Max Ray Vision pleaded guilty to wire fraud today in a Pittsburgh federal court for stealing credit card and identity information from tens of thousands of people by hacking into the computers of financial institutions and credit card processing centers. Vision, who legally changed his name from Butler, used online aliases of “Iceman,” “Aphex,” “Digits”…
Category: Of Note
Pain and Suffering in the Aftermath of a Breach
One of the obstacles to consumer class action lawsuits in response to data breaches has been that most individuals cannot demonstrate actual harm, where harm is defined by the courts in financial terms. As Judge D. Brock Hornby explained when he threw out most of the Hannaford Bros. lawsuit, Maine state law requires that there…
Blue Chip FTP Logins on Server
Security researchers have found a treasure chest of FTP passwords, some from high profile sites, on an open cybercrime server. Jacques Erasmus, CTO at security tools firm Prevx, stumbled across a site where a Trojan is uploading FTP login credentials captured from compromised machines. So far, Erasmus has found logins for ftp.bbc.co.uk, ftp.cisco.com, ftp.amazon.com, ftp.monster.com…
MA Regs Trumps the Feds
A privacy bill under consideration in Washington would significantly impact retail through provisions that would spell out how companies would have to protect customer data and what they must do if information is compromised, yet, as worrisome as that might be for some, any concern is essentially moot because a Massachusetts regulation with substantially the…
Audit of US DOE on Incidents
Parts of the report were redacted, indicated by x’s below. Executive Summary: The Office of Inspector General (OIG) performed a review of the Department of Education’s (Department) external web sites. This audit was conducted in accordance with the Federal Information Security Management Act (FISMA) as enacted by Title III of the E-Government Act of 2002,…
New Breach Laws in Alaska and SC
On July 1, 2009, new laws will take effect in Alaska and South Carolina that will require entities that have experienced data security breaches involving personal information to notify affected individuals of the breaches. With these additions, a total of 44 states, plus the District of Columbia, Puerto Rico and the U.S. Virgin Islands, will…