Articles about Data Breaches

Crop of doctor with pen and clipboard

Nearly 1 in 5 health data breaches take years to spot, says Verizon

Stolen medical information is a prevalent problem across multiple industries, according to a new study by Verizon. The issue is compounded because many organisations outside of the healthcare sector do not even realise they even hold this type of data. Common sources of protected health information are employee records ( …
John Leyden, 16 Dec 2015
theresa_may_648

Home Office kept schtum on more than 30 data breaches last year

The Home Office suffered 33 data breaches during the last financial year – and did not report any of them to the Information Commissioner's Office (ICO) The department's annual report and accounts 2014-15 (PDF) reveals 33 "Personal Data Related Incidents" that took place in the last financial year, but were not formally …
Laurel and Hardy on the phone

Stupid humans and their EXPENSIVE DATA BREACHES

UK data breaches are increasingly being traced back to human error, despite the growing emphasis on data protection. A Freedom of Information (FOI) request to data privacy watchdogs at the Information Commissioner’s Office (ICO) revealed that a quarter of reported data breaches during the first three months of 2014 were caused …
John Leyden, 05 Dec 2014
Cash on scales. Pic: Images Money, Flickr

TalkTalk shares drop 10.7% despite research that breaches don't cause drops

Shares in TalkTalk dropped by 10.7 per cent this morning after the company released a statement admitting that a "cyber attack" may have exposed the data of its four million customers. TalkTalk is contacting all of its customers following what it called "a significant and sustained cyber attack" and intends to offer them free …

Malware, restoring data: What keeps data center techies up all night

A majority of organizations polled in a data center and cloud security survey are dissatisfied with their malware containment and recovery times. More than half (55 per cent) of survey respondents were dissatisfied with the length of time it takes them to contain and recover from hacker infiltrations and malware infections, …
John Leyden, 15 Oct 2015
Hacked sarcasm

Oz privacy comish says breaches could double this year

The office of Australia's Federal Privacy Commissioner has received 60 voluntary data breach notifications in the six months since 12 March compared to 71 received in the 2014 financial year. The statistics provide to Vulture South and repeated at the Australian Information Security Association conference include all manner of …
Darren Pauli, 20 Oct 2014

104 Australian orgs report breaches to privacy commissioner

Australian organisations have voluntarily submitted 104 data breach notifications over the last year, the Privacy Office says. News of the breach disclosures arrived today, the first anniversary of the country's tougher privacy policies, among reports of 4,016 privacy complaints, a 43 percent increase over the prior year. …
Darren Pauli, 12 Mar 2015
Cash on scales. Pic: Images Money, Flickr

ICO: You call that a sentence? Courts need power to hit data thieves harder

Blighty's data watchdog has moaned that the UK's courts needs greater powers to impose penalties on data thieves after a woman was slapped with a £1,000 for flogging 28,000 customer records for £5,000. Sindy Nagra, 42, from Hayes, was issued the fine by Isleworth Crown Court on Friday. She was an admin assistant at a car …
Kat Hall, 11 Jan 2016

Strict new EU data protection rules formally adopted by MEPs

Strict new rules forcing companies to pay four per cent of their global turnover in fines if they breach the European Union's data protection regulations have today been formally agreed. The legislation will create a uniform set of rules across the EU "fit for the digital era," said the EU in a press release. It said they …
Kat Hall, 17 Dec 2015

UK gets the Ashley Madison fear: Data privacy moans on the up

Consumer complaints about the way personal data is handled increased by 30 per cent from 2013 to 2014, according to figures from Pinsent Masons, acquired via several Freedom of Information requests to the Information Commissioners Office (ICO). Complaints about the security of personal information rose from 886 in 2013 to 1, …
John Leyden, 05 Oct 2015
1984

Jail incompetent council folk who leak our data, thunders furious BBW

A report published today by British privacy rights group Big Brother Watch (BBW) says the scale of private data being leaked is so great that those responsible should be jailed. Between April 2011 and April 2014, local councils experienced around four data breaches a day – a total of 4,236 instances – according to figures …
Jennifer Baker, 11 Aug 2015

Medical data experiment goes horribly wrong: 950,000 records lost

American health insurer Centene Corp says it has lost 950,000 sensitive customer records stored on six hard drives. The drives hold customers' name and address, date of birth, Social Security numbers, and health information. Centene Corp boss Michael Neidorff says the company does not know if the information has been …
Darren Pauli, 27 Jan 2016

Bloodthirsty data parasites hungrily eye up healthcare sector

The healthcare industry sees 340 per cent more security incidents and attacks than the average market segment, according to a new study by Raytheon|Websense. Raytheon|Websense also warns that healthcare organisations are more than 200 per cent more likely to encounter data theft. Carl Leonard, principal security analyst at …
John Leyden, 24 Sep 2015
Bates Motel

FTC and Wyndham end hotel data protection feud

Hotel chain Wyndham Resorts has agreed to settle its long-running case with the FTC over its handling of customer data. The US trade bod said on Wednesday it has agreed to a settlement deal [PDF] that will see Wyndham spend the next two decades under mandatory rules for securing and storing customer payment card information. …
Shaun Nichols, 10 Dec 2015

FTC gets judicial thumbs-up to SUE firms over data breaches

In a ruling this week, a US federal judge affirmed the Federal Trade Commission's authority to file lawsuits against companies for failing to take "reasonable and appropriate" data security measures, rejecting a claim that the agency lacks that power. District Judge Esther Salas of the US District Court of New Jersey denied …
Neil McAllister, 12 Apr 2014
Gun slinger, image: Shutterstock

Thousands of 'lost data' reports mean we should ARM the ICO, says infosec bod

Infosec 2015 Thefts and losses of computers and laptops often go unreported to data privacy watchdogs and could represent a huge hidden risk for the leak of confidential data, according to new research. The Information Commissioner’s Office received 1,089 data breach reports between March 2014 and March 2015, yet police forces across the UK …
John Leyden, 02 Jun 2015
ansip_648

Mandatory data breach reporting rules finally agreed by EUrocrats

After five hours of negotiations on 7 December, members of the European Parliament and Council finally settled on the wording of the EU's Network and Information Security (NIS) Directive. The directive was first proposed in 2013 as a means of forwarding the European Union's cybersecurity strategy. As it is a directive, rather …

Human error to blame as UK data breach investigations surge

UK data breach investigations within the financial services industry almost trebled over the last two years, according to figures acquired via a Freedom of Information request to the Information Commissioner’s Office, with human error almost always responsible. The 183 per cent rise in reported Data Protection Act (DPA) …
John Leyden, 03 Jun 2015

Steelie Neelie eyeballs ENCRYPTION PLAN for telco data breaches

Telcos in Europe are being asked to consider encrypting their subscribers' personal information as Brussels confirmed new rules on Monday about the industry's obligation to notify customers about data breaches. The European Union's unelected digital czar, “Steelie” Neelie Kroes, said that if ISPs agreed to shield the data with …
Kelly Fiveash, 25 Jun 2013

ICO's data protection tentacles will penetrate NHS bodies

NHS bodies in the UK can now be forced to open themselves up to data protection audits under new powers handed to the Information Commissioner's Office (ICO). The watchdog told Out-Law.com that its audits regime follows a "participative approach" and that therefore it would first ask health bodies if they would voluntarily …
OUT-LAW.COM, 03 Feb 2015

Brit mobile pay biz reveals historical cyber attacks, gets smacked in the share price

The share price of mobile payments business Optimal Payments has taken a banging after the company confessed it was only just beginning to investigate historical data breaches, following the discovery of its customers' data being trafficked online. The British company said that it had only come to know about the data breaches …

For pity's sake, enterprises, upgrade your mobile OS - report

Nine out of 10 enterprise mobile devices are using out-of-date operating systems, according to a new study, with upgrade issues increasing users' exposure to breaches, Duo Security warns. The analysis of more than one million actual iOS and Android mobile devices users in enterprises revealed that running updates is still hit …
John Leyden, 20 Jan 2016

STILL no move by Brit data cops over Google's 2012 privacy slurp

Britain's data cops are still investigating Google's sneaky privacy policy tweak from last year, even though many of its counterparts elsewhere in Europe have already taken action against the advertising giant. On Monday, Italy's regulator warned Google that it had 18 months to comply with the Rome's demands or else face fines …
Kelly Fiveash, 22 Jul 2014
BMW's remote parking tech

BMW: ADMEN have asked us for YOUR connected car DATA

US technology companies and advertisers have been seeking access to the data generated by sensors in so-called "connected cars", a senior figure at German car manufacturer BMW has said. Ian Robertson, BMW head of sales and marketing, said BMW had so far resisted requests to share connected car data with those businesses, …
OUT-LAW.COM, 16 Jan 2015
gavel_judgment_channel

ICO: Private dicks broke data-protection rules when they blagged data

Two private investigators who tricked organisations into revealing personal details about customers have been found guilty of breaching the Data Protection Act. Barry Spencer, 41, and Adrian Stanton, 40, who ran ICU Investigations Ltd in Feltham, Middlesex, were convicted at Isleworth Crown Court of conspiring to unlawfully …
John Leyden, 21 Nov 2013
The Register breaking news

US bill would make concealing data breaches a crime

US-based companies would be required to report data breaches that threaten consumer privacy and could face stiff penalties for concealing them under federal legislation that was introduced in the Senate on Tuesday. The Personal Data Privacy and Security Act aims to set national standards for protecting the growing amount of …
Dan Goodin, 08 Jun 2011
Home Secretary Theresa May introduces draft Investigatory Powers Bill to MPs. Pic credit: Parliament TV

Home Office lost its workers' completed security vetting forms

The Home Office has admitted to The Register that among its data breach incidents last year was one in which security vetting documents disappeared from within secured government premises. Through the Freedom of Information Act, The Register has learned that the Home Office – responsible for the UK's domestic counter- …
The Register breaking news

Data breaches blamed on organised crime

Cybercrooks continue to be a menace to corporate security, with hackers and malware authors collectibly responsible for 85 per cent of all stolen data. The latest edition of Verizon's annual data breach report also records a rise in insider threats and greater use of social engineering. Verizon worked with the US Secret Service …
John Leyden, 29 Jul 2010
Tom Wheeler, Chair of FCC. Image by DonkeyHotey

Privacy warriors plead with FCC to wield sword of net neutrality against snooping ISPs

The US Federal Communications Commission (FCC) has been urged to put in place stronger protections for broadband subscribers' privacy. A letter [PDF] written by a coalition of 59 activist groups from across America demands that FCC chairman Tom Wheeler fast-tracks proposed rules that would restrict the ways broadband service …
Shaun Nichols, 20 Jan 2016
happy_woman_at_desk

TalkTalk attack: UK digi minister recommends security badges for websites

The UK's digital minister Ed Vaizey has floated the idea of adding kitemarks to websites that have strong security measures in place, following the attack on TalkTalk's business last week. Speaking in Parliament on Monday in response to an urgent question on data breaches and consumer protection, following the ransack of …
Kelly Fiveash, 27 Oct 2015
The Register breaking news

NHS Barnet reveals 187 breaches of personal data

A North London primary care trust has suffered the most personal data breaches among NHS trusts in the capital over the past three years, according to figures obtained by Guardian Healthcare. The figures showed that out of 30 trusts responding to a freedom of information (FoI) request, NHS Barnet owned up to over 20 per cent of …

Vote now: Who can solve a problem like Ashley Madison?

Poll Avid Life Media – the owner of hookup site Ashley Madison – has weeks-old openings for a data analyst and a senior system administrator. The opportunities (noticed by Vulture-eyed Reg staffers) got us thinking about who in the wide world of tech is capable of righting the hacker-raided Tinder-for-cheaters site, which has …
John Leyden, 27 Aug 2015
Our Playmobil figure innocently tweeting away at his computer

My employer, comply with data protection law? Don't think so – say 3 in 4 office drones

Less than a quarter of staff at businesses in the UK, France and Germany think their organisation fully complies with data protection laws, according to a new study. Cyber security company Sophos commissioned a survey of 1,500 office workers in the three countries and found that 77 per cent of respondents were not confident …
OUT-LAW.COM, 03 Oct 2014
The Register breaking news

Credit report resellers settle charges over data breaches

Three resellers of credit information have settled federal charges they didn't do enough to prevent security breaches that exposed sensitive consumer information to hackers. The companies – Washington state-based ACRAnet Inc. and SettlementOne Credit Corporation and Statewide Credit Services of California – have agreed to …
Dan Goodin, 08 Feb 2011

TalkTalk may tell investors to tighten belts after cyber incident

TalkTalk is likely to deliver bad news to investors next week, as analysts suggested it has managed to halve its customer growth forecast after spaffing the sensitive data of more than a million existing and former customers. Shares in the telco sit at their lowest point since an initial drop of 10.7 per cent after confessing …

Most UK privacy cock-ups are 'careless' spaffing of personal data - watchdog

Most of the data breach incidents analysed by the Information Commissioner's Office (ICO) in a three-month period earlier this year concerned errors in the way personal information was disclosed, the watchdog has said. The ICO said that it had looked at 335 data breach incidents between 1 April and 30 June 2013 and found that …
OUT-LAW.COM, 13 Aug 2013
The Register breaking news

ICO 'too scared' to clobber press for data breaches

A senior investigator for the Information Commissioner's Office has told the Leveson inquiry he was warned off pursuing the press for data breaches by his bosses. Alexander Owen, also a former police officer, had been looking into possible breaches of the Data Protection Act by a south London private investigation agency when he …

Target topples CEO in latest data breach domino

The CEO of Target is the latest casualty of the big-box retailer's disastrous holiday data breach. The company said that chief exec Gregg Steinhafel would be leaving the company after 35 years,vacating both the CEO and president roles as well as his seat as chairman of the company's board of directors. Steinhafel had overseen …
Shaun Nichols, 05 May 2014

Malware caught checking out credit cards in 54 luxury hotels

Add Starwood – owner of the Sheraton, Westin, W hotel chains – to the ranks of resorts infiltrated by credit card-stealing malware. The luxury hotel chain said on Friday that 54 of its North American locations had been infected with a software nasty that harvested banking card information from payment terminals and cash …
Shaun Nichols, 20 Nov 2015
Data breach image

Look out: That data protection watchdog can bite

Despite all the furores, calamities and Snowden-related shenanigans of recent years, the UK’s privacy watchdog remains something of a pussycat, and a lean one at that. Granted powers in April 2010 to fine firms £500,000 for breaches of the various laws it covers, the Information Commissioner’s Office (ICO) has flexed its mini- …
Tom Brewster, 26 Nov 2014
Double Facepalm; when one facepalm is not enough.

Don't bother telling people if you lose their data, say Euro bods

Analysis Businesses should not need to notify consumers that their personal data has been lost or stolen if the data has been encrypted, EU ministers have said. Ministers in the Justice and Home Affairs Committee of the EU's Council of Ministers backed the plans as part of a wider partial agreement reached last week on reforms to EU …
OUT-LAW.COM, 15 Oct 2014
The Register breaking news

UK.gov coughed over £2 MEELLION in data breach fines in the past year

The total number of self-reported* data breaches in the UK increased from 730 between March 2011 and February 2012 to 1,150 in a similar period in the year up to early March 2013. The lion's share of the fines paid out originated from the public sector. A Freedom of Information (FOI) request to the Information Commissioner’s …
John Leyden, 25 Apr 2013

IT security spending to hit $75.4bn in 2015 despite currency issues, says Gartner

Worldwide spending on information security will reach $75.4bn in 2015 – an increase of 4.7 per cent over 2014 – despite a currency-driven price hike causing some customers to delay purchases until next year. Government initiatives, increased legislation and high-profile data breaches are the hot topics shaping the latest …
John Leyden, 23 Sep 2015

UK biz email slinger Mimecast files for $100m IPO in US

Mimecast filed for an initial public offering on Wall Street on Friday and said it hoped to raise up to $100m (£64m). The London-based email security vendor, which has 14,500 biz customers on its books, said that it planned to list under the symbol "MIME" on the Nasdaq exchange. For its most recent quarter, Mimecast – which …
Kelly Fiveash, 19 Oct 2015

Miscreants rummage in lawyers' silky drawers at will, despite warnings

UK data privacy watchdogs at the ICO investigated 173 UK law firms for reported breaches of the Data Protection Act (DPA) last year. A total of 187 incidents were recorded last year, with 173 firms investigated for a variety of DPA-related incidents, of which 29 per cent related to "security" and a similar 26 per cent related to …
John Leyden, 16 Apr 2015
Gavel

Three men indicted over JPMorgan Chase megahack

Three men have been indicted over the 2014 cyberheist of the largest US bank, JPMorgan Chase & Co. That attack involved the compromise of sensitive personal details of 76 million households and 7 million small businesses. Three men, two Israeli nationals Gery Sharon and Ziv Orensteini, as well as US national Joshua Samuel …
The European flag

New EU rules: Telco only SOMETIMES has to tell you it spaffed your data

New rules setting out the circumstances in which telecoms companies need to report personal data breaches, as well as the kind of information they need to share in those reports, have come into force. The EU's Regulation on the notification of personal data breaches (7-page/756KB PDF) applies to all providers of publicly …
OUT-LAW.COM, 02 Sep 2013
New York City's Manhattan skyline

New York side-eyes California's hack attack laws: I'll have what she's having

New York's attorney general is asking the state to set new rules requiring companies to confess when they've been hacked. The Big Apple's AG Eric Schneiderman said that he is going to ask the state to force organizations to disclose the loss of customer user names, passwords and security question answers as part of its …
Shaun Nichols, 15 Jan 2015
NHS Files on a desk

GP surgeries MUST DO BETTER on data handling, says ICO

A number of GP surgeries in England allowed their employees to have unrestricted internet access - thereby increasing the risk of data being leaked, hacked and targeted by viruses, Britain's information watchdog warned today. Officials from the Information Commissioner's Office visited 24 GP practices between April and …
Kelly Fiveash, 28 Jan 2014

New bill would require public companies to disclose cybersecurity credentials

A new bill introduced to Congress on Thursday would require US publicly listed companies to disclose who on their Board has cybersecurity expertise. If it passes, the Cybersecurity Disclosure Act of 2015 would oblige companies to add details of which, if any, of their directors know about online security in filing to the …
Kieren McCarthy, 18 Dec 2015