Andy Carvell writes: An alleged hacker has broken the terms of a gagging order to speak out about his arrest and prosecution in an extraordinary rant on his group’s website. Last month, hackers exposed an embarrassing security flaw affecting iPad customers on AT&T, causing red faces all round at the telecoms provider. Shortly after the…
Investor, TJX settle suit over data theft
Hiawatha Bray reports: TJX Cos., which owns the T.J. Maxx and Marshalls discount retail chains, has settled an investor lawsuit related to the theft of millions of its customers’ credit card numbers. The Louisiana Municipal Police Employees’ Retirement System, which holds shares of TJX stock, alleged that members of the TJX board of directors failed…
Pirate Bay Hack Exposes User Booty
Brian Krebs reports: Security weaknesses in the hugely popular file-sharing Web site thepiratebay.org have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users, according to information obtained by KrebsOnSecurity.com. An Argentinian hacker named Ch Russo said he and two of his associates discovered multiple SQL injection vulnerabilities that…
(follow-up) Private info accidentally released
Fran Handy reports that after the Sparta School District in New Jersey erroneously sent out the unredacted version of a spread sheet containing vendors’ SSN and other information — instead of the redacted one that they had prepared in response to an open records request — the District has had some trouble getting the data…
UK: ICO finds three councils in breach of Data Protection Act
The Information Commissioner’s Office (ICO) has taken action against the London Borough of Barnet, West Sussex County Council and Buckinghamshire County Council for breaching the Data Protection Act. A systemic lack of staff training on how to handle personal information has led to the loss of sensitive personal information relating to thousands of children. Sally-anne…
IE: Breach notification guidance and code available online
The Breach Notification Guidance and Data Security Breach Code of Practice have been posted to the web site of the Data Protection Commissioner of Ireland.