Titanium Metals Corporation (“TIMET”) notified the New Hampshire Attorney General’s Office on August 13 that “malicious software circumvented the Company’s firewall protections and downloaded information from the Company’s systems.” TIMET reports [pdf] that their Information Services Department discovered and stopped the cyberattack, but does not indicate how long it took for the attack to be…
Finance company identifies 294 recipients of non-payment legal threat
A finance company has disclosed the email addresses of 294 customers that it says are behind in their repayments to the firm. The company emailed the customers but did not hide the addresses of everyone it contacted. The email makes it clear that the 294 customers are being contacted because they are behind in their…
7-Eleven statement regarding 2007 credit card fraud
7-Eleven, Inc. has learned that federal authorities in New Jersey have indicted individuals for the theft of credit and debit card numbers in a computer hacking scheme targeting multiple retailers in a number of separate incidents over the last several years. The company became aware in late 2007 that a security breach had occurred. The…
FTC issues Health Breach Notification Rule
<blockquote>The Federal Trade Commission (“FTC” or “Commission”) is issuing this final rule, as required by the American Recovery and Reinvestment Act of 2009 (the “Recovery Act” or “the Act”). The rule requires vendors of personal health records and related entities to notify consumers when the security of their individually identifiable health information has been breached….
Audit of Dept of Energy reveals unaddressed problems
From Protection of the Department of Energy’s Unclassified Sensitive Electronic Information, DOE/IG-0818: The Department of Energy and its contractors store and process massive quantities of sensitive information to accomplish national security, energy, science, and environmental missions. Sensitive unclassified data, such as personally identifiable information (PII), official use only, and unclassified controlled nuclear information require special…
UK: ICO to remind doctors who treat patients privately of their obligations to notify
Doctors who treat patients privately are being urged by the Information Commissioner’s Office (ICO) to make sure they are complying with the Data Protection Act. The privacy watchdog is launching a new initiative to ensure doctors operating privately notify with the ICO that they are handling people’s personal information. People’s individual health records are some…