Brian Krebs writes: In October 2013, KrebsOnSecurity published an exclusive story detailing how a Vietnamese man running an online identity theft service bought personal and financial records on Americans directly from a company owned by Experian, one of the three major U.S. credit bureaus. Today’s story looks deeper at the damage wrought in this colossal misstep by one…
No consensus on notifying victims of data breaches, but I have a few thoughts
Eric Tucker of Associated Press reports: The data breach at Target Corp. that exposed millions of credit card numbers has focused attention on the patchwork of state consumer notification laws and renewed a push for a single national standard. Most states have laws that require retailers to disclose data breaches, but the laws vary wildly….
AU: Asylum seeker data breach triggers court battles
Breaches have consequences. Bianca Hall reports further developments in a breach previously noted on this blog: The federal government will be forced to simultaneously fight dozens of court appeals later this month following a privacy breach, with about 40 asylum seekers preparing to launch appeals against their deportation in the Federal Circuit Court. The asylum…
Behind The Scenes—What One Major University Learned After A Data Breach
Jeanne Price of idRADAR interviewed a University of Maryland spokesperson about their recent breach. The interview provides a nice insider’s perspective on breach response, and you may wish to read it all here. Perhaps the most startling revelation was this one: UMD did not have a data breach crisis plan in place before the event,…
The Timken Company notifying 5,000 associates after data exposed on insecure server
Ohio-based The Timken Company, a global steel and bearing manufacturer and supplier, is notifying current and former associates and job applicants of a data security breach that occurred on January 30 and was discovered February 19. The breach occurred when a file containing personal information was stored on a server normally used for interchange of non-confidential information…
CA: San Juan Unified School District notifies parents of information security breach
Sharokina Shams reports: Officials at a Sacramento school district are notifying parents that records containing personal identifying information were found at the Southern California home of a wire fraud suspect. The San Juan Unified School District posted the information on its website Friday, one day after KCRA 3 informed the district that an FBI investigation had…