Jennifer Bjorhus reports: The U.S. Secret Service has called the criminals behind Target Corp.’s monster security breach well-organized, “highly technical” and “sophisticated.” But cybersecurity firm McAfee Inc. said in a report out Monday that the heist was anything but exotic, describing the attack as a Breach 101 operation. The thieves used easily modified off-the-shelf malware, common methods…
Category: Of Note
Experian Lapse Allowed ID Theft Service Access to 200M Consumer Records – Krebs
Brian Krebs writes: In October 2013, KrebsOnSecurity published an exclusive story detailing how a Vietnamese man running an online identity theft service bought personal and financial records on Americans directly from a company owned by Experian, one of the three major U.S. credit bureaus. Today’s story looks deeper at the damage wrought in this colossal misstep by one…
AU: Asylum seeker data breach triggers court battles
Breaches have consequences. Bianca Hall reports further developments in a breach previously noted on this blog: The federal government will be forced to simultaneously fight dozens of court appeals later this month following a privacy breach, with about 40 asylum seekers preparing to launch appeals against their deportation in the Federal Circuit Court. The asylum…
Victim of 2012 hack, British Pregnancy Advice Service fined for violating the Data Protection Act (Updated)
Some breaches are potentially much more harmful than others. A March 2012 hack involving the British Pregnancy Advice Service (BPAS) fell into that group, and I was so concerned about the breach and the threatened data dump that on Twitter, I publicly called out members of Anonymous for sitting back and not speaking up to try to dissuade…
KR: Personal data of 12 million KT customers stolen: police
Yonhap News Agency reports a hack affecting almost three-fourths of KT Corporation (formerly known as Korea Telecom)’s customers: Three people, including a telemarketer, were arrested in connection with the case, the Incheon Metropolitan Police Agency said. The leaked information included victims’ names, resident registration numbers, places of employment and bank account details. Police believe the…
AvMed Data Breach Class Action Settlement Gets Final Approval – Payment To Be Made To Class Members Who Did Not Experience ID Theft
Mark S. Melodia, Steven Boranian, Frederick Lah and Melissa A. Geist comment on the AvMed breach lawsuit settlement. The AvMed breach involving a stolen laptop with unencrypted information on 1.2 million people and lawsuit have been mentioned numerous times on the companion PHIprivacy.net blog (coverage linked from here). Last week, a judge for the Southern District…