Mathew J. Schwartz reports: Staples is now confirming that there was a malware-related breach, although it’s offering scant additional information. “We are continuing to investigate a data security incident involving an intrusion into some of our retail point-of-sale and computer systems,” Staples spokesman Mark Cautela tells Information Security Media Group. “We believe we have eradicated…
UK: NHS Grampian out of compliance with Data Protection Act – again.
From the Information Commissioner’s Office: The Information Commissioner’s Office (ICO) has ordered Grampian Health Board (NHS Grampian) to take action to make sure patients’ information is better protected. The warning comes after six data breaches within a thirteen month period where papers containing sensitive personal data were left abandoned in public areas of the hospital…
Identity thieves hit 2 Metro Detroit hospitals
Tresa Baldas reports: A pair of thieves stole the identities of hundreds of patients at two Metro Detroit hospitals and used their personal information to scam the government out of nearly $500,000 in phony tax refunds, the U.S. Attorneys office announced today. According to an indictment unsealed Monday in U.S. District Court, one of the…
The Evolution Store updates its breach notification
The Evolution Store recently sent an updated notification letter to those affected by their previously disclosed e-commerce breach. In their updated notification, William Stevens, President of The Evolution Store, writes that forensic investigation confirmed that unauthorized IP addresses first accessed the e-commerce site on March 2, 2014, and that the last date of unauthorized access was…
INFORMATION SECURITY: Additional Actions Needed to Address Vulnerabilities That Put VA Data at Risk – GAO
Highlights of a new GAO study also addressing VA infosecurity: What GAO Found The Department of Veterans Affairs (VA) has taken actions to mitigate previously identified vulnerabilities, but it has not fully addressed these weaknesses: Incident response: VA took actions to contain and eradicate the effects of a network intrusion detected in 2012, but it could…
Hackers went after Detroit database, official
Nathan Bomey reports: Detroit Mayor Mike Duggan told the 2014 North American International Cyber Summit in Detroit crowd Monday that cyberattackers recently seized control of an immaterial city database and sought hundreds of thousands of dollars in a digital currency called bitcoin. The attack went nowhere, but Duggan said it was an example of the…