UPDATE: See comment by Don Moffett below this post who notes that the Governor was actually correct and the IRS’s statement is incorrect. Governor Nikki Haley of South Carolina should stop talking about the massive databreach at the Department of Revenue and let someone who actually knows something about data security speak for the state….
Category: U.S.
Stolen thumb drives might hold personal data on Ramstein students
Jennifer H. Svan reports: The theft of five thumb drives from an unlocked vehicle may have compromised the personal information of hundreds of pupils, their parents and staff members at a Defense Department school in Germany, school officials said Wednesday. Parents of more than 900 students at Ramstein Intermediate School were notified of the possible…
Two Utah websites claim hacker attacks cost them $180K; @ItsKahuna challenges the price tag
Back at the beginning of the year, the Salt Lake City Police Department and Utah Chiefs of Police were among a number of law enforcement organizations hacked in #OpPiggyBank. A hacker whose Twitter handle is @ItsKahuna was subsequently charged in the incidents. Now John Anthony Borell is challenging the organizations’ claims about what the hacks…
Forensic report on SCDOR breach
Here’s Mandiant’s report on the breach at the South Carolina Department of Revenue. From the Executive Summary, a summary of the attack: Summary of the Attack A high level understanding of the most important aspects of the compromise are detailed below. 1. August 13, 2012: A malicious (phishing) email was sent to multiple Department of…
Haley admits hacking errors; revenue chief resigns
Governor Haley has now walked back some of her more irritating claims about South Carolina’s massive data breach. Seanna Adcox of Associated Press reports: A report on a massive security breach at the South Carolina tax collection agency shows the state could have done more to protect personal information for nearly 4 million taxpayers, Gov. Nikki…
Breach notification done right? (Nationwide hack, updated)
I spend a lot of time criticizing breach notifications, so it’s nice when I can occasionally point to a positive example. Without considering whether the breach could have been prevented, consider this notification letter from Nationwide Insurance, dated November 16: We want to make you aware that a portion of our computer network was criminally…