Jennifer Baker reports: A law approved by the European Parliament on Wednesday and aimed at protecting citizens’ privacy comes with sweeping penalties for breaches—up to €100 million (US$139 million) or 5 percent of global annual turnover, whichever is larger. The European Data Protection Regulation will apply not only to European companies, but any company that…
Category: Of Note
UK: Morrisons supermarket suffers major payroll data breach (Updated)
John E. Dunn reports: British supermarket Morrisons has reportedly suffered a major data breach which saw the pay-roll data of an unknown number of its 100,000 staff stolen and published on a website. In an email sent to staff and later seen by TV media, the attack was said to have involved the theft of…
Target ignored its own warning system – Bloomberg (updated)
I’m watching Josh Tyrangiel of Bloomberg on CBS News this morning reporting that prior to its massive breach, Target ignored the warning alerts generated by its FireEye system. Target hasn’t responded to Bloomberg’s questions as to why the warning e-mails generated by the system were ignored. Interestingly, we heard something similar in the Neiman-Marcus breach where…
Security firm report says Target data hack was low tech
Jennifer Bjorhus reports: The U.S. Secret Service has called the criminals behind Target Corp.’s monster security breach well-organized, “highly technical” and “sophisticated.” But cybersecurity firm McAfee Inc. said in a report out Monday that the heist was anything but exotic, describing the attack as a Breach 101 operation. The thieves used easily modified off-the-shelf malware, common methods…
Experian Lapse Allowed ID Theft Service Access to 200M Consumer Records – Krebs
Brian Krebs writes: In October 2013, KrebsOnSecurity published an exclusive story detailing how a Vietnamese man running an online identity theft service bought personal and financial records on Americans directly from a company owned by Experian, one of the three major U.S. credit bureaus. Today’s story looks deeper at the damage wrought in this colossal misstep by one…
AU: Asylum seeker data breach triggers court battles
Breaches have consequences. Bianca Hall reports further developments in a breach previously noted on this blog: The federal government will be forced to simultaneously fight dozens of court appeals later this month following a privacy breach, with about 40 asylum seekers preparing to launch appeals against their deportation in the Federal Circuit Court. The asylum…