Of Note – Page 674 – DataBreaches.Net

Shades of 2003: Have contractors started holding individuals’ PII hostage again?

Posted on January 4, 2013 by Dissent

It’s been a long time since I’ve seen any report that a contractor or their employees were holding an organization’s client or patient data hostage as part of a dispute. To my surprise, however, there have been two such reports like that recently. One case is in the healthcare sector and I’ll be blogging about…

Inadequate security of personal, private, and sensitive Information in school districts’ mobile computing devices – audit

Posted on December 26, 2012 by Dissent

I’ve often pointed out my concerns that public schools – at least those in New York that I’ve been in – do not seem to have adequate security in place for the vast troves of sensitive and confidential information they collect and retain. So I was unsurprised to read that a recent Office of the…

Verizon FIOS allegedly hacked; 300,000 records dumped; more than 3 million acquired? NO! (updated to include Verizon statements)

Posted on December 22, 2012 by Dissent

Update Sunday 3:34 pm: In response to follow-up questions, Verizon spokesperson Alberto Canal informed this site last night: Some were Verizon customers, most were not. In regards to the number of individuals, the total was about 10% of what was originally reported. In answer to your question about a vulnerability: No there was not. There…

One year later, Jetro/Restaurant Depot is breached again (update2)

Posted on December 21, 2012 by Dissent

It was last year at about this time that we first got wind of an incident involving food services wholesaler Jetro/Restaurant Depot. Malware inserted in their card payment system had exfiltrated mag stripe data (names, card numbers, card expiration dates, and cvv codes) to a server in Russia between late September 2011 and early November…

Update and commentary on SCDOR breach: Where would they be without media coverage?

Posted on December 9, 2012 by Dissent

I’ve been pretty critical of the South Carolina Department of Revenue breach and the state’s incident response. Some will think my criticism is well-deserved, while others may feel I’ve been too harsh. But it is now six weeks since we first learned of the breach and here is what hasn’t happened so far: Notification letters…

Yes, sometimes it’s as bad as we fear

Posted on December 7, 2012 by Dissent

In the process of researching something else, I stumbled across an audit of a NYS agency with the grim title, “Mobile Devices with Sensitive Information are not Secure.” By the time I got done reading and browsing other audits, I totally forgot what I was looking for in the first place, but here’s what I…