The Associated Press has an item about Radisson Hotels & Resorts notifying guests of a breach that involved their credit card numbers. And I see that on Radisson’s site, they have posted a letter to guests: Radisson values your business and respects the privacy of your information, which is why we wish to inform you…
Category: Of Note
FTC issues Health Breach Notification Rule
<blockquote>The Federal Trade Commission (“FTC” or “Commission”) is issuing this final rule, as required by the American Recovery and Reinvestment Act of 2009 (the “Recovery Act” or “the Act”). The rule requires vendors of personal health records and related entities to notify consumers when the security of their individually identifiable health information has been breached….
Audit of Dept of Energy reveals unaddressed problems
From Protection of the Department of Energy’s Unclassified Sensitive Electronic Information, DOE/IG-0818: The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special…
Three indicted for hacking Heartland, 7-Eleven, and Hannaford; Over 130 million credit and debit card numbers stolen
An indictment [pdf] was returned today against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history, announced Acting U.S. Attorney Ralph J. Marra, Jr., along with Assistant Attorney General of the Criminal Division Lanny A. Breuer and United States Secret Service…
Hacker used Twitter to control infected PCs
Twitter’s been having a rough couple of weeks. A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil. Networks of infected PCs are referred to…
An open letter to Heartland CEO Robert Carr
Rich Mogull of Securosis joins Mike Rothman in taking Heartland Payment Systems CEO Bob Carr to task for his comments that seemed to shift responsibility for the breach to the assessors who told them they were PCI-compliant: […] PCI compliance means you are compliant at a point in time, not secure for an indefinite future….