Computerworld reports: The Office of the Australian Information Commissioner (OAIC) has released an updated information security guide with tips on stopping rogue employees and advice on using cloud storage offerings. The Guide to securing personal information replaces the older Guide to information security and is designed to help government agencies and private sector companies meet their obligations under the Australian…
New privacy concerns over HealthCare.gov website
AP reports: A little-known side to the government’s health insurance website is prompting renewed concerns about privacy, just as the White House is calling for stronger cybersecurity protections for consumers. It works like this: When you apply for coverage on HealthCare.gov, dozens of data companies may be able to tell that you are on the site….
Another Lizard Arrested, Lizard Lair Hacked
I should have noted this one last week. My bad. Brian Krebs reports: In an unrelated development, not long after this publication broke the news that the Lizard Squad’s attack infrastructure is built on a network of thousands of hacked home Internet routers, someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions…
All Verizon Customer Emails Were Opened Up To Hackers Thanks To Glaring Bug
Thomas Fox-Brewster reports: US telecoms giant Verizon has had a bad couple of years from a privacy point of view, from revelations of unrestrained NSA access to its’ customers call metadata or “permacookies” that could have permanently tracked users web activity. It could do without any other embarrassment, but on Sunday a researcher revealed a glaring vulnerability related…
UK: Customer records left exposed after shoe company data breach
The Information Commissioner’s Office (ICO) has issued a press release indicating that high street and online shoe retailer Office has signed an undertaking following a hacking incident the ICO was informed about on May 29, 2014. According to details in the undertaking, a member of the public had hacked into an unencrypted historic Office database that was being stored on a legacy server outside…
C’mon, folks, you really need to acknowledge breach notifications, Monday edition
I haven’t kept strict statistics, but in general, most entities that I try to notify of a breach fail to respond at all. Others may respond that they’re looking into claimed hacks, but then fail to get back to me with a definitive answer or statement. Here’s another case in point: On January 10, I…