permission or even attribution – posted this: Russian hackers have posted information on 10 US banks that have been breached in the past week and a half and are threatening to post additional information. Vulnerable Disclosures…