Brian Krebs reports: Nearly a week after this blog first reported signs that Home Depot was battling a major security incident, the company has acknowledged that it suffered a credit and debit card breach involving its U.S. and Canadian stores dating back to April 2014. Home Depot was quick to assure customers and banks that no debit card PIN data was…
HIV Status, Homosexuality no Reason for Anonymity, Judge
Sabrina Canfield reports: An HIV-positive homosexual who sued his employer for discrimination cannot do so anonymously because his HIV-positive, homosexual status provides him “no greater threat of retaliation” than a typical plaintiff alleging employment violations, a federal judge ruled. John Doe asked the court to keep his own name out of a lawsuit he filed…
Yandy notifies online customers of breach
If you purchased lingerie or other items from Phoenix-based Yandy.com, you may be getting a breach notification. Yandy reports that they became aware of the breach on August 18, and it involved customers’ names, postal and email addresses, card numbers, expiration dates, and CVV codes. Although the notification letter, signed only by “The Yandy Team,” does…
NCQA spots – and stops – ecommerce breach quickly
How quickly can your organization detect and stop a breach? It looks like the National Committee for Quality Assurance (NCQA) caught one pretty quickly, as it only affected customers making online purchases on September 3 between 2 am and 10 am. They called those affected, and by September 5, were sending out letters to those…
INFORMATION SECURITY: Agencies Need to Improve Oversight of Contractor Controls
From a newly released GAO report: Although the six federal agencies that GAO reviewed (the Departments of Energy (DOE), Homeland Security (DHS), State, and Transportation (DOT), the Environmental Protection Agency (EPA) and the Office of Personnel Management (OPM)) generally established security and privacy requirements and planned for assessments to determine the effectiveness of contractor implementation…
PERSONNEL SECURITY CLEARANCES: Additional Guidance and Oversight Needed at DHS and DOD to Ensure Consistent Application of Revocation Process
From a newly released GAO report: The Department of Homeland Security (DHS) and the Department of Defense (DOD) both have systems that track varying levels of detail related to revocations of employees’ security clearances. DHS’s and DOD’s data systems could provide data on the number of and reasons for revocations, but they could not provide…