UK Encryption: Royal & Sun Alliance Insurance Fined £150,000 For Stolen Hard Drive.

The UK’s Information Commissioner’s Office (ICO) has fined an insurance company, Royal & Sun Alliance (RSA), a total of £150,000 for the theft of an external storage device with information on nearly 60,000 clients (and credit card details for 20,000 people).   Stolen From a Locked Room Unlike your run-of-the-mill hard drive theft cases, there […] read more

Netherlands Officially Files 5,500 Breach Notifications In 2016.

The Personal Data Protection Authority of the Netherlands (Autoriteit Persoonsgegevens, “AP”) revealed last week that they received nearly 5,500 data breach notifications in 2016, the first year of mandatory data breach notifications for the European country. This contrasts with the 980 data breaches in the same period for the US, compiled by the Identity Theft […] read more

California Amends Data Breach Notification For Encrypted Data.

Beginning on January 1, 2017, organizations in California cannot automatically assume that personal details are safe if they were encrypted at the time of a data breach. This, in turn, means that businesses and other organizations will have to give some thought as to whether a data breach must be made public.   Encrypted Personal […] read more

Data Breach Reparations: Still Evolving, Consumers Begin To See Glimmers.

According to idtheftcenter.org, the US has seen over 858 data breaches that involved over 29 million records in 2016 (to be more specific, up until November 8). The list of breaches does not include those that go unreported, for obvious reasons, as well as those that weren’t vetted by credible sources like state Attorney General […] read more

California Accountants Hacked To File Fraudulent Tax Returns.

Time has shown that all types of businesses are targets for hacking. The big ones, because they have money. The small and medium-sized businesses, because they have money, although less of it than big enterprises. Stories of phishing or hacking into computers that host electronic banking activities have popped up in the news frequently. Here’s […] read more

TrueCrypt Users Being Infected With Malware “StrongPity”.

It’s not often than abandoned software makes news, but never say never. Apparently, certain hackers are distributing installers for TrueCrypt and WinRAR – respectively, a discontinued encryption program and a file compression tool – that have been infected with malware called “StrongPity”. The problem for people who are affected by the malware is that the […] read more

Yahoo: 2 Years Late In Announcing Data Breach, Decided Not To Improve Security.

Yahoo is full of surprises as of late. Just last week, the company revealed that they had a massive data breach in 2014 – a situation made more scandalous because it was the media, not the company responsible, that spilled the beans. The scandal then grew larger when it was revealed that Yahoo had been […] read more

Another Site Leaks Plaintext Passwords, Runs Afoul of COPPA.

The site arstechnica.com is reporting that i-Dressup not only experienced a data breach – over 2.2 million affected – but has been slow as molasses in responding to Ars’s emails that they have been hacked or, more importantly, fixing the vulnerability that lead to the security failure. Perhaps we shouldn’t be surprised, merely exasperated, that […] read more

Yet Another US Court Says FBI Hacking Is Unauthorized Search, Won’t Suppress Evidence.

Earlier in the year, the FBI revealed that they had taken over a site in the dark web and reeled in hundreds of suspects in a sting operation. Due to the nature of the site (a shadowy community where its content very heavily leaned towards, but not exclusively to, child porn) many people online voiced […] read more

Data Security: Social Engineering Still More Effective Than Zero-Day Hacks.

According to a security company’s 100 penetration attempts, most organizations succumb to five attacks, none of which involve malware or zero-day flaws. The top five attacks, according to darkreading.com: abuse of weak domain user passwords — used in 66% of Praetorian pen testers’ successful attacks broadcast name resolution poisoning (like WPAD) — 64% local admin […] read more