Feeds

Articles about Data Breaches

FTC gets judicial thumbs-up to SUE firms over data breaches

In a ruling this week, a US federal judge affirmed the Federal Trade Commission's authority to file lawsuits against companies for failing to take "reasonable and appropriate" data security measures, rejecting a claim that the agency lacks that power. District Judge Esther Salas of the US District Court of New Jersey denied …
Neil McAllister, 12 Apr 2014

Steelie Neelie eyeballs ENCRYPTION PLAN for telco data breaches

Telcos in Europe are being asked to consider encrypting their subscribers' personal information as Brussels confirmed new rules on Monday about the industry's obligation to notify customers about data breaches. The European Union's unelected digital czar, “Steelie” Neelie Kroes, said that if ISPs agreed to shield the data with …
Kelly Fiveash, 25 Jun 2013

STILL no move by Brit data cops over Google's 2012 privacy slurp

Britain's data cops are still investigating Google's sneaky privacy policy tweak from last year, even though many of its counterparts elsewhere in Europe have already taken action against the advertising giant. On Monday, Italy's regulator warned Google that it had 18 months to comply with the Rome's demands or else face fines …
Kelly Fiveash, 22 Jul 2014
gavel_judgment_channel

ICO: Private dicks broke data-protection rules when they blagged data

Two private investigators who tricked organisations into revealing personal details about customers have been found guilty of breaching the Data Protection Act. Barry Spencer, 41, and Adrian Stanton, 40, who ran ICU Investigations Ltd in Feltham, Middlesex, were convicted at Isleworth Crown Court of conspiring to unlawfully …
John Leyden, 21 Nov 2013

Target topples CEO in latest data breach domino

The CEO of Target is the latest casualty of the big-box retailer's disastrous holiday data breach. The company said that chief exec Gregg Steinhafel would be leaving the company after 35 years,vacating both the CEO and president roles as well as his seat as chairman of the company's board of directors. Steinhafel had overseen …
Shaun Nichols, 05 May 2014

Most UK privacy cock-ups are 'careless' spaffing of personal data - watchdog

Most of the data breach incidents analysed by the Information Commissioner's Office (ICO) in a three-month period earlier this year concerned errors in the way personal information was disclosed, the watchdog has said. The ICO said that it had looked at 335 data breach incidents between 1 April and 30 June 2013 and found that in …
OUT-LAW.COM, 13 Aug 2013
The Register breaking news

UK.gov coughed over £2 MEELLION in data breach fines in the past year

The total number of self-reported* data breaches in the UK increased from 730 between March 2011 and February 2012 to 1,150 in a similar period in the year up to early March 2013. The lion's share of the fines paid out originated from the public sector. A Freedom of Information (FOI) request to the Information Commissioner’s …
John Leyden, 25 Apr 2013
The Register breaking news

US bill would make concealing data breaches a crime

US-based companies would be required to report data breaches that threaten consumer privacy and could face stiff penalties for concealing them under federal legislation that was introduced in the Senate on Tuesday. The Personal Data Privacy and Security Act aims to set national standards for protecting the growing amount of …
Dan Goodin, 08 Jun 2011
NHS Files on a desk

GP surgeries MUST DO BETTER on data handling, says ICO

A number of GP surgeries in England allowed their employees to have unrestricted internet access - thereby increasing the risk of data being leaked, hacked and targeted by viruses, Britain's information watchdog warned today. Officials from the Information Commissioner's Office visited 24 GP practices between April and November …
Kelly Fiveash, 28 Jan 2014
The European flag

New EU rules: Telco only SOMETIMES has to tell you it spaffed your data

New rules setting out the circumstances in which telecoms companies need to report personal data breaches, as well as the kind of information they need to share in those reports, have come into force. The EU's Regulation on the notification of personal data breaches (7-page/756KB PDF) applies to all providers of publicly …
OUT-LAW.COM, 02 Sep 2013
The Register breaking news

NHS Barnet reveals 187 breaches of personal data

A North London primary care trust has suffered the most personal data breaches among NHS trusts in the capital over the past three years, according to figures obtained by Guardian Healthcare. The figures showed that out of 30 trusts responding to a freedom of information (FoI) request, NHS Barnet owned up to over 20 per cent of …
The Register breaking news

Data breaches blamed on organised crime

Cybercrooks continue to be a menace to corporate security, with hackers and malware authors collectibly responsible for 85 per cent of all stolen data. The latest edition of Verizon's annual data breach report also records a rise in insider threats and greater use of social engineering. Verizon worked with the US Secret Service …
John Leyden, 29 Jul 2010
The Register breaking news

ICO 'too scared' to clobber press for data breaches

A senior investigator for the Information Commissioner's Office has told the Leveson inquiry he was warned off pursuing the press for data breaches by his bosses. Alexander Owen, also a former police officer, had been looking into possible breaches of the Data Protection Act by a south London private investigation agency when he …
The Register breaking news

Credit report resellers settle charges over data breaches

Three resellers of credit information have settled federal charges they didn't do enough to prevent security breaches that exposed sensitive consumer information to hackers. The companies – Washington state-based ACRAnet Inc. and SettlementOne Credit Corporation and Statewide Credit Services of California – have agreed to …
Dan Goodin, 08 Feb 2011
The Register breaking news

UK data-blurt cockups soared 1,000 PER CENT over last five years

The number of times Brits' sensitive data has been lost or leaked in the UK has risen 1,000 per cent over the past five years. Councils recorded the biggest increase in breaches of data protection law, according to figures obtained by a Freedom of Information Act request. The stats from the Information Commissioner’s Office (ICO …
John Leyden, 30 Aug 2012
The Register breaking news

Got a data security policy? Chances are your IT bods don't know it

Advisory firm Forrester Research questioned 2,383 IT workers from five countries for a report called Understand The State Of Data Security And Privacy: 2012 To 2013, but only 56 per cent of those surveyed in North America and Europe said that they were aware of their employers' current data security policies, according to a …
OUT-LAW.COM, 27 Sep 2012
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013
The Register breaking news

Hotelier faces FTC data breach lawsuit

“Repeated failures” to protect customer data have led the FTC to file a data breach lawsuit against hotel operator Wyndham Worldwide, whose brands include Ramada Days Inn, Travelodge, Super 8 and Howard Johnson. According to Reuters, the US regulator alleges that Wyndham’s slack security “led to hundreds of thousands of …
bug on keyboard

Cyber hostage-takers SCAMMED six times as many people last year

Malware-powered frauds that lock up victims' computers - or worse yet, encrypt files and force them to pay a fee to unlock their information - increased by 500 per cent during 2013, according to a study by Symantec. Symantec's latest global Internet Security Threat Report also revealed that targeted attack campaigns for the …
John Leyden, 09 Apr 2014
Dunce

Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws

The whopping 70 per cent of retail and 69 perc ent of financial services apps are vulnerable to data breaches. That's according to an analysis of 705 million lines of code as used by 1,316 enterprise applications carried out by software analysis and measurement firm CAST. The firm reckons a growing number of data breaches and …
John Leyden, 27 Aug 2014

ICO on beefed-up EU privacy rules: Biz bods will need 'explicit consent' to slurp data

Businesses can help ease the transition towards complying with new EU data protection rules by taking a number of steps now, the Information Commissioner's Office (ICO) has said. In an ICO blog, Deputy Information Commissioner David Smith said businesses can begin by reviewing their procedures for obtaining consent to the …
OUT-LAW.COM, 04 Nov 2013
The Register breaking news

Health minister asks elderly patients what they think of data-sharing

The NHS turned 65 today, which has led to some quarters drawing an unfavourable analogy between the health service and a patient who has just reached retirement age. It may be an irritating bit of anthropomorphism to describe the taxpayer-funded body as a living, breathing thing, but it doesn't stop ministers from questioning …
Kelly Fiveash, 05 Jul 2013
The Register breaking news

ICO hits the road to crack 'underlying problem' at data-leak councils

The Information Commissioner's Office (ICO) will meet representatives from local authorities to address what it has called an "underlying problem" with the bodies' approach to data protection. The ICO made the announcement after it reported that it had served civil monetary penalty notices to four separate local authorities in …
OUT-LAW.COM, 19 Dec 2012
The Register breaking news

Slapdash staff blamed for third of UK's data leak balls-ups

Careless workers and sloppy contractors caused more than a third of biz data breaches last year, proving that crap staff pose the biggest risk to organisations. An annual study of data cock-ups found that the average cost of a breach in the UK decreased from £1.9 million in 2010 to £1.75 million in 2011. Improved security to …
John Leyden, 21 Mar 2012

Quarter of a million quid fine for data-wipe gaffe? ICO told: Nae, laddie

The UK's data protection watchdog was not justified in serving a monetary penalty on a Scottish council over an allegedly flawed outsourcing arrangement it had with a data disposal contractor, an Information Rights Tribunal has ruled. Scottish Borders Council was issued with a £250,000 fine by the Information Commissioner's …
OUT-LAW.COM, 28 Aug 2013
Eiffel Tower Shenzhen at night

New password system lets planet Earth do the hard work

Log-in credentials derived from geographical information could reduce the majority of data breaches by providing an almost uncrackable replacement for conventional passwords, according to security researchers. ZSS-Research of Ras Al Khaimah in the UAE has developed a system which requires users to choose a favourite place …
Concert tickets Creative Commons licence by flickr user NZ Hamstar http://www.flickr.com/photos/16982169@N03/

Six charged over StubHub e-ticket heist for Elton John gigs

Six suspected cybercriminals have been indicted over their alleged involvement in a hack attack on eBay-owned ticketing website StubHub. Thieves got into more than 1,600 of StubHub customers' accounts and used their credit card details to fraudulently buy tickets for events through the online ticket reseller. The scam - reckoned …
John Leyden, 24 Jul 2014

Despite your fancy-schmancy security tech, passwords still weakest link in IT defences

The use of stolen login credentials continues to be the most common way for network intruders to access sensitive information. Two out of three breaches were the result of weak or swiped passwords, making a case for strong two-factor authentication, according to Verizon’s latest annual Data Breach Investigations Report. The …
John Leyden, 22 Apr 2014
The Register breaking news

Hacktivists nicked more data than CYBER-CROOKS in 2011

Hacktivism had a massive effect on the overall data breach scene last year. More than half (58 per cent) of data stolen last year can be attributed to hacktivism – hacking to advance political and social objectives – according to the latest edition of the Data Breach Investigations report from Verizon.  The figures contrast …
John Leyden, 22 Mar 2012
The Register breaking news

NHS trust loses personal data of 600 maternity patients, kids

South London healthcare trust has admitted to losing two unencrypted memory sticks containing sensitive personal data about patients. The data breaches occurred in separate incidents. In the first breach, the device contained data relating to around 600 maternity patients, according to an undertaking signed by the trust with the …
Night scene of bank station in central london

Bank of England seeks 'HACKERS' to defend vaults against e-thieves

The Bank of England is planning to hire ethical hackers to conduct penetration tests on 20 "major" banks and other financial institutions, it has been reported. The move appears to be a response to lessons learned during the Waking Shark II security response exercise last November. The exercise put merchant banks and other …
John Leyden, 24 Apr 2014
The Register breaking news

Websites should notify European users about privacy breaches

Europe-wide laws which require telecommunications companies to notify users if their data is at risk should be extended, the European justice commissioner has said. Privacy rules created under the EU's Electronic Communications Framework should be extended to cover online banking, video games, shopping and social media, Viviane …
OUT-LAW.COM, 06 May 2011
The Register breaking news

Regulator gets power to fine for data breaches

The Information Commissioner's Office now has the power to fine organisations which deliberately or recklessly commit serious breaches of the Data Protection Act. The Criminal Justice and Immigration Act got Royal Assent today. Sadly the law is not retroactive, so the long list of government departments which have lost or …
John Oates, 09 May 2008

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013
The Register breaking news

ICO: How 'sensitive' is personal data? Depends what it's used for...

The sensitivity of personal information should be determined by the reasons behind why the information is to be processed, the UK's data protection watchdog has said. The Information Commissioner's Office (ICO) outlined its view in a new paper in which it analysed the European Commission's proposed new EU Data Protection …
OUT-LAW.COM, 15 Feb 2013

Australia iOS ransom gizmo-snatch OUTRAGE not our FAULT: Apple

Apple has denied that a breach of its iCloud service is the reason for an outbreak of ransomware infecting Australian iThing users. Australian Apple owners yesterday complained that their beloved hardware iStuff had been remotely locked by a chap identifying himself as Oleg Pliss and demanding a PayPal transfer of $AUD50 to …
Simon Sharwood, 28 May 2014
The Register breaking news

Biz barons jumpy over EU draft data protection reforms

An MEP's suggested reforms to EU data protection laws, which are to be put to a vote before the European Parliament, would damage the interests of businesses, an alliance of business groups has said. In a statement, the Industry Coalition for Data Protection (ICDP) criticised the draft report that Jan-Phillip Albrecht published …
OUT-LAW.COM, 14 Jan 2013
The Register breaking news

System failure blamed for increasing data breach costs

System failure has replaced negligence as the single biggest source of data breaches involving UK firms, the cost of which rose for the third successive year. The average data breach cost UK organisations £1.9 million or £71 per record, an increase of 13 per cent from the year before, according to a Symantec-sponsored survey. …
John Leyden, 21 Mar 2011
PayPass

Survey: Just 1 in 3 Euro biz slackers meets card security standards

European businesses are lagging far behind the rest of the world in compliance with global payment card industry security standards, according to a new survey. Just under one-third (31 per cent) of surveyed European businesses met 80 per cent or more of the PCI Data Security Standard (DSS) requirements, compared with 75 per cent …
John Leyden, 11 Feb 2014

Data breaches easily prevented - report

The vast majority of information security breaches might have easily been prevented, a study has concluded. An analysis of 500 forensic investigations, collectively involving 230 million compromised customer records, by Verizon Business also found that three in four (73 per cent) of the breaches stemmed from external attacks, …
John Leyden, 12 Jun 2008
The Register breaking news

ICO targets lost laptop breaches under tougher fine regime

The deputy commissioner of the Information Commissioner's Office said that it is no longer a "toothless tiger" and has the resources and resolve to apply enhanced powers to data protection miscreants. David Smith said increased fines of £500K, introduced in April, for the worse case of privacy breaches would "concentrate minds …
John Leyden, 27 Apr 2010

Anonymous plans hacktivism against World Cup sponsors

Ragtag hacktivist collective Anonymous is threatening World Cup sponsors as its next hacking target. Hacker Che Commodore made the threat in solidarity with real-world protestors in Brazil who are enraged that funds are being funnelled into building white elephant stadiums for football's showpiece event rather than much needed …
John Leyden, 09 Jun 2014
French cartoon, 1790: devil disguised as man walking tightrope

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for " …
OUT-LAW.COM, 11 Jan 2013
The Register breaking news

Steelie Neelie: 'Help us form Brussels data breach policy'

The European Commission is asking for feedback on practical rules to ensure that anyone in Europe who has their private data breached will be told. New rules across Europe mean that telcos are meant to tell you if they lose your data. But what is needed now is feedback on how the rules are working and how, in practical terms, …
John Oates, 14 Jul 2011
The Register breaking news

Verizon: 96 PER CENT of state-backed cyber-spying traced to China

Spooks carrying out state-sponsored cyber-espionage were responsible for one in five data breaches last year, researchers have claimed. New statistics contained in Verizon’s Data Breach Investigation Report 2012 found that 19 per cent of all attacks were carried out by agents acting on behalf of their government. Researchers …
Jasper Hamill, 23 Apr 2013
The Register breaking news

Want to avoid all private-data breaches, ever? Here's how

As information and privacy commissioner of Ontario, Ann Cavoukian's jurisdiction is limited to the Canadian province. But that doesn't mean the effects of her post don't extend into territories across the globe. “What I always say is privacy transcends jurisdiction,” she says. “It knows no boundaries. So if I'm going to protect …
Dan Goodin, 03 Nov 2011
DNA

Sony pumps cash into gene-wrangling joint venture

PlayStation purveyor Sony wants to be remembered for more than overpriced electronics and massive data breaches, having just launched a joint venture in the field of genome research. The electronics giant has teamed up with medical firm M3, in which Sony is already the majority investor, and US biz Illumina, which makes genome- …
Phil Muncaster, 24 Jan 2014
The Register breaking news

Brussels to banks: Prepare for tougher data breach rules

European Commissioner Viviane Reding has warned banks that they will be required to notify customers about data security breaches. A new bill which is expected to arrive in the autumn will be "very solid on rules", the Brussels Justice Minister and vice president of the European Commission told The Register yesterday. Earlier …
Kelly Fiveash, 21 Jun 2011
The Register breaking news

New EU rules force telcos to 'fess up for data breaches

The European Council has approved a data breach notification rule for Europe's telecoms firms. The amendment to an EU Directive will force telcos to tell customers if they lose their data. The European Parliament and Commission have already approved the amendments, which will become law after it has been published in the EU's …
OUT-LAW.COM, 04 Nov 2009
Register Roundtable at the Soho hotel

Why do Reg readers deserve the big bucks? Here's why...

The Register recently gathered together some of the great and good in an attempt to work out what is going on in corporate IT. Here's what happened next... In the aptly named Sandra Blow Room of London's Soho Hotel, my role was to provoke conversation on the subject of IT governance and the structures by which large scale IT is …
Dominic Connor, 07 Aug 2014