Articles about Data Breaches

Laurel and Hardy on the phone

Stupid humans and their EXPENSIVE DATA BREACHES

UK data breaches are increasingly being traced back to human error, despite the growing emphasis on data protection. A Freedom of Information (FOI) request to data privacy watchdogs at the Information Commissioner’s Office (ICO) revealed that a quarter of reported data breaches during the first three months of 2014 were caused …
John Leyden, 05 Dec 2014
Hacked sarcasm

Oz privacy comish says breaches could double this year

The office of Australia's Federal Privacy Commissioner has received 60 voluntary data breach notifications in the six months since 12 March compared to 71 received in the 2014 financial year. The statistics provide to Vulture South and repeated at the Australian Information Security Association conference include all manner of …
Darren Pauli, 20 Oct 2014

FTC gets judicial thumbs-up to SUE firms over data breaches

In a ruling this week, a US federal judge affirmed the Federal Trade Commission's authority to file lawsuits against companies for failing to take "reasonable and appropriate" data security measures, rejecting a claim that the agency lacks that power. District Judge Esther Salas of the US District Court of New Jersey denied …
Neil McAllister, 12 Apr 2014

Steelie Neelie eyeballs ENCRYPTION PLAN for telco data breaches

Telcos in Europe are being asked to consider encrypting their subscribers' personal information as Brussels confirmed new rules on Monday about the industry's obligation to notify customers about data breaches. The European Union's unelected digital czar, “Steelie” Neelie Kroes, said that if ISPs agreed to shield the data with …
Kelly Fiveash, 25 Jun 2013

STILL no move by Brit data cops over Google's 2012 privacy slurp

Britain's data cops are still investigating Google's sneaky privacy policy tweak from last year, even though many of its counterparts elsewhere in Europe have already taken action against the advertising giant. On Monday, Italy's regulator warned Google that it had 18 months to comply with the Rome's demands or else face fines …
Kelly Fiveash, 22 Jul 2014
Our Playmobil figure innocently tweeting away at his computer

My employer, comply with data protection law? Don't think so – say 3 in 4 office drones

Less than a quarter of staff at businesses in the UK, France and Germany think their organisation fully complies with data protection laws, according to a new study. Cyber security company Sophos commissioned a survey of 1,500 office workers in the three countries and found that 77 per cent of respondents were not confident that …
OUT-LAW.COM, 03 Oct 2014
gavel_judgment_channel

ICO: Private dicks broke data-protection rules when they blagged data

Two private investigators who tricked organisations into revealing personal details about customers have been found guilty of breaching the Data Protection Act. Barry Spencer, 41, and Adrian Stanton, 40, who ran ICU Investigations Ltd in Feltham, Middlesex, were convicted at Isleworth Crown Court of conspiring to unlawfully …
John Leyden, 21 Nov 2013
Data breach image

Look out: That data protection watchdog can bite

Despite all the furores, calamities and Snowden-related shenanigans of recent years, the UK’s privacy watchdog remains something of a pussycat, and a lean one at that. Granted powers in April 2010 to fine firms £500,000 for breaches of the various laws it covers, the Information Commissioner’s Office (ICO) has flexed its mini- …
Tom Brewster, 26 Nov 2014
Double Facepalm; when one facepalm is not enough.

Don't bother telling people if you lose their data, say Euro bods

Analysis Businesses should not need to notify consumers that their personal data has been lost or stolen if the data has been encrypted, EU ministers have said. Ministers in the Justice and Home Affairs Committee of the EU's Council of Ministers backed the plans as part of a wider partial agreement reached last week on reforms to EU data …
OUT-LAW.COM, 15 Oct 2014

Target topples CEO in latest data breach domino

The CEO of Target is the latest casualty of the big-box retailer's disastrous holiday data breach. The company said that chief exec Gregg Steinhafel would be leaving the company after 35 years,vacating both the CEO and president roles as well as his seat as chairman of the company's board of directors. Steinhafel had overseen …
Shaun Nichols, 05 May 2014

Most UK privacy cock-ups are 'careless' spaffing of personal data - watchdog

Most of the data breach incidents analysed by the Information Commissioner's Office (ICO) in a three-month period earlier this year concerned errors in the way personal information was disclosed, the watchdog has said. The ICO said that it had looked at 335 data breach incidents between 1 April and 30 June 2013 and found that in …
OUT-LAW.COM, 13 Aug 2013
The Register breaking news

US bill would make concealing data breaches a crime

US-based companies would be required to report data breaches that threaten consumer privacy and could face stiff penalties for concealing them under federal legislation that was introduced in the Senate on Tuesday. The Personal Data Privacy and Security Act aims to set national standards for protecting the growing amount of …
Dan Goodin, 08 Jun 2011
The Register breaking news

UK.gov coughed over £2 MEELLION in data breach fines in the past year

The total number of self-reported* data breaches in the UK increased from 730 between March 2011 and February 2012 to 1,150 in a similar period in the year up to early March 2013. The lion's share of the fines paid out originated from the public sector. A Freedom of Information (FOI) request to the Information Commissioner’s …
John Leyden, 25 Apr 2013
The Register breaking news

NHS Barnet reveals 187 breaches of personal data

A North London primary care trust has suffered the most personal data breaches among NHS trusts in the capital over the past three years, according to figures obtained by Guardian Healthcare. The figures showed that out of 30 trusts responding to a freedom of information (FoI) request, NHS Barnet owned up to over 20 per cent of …
The Register breaking news

Data breaches blamed on organised crime

Cybercrooks continue to be a menace to corporate security, with hackers and malware authors collectibly responsible for 85 per cent of all stolen data. The latest edition of Verizon's annual data breach report also records a rise in insider threats and greater use of social engineering. Verizon worked with the US Secret Service …
John Leyden, 29 Jul 2010
NHS Files on a desk

GP surgeries MUST DO BETTER on data handling, says ICO

A number of GP surgeries in England allowed their employees to have unrestricted internet access - thereby increasing the risk of data being leaked, hacked and targeted by viruses, Britain's information watchdog warned today. Officials from the Information Commissioner's Office visited 24 GP practices between April and November …
Kelly Fiveash, 28 Jan 2014
The European flag

New EU rules: Telco only SOMETIMES has to tell you it spaffed your data

New rules setting out the circumstances in which telecoms companies need to report personal data breaches, as well as the kind of information they need to share in those reports, have come into force. The EU's Regulation on the notification of personal data breaches (7-page/756KB PDF) applies to all providers of publicly …
OUT-LAW.COM, 02 Sep 2013
The Register breaking news

ICO 'too scared' to clobber press for data breaches

A senior investigator for the Information Commissioner's Office has told the Leveson inquiry he was warned off pursuing the press for data breaches by his bosses. Alexander Owen, also a former police officer, had been looking into possible breaches of the Data Protection Act by a south London private investigation agency when he …
The Register breaking news

Credit report resellers settle charges over data breaches

Three resellers of credit information have settled federal charges they didn't do enough to prevent security breaches that exposed sensitive consumer information to hackers. The companies – Washington state-based ACRAnet Inc. and SettlementOne Credit Corporation and Statewide Credit Services of California – have agreed to …
Dan Goodin, 08 Feb 2011
Ice cream

Ice cream headache as black hat hacks sack Dairy Queen

Ice cream mogul Dairy Queen appears to have been breached with hackers likely stealing credit cards from some of its many US stores. The chilling news comes from sources within the US banking sector who separately told cyber-crime prober Brian Krebs that fraudulent transactions on credit cards appeared to have stemmed from a …
Darren Pauli, 29 Aug 2014
The Register breaking news

UK data-blurt cockups soared 1,000 PER CENT over last five years

The number of times Brits' sensitive data has been lost or leaked in the UK has risen 1,000 per cent over the past five years. Councils recorded the biggest increase in breaches of data protection law, according to figures obtained by a Freedom of Information Act request. The stats from the Information Commissioner’s Office (ICO …
John Leyden, 30 Aug 2012
The Register breaking news

Got a data security policy? Chances are your IT bods don't know it

Advisory firm Forrester Research questioned 2,383 IT workers from five countries for a report called Understand The State Of Data Security And Privacy: 2012 To 2013, but only 56 per cent of those surveyed in North America and Europe said that they were aware of their employers' current data security policies, according to a …
OUT-LAW.COM, 27 Sep 2012
The Register breaking news

Hotelier faces FTC data breach lawsuit

“Repeated failures” to protect customer data have led the FTC to file a data breach lawsuit against hotel operator Wyndham Worldwide, whose brands include Ramada Days Inn, Travelodge, Super 8 and Howard Johnson. According to Reuters, the US regulator alleges that Wyndham’s slack security “led to hundreds of thousands of …
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013
balaclava_thief_burglar

Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt

Facebook's security bods routinely trawl public "paste" sites for email addresses and passwords stolen from its users, as part of an effort to outfox wrongdoers trying to hack into personal data on the free content ad network. However, the Mark Zuckerberg-run company was at pains to point out that the data-slurping battle with …
Kelly Fiveash, 18 Oct 2014
bug on keyboard

Cyber hostage-takers SCAMMED six times as many people last year

Malware-powered frauds that lock up victims' computers - or worse yet, encrypt files and force them to pay a fee to unlock their information - increased by 500 per cent during 2013, according to a study by Symantec. Symantec's latest global Internet Security Threat Report also revealed that targeted attack campaigns for the …
John Leyden, 09 Apr 2014

Can't stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain

Third-party providers will face more stringent regulations as part of a revamp in payment card industry regulations due to go into full effect in the new year. The new Payment Card Industry Data Security Standard 3.0 (PCI 3.0) will be mandatory for all businesses that store, process or transmit payment card information beginning …
John Leyden, 17 Dec 2014
Hacked sarcasm

Biz coughs up even less for security, despite mega breach losses

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC. Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of …
John Leyden, 01 Oct 2014
Dunce

Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws

The whopping 70 per cent of retail and 69 perc ent of financial services apps are vulnerable to data breaches. That's according to an analysis of 705 million lines of code as used by 1,316 enterprise applications carried out by software analysis and measurement firm CAST. The firm reckons a growing number of data breaches and …
John Leyden, 27 Aug 2014

ICO on beefed-up EU privacy rules: Biz bods will need 'explicit consent' to slurp data

Businesses can help ease the transition towards complying with new EU data protection rules by taking a number of steps now, the Information Commissioner's Office (ICO) has said. In an ICO blog, Deputy Information Commissioner David Smith said businesses can begin by reviewing their procedures for obtaining consent to the …
OUT-LAW.COM, 04 Nov 2013
The Register breaking news

Health minister asks elderly patients what they think of data-sharing

The NHS turned 65 today, which has led to some quarters drawing an unfavourable analogy between the health service and a patient who has just reached retirement age. It may be an irritating bit of anthropomorphism to describe the taxpayer-funded body as a living, breathing thing, but it doesn't stop ministers from questioning …
Kelly Fiveash, 05 Jul 2013
The Register breaking news

Slapdash staff blamed for third of UK's data leak balls-ups

Careless workers and sloppy contractors caused more than a third of biz data breaches last year, proving that crap staff pose the biggest risk to organisations. An annual study of data cock-ups found that the average cost of a breach in the UK decreased from £1.9 million in 2010 to £1.75 million in 2011. Improved security to …
John Leyden, 21 Mar 2012
The Register breaking news

ICO hits the road to crack 'underlying problem' at data-leak councils

The Information Commissioner's Office (ICO) will meet representatives from local authorities to address what it has called an "underlying problem" with the bodies' approach to data protection. The ICO made the announcement after it reported that it had served civil monetary penalty notices to four separate local authorities in …
OUT-LAW.COM, 19 Dec 2012
Breach

Australian E-Health records breached twice in the last year

Australia's Office of the Information Commissioner (OAIC) has released its Annual report of the Information Commissioner’s activities in relation to eHealth 2013–14, complete with a report on two data breaches in the systems used to store personally controlled electronic health records (PCEHRs). The first was notified in …
Simon Sharwood, 29 Oct 2014
Files

UK.gov teams up with moneymen on HACK ATTACK INSURANCE

+Comment The UK government last week partnered with 12 insurance companies to develop the "cyber-insurance" market. But experts are split on whether encouraging the development of the nascent market will result in the adoption of improved security practices. Cabinet Office Minister Francis Maude said that while cyber insurance adds an …
John Leyden, 13 Nov 2014
Disney's Beagle Boys

JPMorgan Chase: 76 MILLION homes, 7 MILLION small biz thumped in cyber-heist

Mega-bank JPMorgan Chase has admitted to suffering a major data breach that has been rumored since August, saying that as many as 76 million households and 7 million small businesses have been affected. The bank, which has never discussed the breach publicly before, made the disclosure in a filing with the US Securities and …
Neil McAllister, 02 Oct 2014

Quarter of a million quid fine for data-wipe gaffe? ICO told: Nae, laddie

The UK's data protection watchdog was not justified in serving a monetary penalty on a Scottish council over an allegedly flawed outsourcing arrangement it had with a data disposal contractor, an Information Rights Tribunal has ruled. Scottish Borders Council was issued with a £250,000 fine by the Information Commissioner's …
OUT-LAW.COM, 28 Aug 2013
Eiffel Tower Shenzhen at night

New password system lets planet Earth do the hard work

Log-in credentials derived from geographical information could reduce the majority of data breaches by providing an almost uncrackable replacement for conventional passwords, according to security researchers. ZSS-Research of Ras Al Khaimah in the UAE has developed a system which requires users to choose a favourite place …

Keen to get CRITICAL PAYMENT systems up QUICKLY after HACK?

Restoring payment systems after disruptive cyber attacks could involve compromising analysis of incidents, says report A new report on cyber resilience in financial market infrastructures has highlighted potential conflicts between legal obligations on the reporting of cyber security or data breaches and the need to restore …
OUT-LAW.COM, 18 Nov 2014
NFC applications

Payment security bods: Nice pay-by-bonk (hint: NO ONE uses it) on iPhone 6, Apple

Apple's confirmation that the iPhone 6 will enable contactless payments via NFC has received a broadly positive reaction from security firms and payment-processing vendors. Apple said it wouldn't access any payment data, so the transaction would take place between a user, bank and retailer. ‪This privacy, along with ease of use …
John Leyden, 10 Sep 2014
The Register breaking news

Hacktivists nicked more data than CYBER-CROOKS in 2011

Hacktivism had a massive effect on the overall data breach scene last year. More than half (58 per cent) of data stolen last year can be attributed to hacktivism – hacking to advance political and social objectives – according to the latest edition of the Data Breach Investigations report from Verizon.  The figures contrast …
John Leyden, 22 Mar 2012

Stunned by Shellshock Bash bug? Patch all you can – or be punished

Updated The UK's privacy watchdog is urging organisations to protect their systems against the infamous Shellshock vulnerability in Bash – even though the full scope of the security bug remains unclear. The Shellshock flaw affects Bash up to and including version 4.3. It's a vital component of many Linux and Unix systems, as well as …
John Leyden, 26 Sep 2014
The Register breaking news

NHS trust loses personal data of 600 maternity patients, kids

South London healthcare trust has admitted to losing two unencrypted memory sticks containing sensitive personal data about patients. The data breaches occurred in separate incidents. In the first breach, the device contained data relating to around 600 maternity patients, according to an undertaking signed by the trust with the …

BIGGEST THREAT to Europe’s cybersecurity? Hint: not hackers

Forget cyber-espionage, cyber-warfare and cyber-terrorism. The biggest threat to Europe’s infrastructure cybersecurity are power outages and poor communication. On Thursday, ENISA (European Network and Information Security Agency) held its biggest ever cybersecurity exercise involving more than 200 organisations and 400 cyber- …
The Register breaking news

Websites should notify European users about privacy breaches

Europe-wide laws which require telecommunications companies to notify users if their data is at risk should be extended, the European justice commissioner has said. Privacy rules created under the EU's Electronic Communications Framework should be extended to cover online banking, video games, shopping and social media, Viviane …
OUT-LAW.COM, 06 May 2011
The Register breaking news

Regulator gets power to fine for data breaches

The Information Commissioner's Office now has the power to fine organisations which deliberately or recklessly commit serious breaches of the Data Protection Act. The Criminal Justice and Immigration Act got Royal Assent today. Sadly the law is not retroactive, so the long list of government departments which have lost or …
John Oates, 09 May 2008

Despite your fancy-schmancy security tech, passwords still weakest link in IT defences

The use of stolen login credentials continues to be the most common way for network intruders to access sensitive information. Two out of three breaches were the result of weak or swiped passwords, making a case for strong two-factor authentication, according to Verizon’s latest annual Data Breach Investigations Report. The …
John Leyden, 22 Apr 2014
Concert tickets Creative Commons licence by flickr user NZ Hamstar http://www.flickr.com/photos/16982169@N03/

Six charged over StubHub e-ticket heist for Elton John gigs

Six suspected cybercriminals have been indicted over their alleged involvement in a hack attack on eBay-owned ticketing website StubHub. Thieves got into more than 1,600 of StubHub customers' accounts and used their credit card details to fraudulently buy tickets for events through the online ticket reseller. The scam - reckoned …
John Leyden, 24 Jul 2014
Night scene of bank station in central london

Bank of England seeks 'HACKERS' to defend vaults against e-thieves

The Bank of England is planning to hire ethical hackers to conduct penetration tests on 20 "major" banks and other financial institutions, it has been reported. The move appears to be a response to lessons learned during the Waking Shark II security response exercise last November. The exercise put merchant banks and other …
John Leyden, 24 Apr 2014

Data breaches easily prevented - report

The vast majority of information security breaches might have easily been prevented, a study has concluded. An analysis of 500 forensic investigations, collectively involving 230 million compromised customer records, by Verizon Business also found that three in four (73 per cent) of the breaches stemmed from external attacks, …
John Leyden, 12 Jun 2008