A man who created a website trading in stolen financial information linked to tens of millions of pounds in losses has been jailed for nearly five years. Renukanth Subramaniam, 33, founded Darkmarket, a “Facebook for fraudsters” where criminals could buy and sell credit card details and bank log-ins. The site was shut down in 2008…
Category: Of Note
Wyndham hotels hacked again
The Wyndham Hotel and Resort chain, which has suffered two known breaches since 2008, has reportedly suffered a third breach. Robert McMillan of IDG News Service reports: Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data. The break-in occurred between late October 2009 and January 2010, when it was…
Recommended: The Curious Case of EMI v. Comerica
David Navetta writes: Security breaches in the online banking world continue to yield interesting lawsuits (you can read about three others in this post). The latest online banking lawsuit filed by Experi-Metal Inc. (“EMI”) against Comerica (the “EMI Lawsuit”) provides some new wrinkles that could further illuminate the boundaries of “reasonable security” under the law….
FTC investigates some firms in P2P leaks
Jaikumar Vijayan of Computerworld was able to see a redacted copy of a letter (Civil Investigative Demand) sent by the FTC to some of the organizations who were found to be leaking information via P2P networks: It showed the agency is seeking information, dating back to mid-2007, on a wide-range of technology and process-related topics….
ControlScan Settles FTC Charges
ControlScan, a company that consumers have relied on to certify the privacy and security of online retailers and other Web sites, has agreed to settle Federal Trade Commission charges that it misled consumers about how often it monitored the sites and the steps it took to verify their privacy and security practices. The settlements will…
HHS starts to reveal healthcare breaches reported to government
When HITECH was passed as part of the stimulus bill, it introduced new data breach notification requirements, including a requirement that breaches of unsecured personal health information held by covered entities or their business associates affecting more than 500 individuals be reported to the U.S. Department of Health & Human Services. The requirement was somewhat…