It has now been about two years since I filed a complaint with the FTC to alert them to all the data security breaches involving Experian’s credit report database. And while I continue to wait to see the FTC take action against Experian over their numerous breaches involving misuse of clients’ login credentials, Experian…
Category: Of Note
AU: Asylum seekers’ identities revealed in Immigration Department data lapse
Oliver Laughland, Paul Farrell and Asher Wolf report: The personal details of a third of all asylum seekers held in Australia – almost 10,000 adults and children – have been inadvertently released by the Department of Immigration and Border Protection in one of the most serious privacy breaches in Australia’s history. A vast database containing…
2013 Exposed Records Sets the Stage for Massive Identity Theft
From Risk Based Security: We are pleased to release our Data Breach Quick view report that shows 2013 broke the previous all-time record for the number of exposed records caused by reported data breach incidents. The 2,164 incidents reported during 2013 exposed over 822 million records, nearly doubling the previous highest year on record (2011). Although overshadowed…
Wachovia customer sues bank for failing to protect his account and then falsely fingering him to the feds
Jay Weaver of the Miami Herald has a must-read piece about what Carlos Gomez, a Wachovia Bank customer, went through after becoming a victim of ID theft by a bank employee, and how he’s suing Wachovia, which has since been taken over by Wells Fargo: Just before dawn, insistent pounding on the front door jolted…
Hackers used previously unknown Internet Explorer flaw in new attacks
Joseph Menn reports: A previously unknown flaw in a recent version of Microsoft Corp’s Internet Explorer web browser is being used to attack Internet users, including some visitors to a major site for U.S. military veterans, researchers said Thursday. Security firm FireEye Inc discovered the attacks against IE 10 this week, saying that hundreds or…
Why otherwise adequate breach response plans may fail
One of the recurring themes by commenters on this blog is that they got a breach notification that offered them free credit monitoring services, but: 1. They can’t access the site they’re directed to; 2. They are alarmed that the site asks them for their personal information; and/or 3. They have no reason to trust…