Jonathan Fildes reports: The scale of a phishing attack originally thought to be directed at Hotmail may be larger than previously thought. BBC News has seen a list of more than 20,000 more names and passwords that have been posted online. The list contains e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and others…
Category: Of Note
Lawsuit: Heartland Knew Data Security Standard was ‘Insufficient’
Linda McClasson reports: Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure. This is the contention of a new master complaint filed in the class action suit against Heartland, which in January…
Confirmed: Thousands of Hotmail passwords leaked online (updated)
Tom Warren reports: Neowin has received information regarding a possible Windows Live Hotmail “hack” or phishing scheme where password details of thousands of Hotmail accounts have been posted online. An anonymous user posted details of the accounts on October 1 at pastebin.com, a site commonly used by developers to share code snippets. The details have…
Royal Bank glitch allowed Visa customers to view others’ transactions
Gillian Shaw reports: The Royal Bank says it has fixed a computer security glitch that allowed some of its West Coast Visa customers to view transactions made by other cardholders. Vancouver’s Mike Jagger was checking his RBC Visa statement online when he found himself staring at someone else’s transactions — about $20,000 worth of charges….
Blue Cross physicians warned of data breach
Kay Lazar reports: The largest health insurer in Massachusetts is warning roughly 39,000 physicians and other health care providers in the state that personal information, including Social Security numbers, may have been compromised after a laptop containing the data was stolen in August from an employee of the Blue Cross and Blue Shield Association’s national…
Lawmakers: lower bar for health IT data breach notification
Roy Mark reports: Two key chairmen of U.S. House committees Oct. 1 urged HHS (Health and Human Services) Secretary Kathleen Sebelius to revise or appeal the agency’s controversial “harm standard” that would trigger a personal health record data breach notification. Under the current rules, companies that secure health information using encryption or destruction, no breach…