<blockquote>The Federal Trade Commission (“FTC” or “Commission”) is issuing this final rule, as required by the American Recovery and Reinvestment Act of 2009 (the “Recovery Act” or “the Act”). The rule requires vendors of personal health records and related entities to notify consumers when the security of their individually identifiable health information has been breached….
Category: Of Note
Audit of Dept of Energy reveals unaddressed problems
From Protection of the Department of Energy’s Unclassified Sensitive Electronic Information, DOE/IG-0818: The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special…
Three indicted for hacking Heartland, 7-Eleven, and Hannaford; Over 130 million credit and debit card numbers stolen
An indictment [pdf] was returned today against three individuals who are charged with being responsible for five corporate data breaches, including the single largest reported data breach in U.S. history, announced Acting U.S. Attorney Ralph J. Marra, Jr., along with Assistant Attorney General of the Criminal Division Lanny A. Breuer and United States Secret Service…
Hacker used Twitter to control infected PCs
Twitter’s been having a rough couple of weeks. A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil. Networks of infected PCs are referred to…
An open letter to Heartland CEO Robert Carr
Rich Mogull of Securosis joins Mike Rothman in taking Heartland Payment Systems CEO Bob Carr to task for his comments that seemed to shift responsibility for the breach to the assessors who told them they were PCI-compliant: […] PCI compliance means you are compliant at a point in time, not secure for an indefinite future….
Aussie accused of using malware to steal bank details
An Australian has been charged with infecting 3000 computers worldwide with viruses designed to capture banking details. The 20-year-old from Adelaide is also suspected of having developed software capable of launching virus attacks on 74,000 computers worldwide. […] The man has been charged with offences including unauthorised modification of computer data, supply and possession of…