Jeremy Kirk reports the final chapter in a case first noted on this blog last August and updated in November: Four men who ran what U.K. police say was the largest English-language criminal forum for selling stolen credit card numbers and the tools to steal data were imprisoned for a combined total of more than…
Category: Of Note
German Government Adopts Security Breach Notification Requirement in Telecommunications Act
On March 2, 2011, the German Federal government adopted a draft law revising certain sector-specific data protection provisions in the German Telecommunications Act. The draft law addresses the implementation of data breach notification requirements in the European e-Privacy Directive by introducing a breach notification obligation for telecommunications companies. According to the proposal, telecommunications companies must…
Mass. General to pay $1M to settle privacy claims
Massachusetts General Hospital and its physicians organization have agreed to pay the federal government $1,000,000 to settle claims related to a worker leaving personal health documents on the subway. The hospital also agreed to develop a comprehensive new privacy policy to prevent patient information from being compromised in the future, and to provide training to…
SpamIt, Glavmed Pharmacy Networks Exposed
Brian Krebs writes: An organized crime group thought to include individuals responsible for the notorious Storm and Waledac worms generated more than $150 million promoting rogue online pharmacies via spam and hacking, according to data obtained by KrebsOnSecurity.com. In June 2010, an anonymous source using the assumed name “Despduck” began an e-mail correspondence with a key anti-spam…
Cambridge Who’s Who attempt to block former employee from discussing alleged data loss fails in court
Occasionally, we find out about a data breach via court filings instead of notifications or media coverage. This is one of those times, it seems. As far as I can determine, the incident discussed in the court case was not reported to the NYS Consumer Protection Board by either Cambridge Who’s Who or Proactive Technology…
(update) Hacker accessed HuskyDirect.com database by using vendor’s administrative password
On January 31, lawyers for the University of Connecticut Cooperative Corporation notified the New Hampshire Attorney General’s Office of a breach mentioned previously on this blog. Their letter revealed some previously unreported details, including the fact that the HuskyDirect.com web site was hosted and managed by Fuss & O’Neill Technologies LLC in Connecticut, a firm that does business…