Feeds

Articles about Data Security

US government green-lights data swapping for security firms

Security firms looking to share research data with their peers need not fear the US Federal Trade Commission or Department of Justice any more. The FTC and DOJ issued a joint policy statement on Thursday assuring the security community that they will not pursue antitrust cases against companies that share their security …
Shaun Nichols, 10 Apr 2014

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013
The Register breaking news

RSA adds Big Data analytics to security service suite

In just under a month, security folks are coming to San Francisco for the annual RSA show, and if Wednesday's announcement from the company is to go by, one of the major themes at conference will be Big Data. At a press conference at its Massachusetts headquarters, RSA unveiled its Security Analytics appliance that's designed to …
Iain Thomson, 31 Jan 2013
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013

IBM claims first with Hadoop data security suite

IBM is launching what it claims is the first data security system for Hadoop, as part of its biggest product rollout of security software and services yet seen from the company. Big Blue's not the highest profile security firm, but it has been buying in a lot of talent over the last three years and last year grouped staff and …
Iain Thomson, 18 Oct 2012

FTC gets judicial thumbs-up to SUE firms over data breaches

In a ruling this week, a US federal judge affirmed the Federal Trade Commission's authority to file lawsuits against companies for failing to take "reasonable and appropriate" data security measures, rejecting a claim that the agency lacks that power. District Judge Esther Salas of the US District Court of New Jersey denied …
Neil McAllister, 12 Apr 2014
The Register breaking news

Retailer challenges Visa penalty fees in data security dust-up

In a payment industry first, a sporting-goods retailer has filed a multimillion-dollar lawsuit against Visa, arguing that the penalties the credit card company charges its members for data security breaches are unfair. As reported by Wired, retailer Genesco alleges that Visa seized some $13m in funds from its merchant bank …
Neil McAllister, 12 Mar 2013

Korean credit card bosses offer to RESIGN over huge data breach

An IT contractor has been arrested over the theft of credit card and personal details of 20 million South Koreans. Investigators allege an IT worker at the Korea Credit Bureau copied names, social security numbers and credit card details of millions onto a USB stick before flogging them to a marketing firm. He has been charged …
John Leyden, 22 Jan 2014
PayPass

Survey: Just 1 in 3 Euro biz slackers meets card security standards

European businesses are lagging far behind the rest of the world in compliance with global payment card industry security standards, according to a new survey. Just under one-third (31 per cent) of surveyed European businesses met 80 per cent or more of the PCI Data Security Standard (DSS) requirements, compared with 75 per cent …
John Leyden, 11 Feb 2014

Building big data? Are you building a security headache too?

The world and its dog has been shocked by the Prism news story. Early in June, we found out that the US National Security Agency (NSA) had developed a secret data-gathering mechanism to steal all our data and store it in a large data warehouse. We are outraged that it is being mined, searched and otherwise prodded. But do we …
Danny Bradbury, 19 Aug 2013
The Register breaking news

Press exposure of Federal data security hole leads to legal threats

An investigation into a security slip that left the identity information for over 170,000 users of a US federal government program publicly available online has led to accusations of hacking and legal threats. The Scripps News investigative team spent the last month studying companies running Lifeline, a federal program to …
Iain Thomson, 22 May 2013
The Register breaking news

Got a data security policy? Chances are your IT bods don't know it

Advisory firm Forrester Research questioned 2,383 IT workers from five countries for a report called Understand The State Of Data Security And Privacy: 2012 To 2013, but only 56 per cent of those surveyed in North America and Europe said that they were aware of their employers' current data security policies, according to a …
OUT-LAW.COM, 27 Sep 2012

EU Justice Department stalls India's security clearance

India’s outsourcing giants are likely to face more delays in their frustrated bid to tap a potential IT services market worth $30 billion, after a report emerged suggesting the EU still has big data security concerns with the country. The EU and India have been trying to finalise their Broad-based Trade and Investment Agreement …
Phil Muncaster, 19 Jun 2013
grab_that_cash

Review of UK data protection: Should fines go OVER HALF A MIL?

The UK government should consider raising the level of fines that the Information Commissioner's Office (ICO) can impose on organisations that breach the Data Protection Act (DPA), an expert has said. Data protection law specialist Kathryn Wynn of Pinsent Masons, the law firm behind Out-Law.com, said that a previous increase in …
OUT-LAW.COM, 06 Mar 2014
French cartoon, 1790: devil disguised as man walking tightrope

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for " …
OUT-LAW.COM, 11 Jan 2013
Cloudy sky

Bah! No NSA-proof Euro cloud gang. Cloud computing standards will 'aid data portability'

New cloud computing standards to be developed within the EU should facilitate users' ability to transfer data and services between cloud providers, MEPs have said.17 Dec 2013 Cloud computing TMT & Sourcing Outsourcing TMT Advanced Manufacturing & Technology Services The European Parliament has backed a new resolution on cloud …
OUT-LAW.COM, 19 Dec 2013

Hey banks: Use Win XP after deadline? You'll PAY if card data's snaffled

Banks that use the Windows XP operating system will face a risk to their compliance with payment card data security rules if they continue to operate the software after Microsoft withdraws its extended support services, a US regulatory body has warned. Microsoft confirmed in 2010 that it would end "extended support" for Windows …
OUT-LAW.COM, 14 Oct 2013

Horrific moment curvy mum-of-none Mail Online spills everyone's data

Middle England will be shocked to discover that the Daily Mail's website, the world's most read online newspaper, has only gone and admitted to a shameful data security cock-up. The publication - which is known for displaying loads of pictures of tits and ass online normally alongside an equal amount of outrage about tits and …
Kelly Fiveash, 06 Aug 2013
European Union Flag

Hey channel: EU data laws are coming, get YOUR arse in gear

Have you heard of the EU’s new General Data Protection Regulation? A fair few in the channel might have caught something about it but not given it much thought. After all, it’s still years away, it’s happening in some dusty old room in Brussels and it is, quite frankly, pretty dull. But the truth is this new framework - which …
Tim Ayling, 28 Jun 2013

Quarter of a million quid fine for data-wipe gaffe? ICO told: Nae, laddie

The UK's data protection watchdog was not justified in serving a monetary penalty on a Scottish council over an allegedly flawed outsourcing arrangement it had with a data disposal contractor, an Information Rights Tribunal has ruled. Scottish Borders Council was issued with a £250,000 fine by the Information Commissioner's …
OUT-LAW.COM, 28 Aug 2013
The Register breaking news

Experts: Network security deteriorating, privacy a lost cause

Internet and network security is bad, and it's going to get worse before it gets better. To make it better, CIOs and IT admins need to rethink the way that they approach protecting their networks from hackers and other miscreants. "We've got North Korea with ICBMs and we've got Iran developing an atomic bomb, but that's not our …
Rik Myslewski, 24 May 2013
The Register breaking news

Scots council cops £100K fine for spaffing vulnerable kids' data ONLINE

UK data privacy watchdogs have fined Aberdeen City Council £100,000 after a council employee published vulnerable children's details online. The sensitive social services information was released after a council worker accessed documents, including meeting minutes and detailed reports, from her home computer. A file-transfer …
John Leyden, 02 Sep 2013
The Register breaking news

UK.gov coughed over £2 MEELLION in data breach fines in the past year

The total number of self-reported* data breaches in the UK increased from 730 between March 2011 and February 2012 to 1,150 in a similar period in the year up to early March 2013. The lion's share of the fines paid out originated from the public sector. A Freedom of Information (FOI) request to the Information Commissioner’s …
John Leyden, 25 Apr 2013

Psst. Want to stop the data drip of leaky clouds but don't know how? Look here

Edward Snowden’s revelations about the activities of the various Western security organisations have not come as a real surprise. Yet they were a wake-up call to how the landscape of our own personal data security has changed. Multiple devices and increased mobility have meant that we have looked for ways to ensure that we have …
StorageBod, 05 Aug 2013
The Register breaking news

Manchester plods cop £120k fine for USB-stick-inna-wallet data gaffe

The Greater Manchester Police Force have paid a £120,000 fine after losing the details of more than a thousand people under investigation for serious drugs crime. The personal details were kept on an unencrypted memory stick with no password protection, belonging to an officer with the Serious Crime Division team. Kept in the …
Anna Leach, 16 Oct 2012
Smartphone user on Tube

Don’t let mobile malware steal your company data

The mobile malware landscape is changing. Standardisation might be a good thing for building ecosystems and making phones more useful, but the emergence of Android and iOS as leaders in the operating-system wars makes life easier for those who would target the data on your corporate devices. It also means there is more to steal …
Simon Rockman, 16 Oct 2013
Cloudphysics Index

We haul big-data-sifter CloudPhysics to the testlab slab

Regardless of everything else going on in the life of a system administrator, the one thing we lack most is time. So what if there were a single solution to give us all the information we could ever need about our virtual infrastructure in one place? Founded with the belief that in the future all virtual infrastucture will be …
Aaron Milne, 03 Dec 2013
The Register breaking news

UK.gov STILL wants to tout pupil data - don't use the word 'product'

At the end of 2012, Education Secretary Michael Gove told Parliament that he wanted "to share extracts of data held in the National Pupil Database for a wider range of purposes than possible in order to maximise the value of this rich dataset". Ultimately, the government wants the private sector to tout "tools and services which …
Kelly Fiveash, 20 May 2013
The Register breaking news

Crap security lands Sony £250k fine for PlayStation Network hack

Sony has been fined £250,000 ($395k) for allowing million of UK gamers’ details to be spilled online by PlayStation Network hackers. The UK's Information Commissioner’s Office (ICO) levied the heavy fine against Sony Computer Entertainment Europe for a serious breach of the Data Protection Act. Personal information of millions …
John Leyden, 24 Jan 2013

RSA boss demands revamp of outdated privacy, security regs

Corporate security policies that simply adopt regulations and obsess over privacy are stuck in the last century, according to senior execs at security biz RSA. Tom Heiser, president of the EMC-owned outfit, told delegates to the RSA Europe conference that efforts to comply with red tape and standards is fruitless as the rules …
John Leyden, 10 Oct 2012
The Register breaking news

The Man Who Stole Greece: Cuffed chap had data on most of country

Greek police have cuffed a suspect who allegedly stole personal data of three-quarters of the country's population as part of an attempted industrial-scale ID theft scam. The unnamed 35-year-old computer programmer is suspected of attempting to flog nine million records containing ID card data, addresses, tax identification …
John Leyden, 21 Nov 2012
Source: Simply Smile Photography by Georgia Stephenson

Sysadmins: Keep YOUR data away from NSA spooks

During a meeting this week I had a question put to me that almost every client asks at some point: will our data remain our data even after we send it rocketing into the cloud? I love this question simply because it means I’m making progress getting companies up to speed on their IT requirements. What set this encounter apart …
Aaron Milne, 19 Jul 2013
The Register breaking news

NHS bitchslapped by ICO on data security

The Information Commissioner's Office is working with Connecting for Health to try to get the NHS to take data security seriously. The news comes as another five NHS bodies sign undertakings with the regulator to improve processes. Information Commissioner Christopher Graham said: "The health service holds some of the most …
John Oates, 01 Jul 2011
The Register breaking news

ICO to probe Essex council over data leak

The Information Commissioner's Office is making enquiries into a leak of data possibly involving the details up to 400 users of services provided by Essex county council. The council said that all affected residents had been informed. It has not yet been confirmed that the leak amounts to an offence under the Data Protection Act …
Wi-Fi 802.11n

Euro cops on free Wi-Fi not-so-hotspots: For pity's sake, don't use them for email

Using free Wi-Fi hotspots poses a data risk to users, the boss of European police agency Europol warns. Troels Oerting, head of Europol's cybercrime centre, told BBC Click that growing number of attacks are being carried out via public Wi-Fi and that people should send personal data only across trusted networks. "We have seen …
John Leyden, 10 Mar 2014

Speaking in Tech: Storage is FLEEING the public cloud in Asia

speaking_in_tech Greg Knieriemen podcast enterprise Hosted by Greg Knieriemen, Ed Saipetch and Sarah Vela. This week, Eddie the Prodigal Son returns with our special guest Michael Heffernan, Director of Infrastructure Technology for Asia Pacific at Hitachi Data Systems. This week we discuss… Return of Eddie (0:50) Catching …
Team Register, 02 Apr 2014

FTC: Do SSL properly or we'll shove a microscope up you for decades

The US Federal Trade Commission (FTC) has forged settlement deals with a pair of companies accused of botching their SSL encryption and leaving people vulnerable to identity thieves. According to the watchdog, Fandango and Credit Karma failed to implement basic safeguards when sending highly sensitive personal information over …
Shaun Nichols, 28 Mar 2014
The Register breaking news

ICO: NHS data security breaches are just 'plain daft'

NHS staff should be more aware of data security risks as patient confidentiality "is at the heart of what they do", Jonathan Bamford, head of strategic liaison at the Information Commissioner's Office has said. Speaking at an event on healthcare efficiency, he said that he was confounded by the disconnect between staff awareness …
The Register breaking news

Worker dumps council staff's private data in supermarket skip

The Information Commissioner's Office (ICO) deemed that Scottish Borders Council had been guilty of a serious breach of the Data Protection Act. The watchdog said the organisation had failed to manage the outsourcing of the personal data processing properly. The Council had arranged for a man, known only as 'GS', to "digitise" …
OUT-LAW.COM, 14 Sep 2012
The Register breaking news

Wee biz sector risks wrath of UK data leak watchdog

Businesses that fail to keep private data secure could be in trouble as the Information Commissioner's Office extends its beady eye beyond breaches in the public sector. Bean counters at Syscap pointed out that with the ICO issuing more warning notices and ramping up its fines, small businesses in particular could be at risk as …
The Register breaking news

Cloudy punters can't rely on 'certified' CSPs for data protection

A new online platform that enables prospective users of cloud computing services to assess the security features of registered cloud providers is to be welcomed, the UK's data protection watchdog has said. Amazon has become the latest cloud provider to publish details (42-page/475KB PDF) of how it ensures the security of …
OUT-LAW.COM, 30 Jul 2012

ICO plugs XSS vuln in its website. Only took watchdog FIVE YEARS

The Information Commissioner's Office (ICO) has finally fixed a security bug on its website - five years after it was first notified to the data privacy watchdog. IT consultant Paul Moore first warned the ICO about a cross site scripting (XSS) problem on its website in 2009. The flaw meant it was possible to introduce arbitrary …
John Leyden, 28 Mar 2014
The Register breaking news

Hertfordshire plod passwords leaked by pro-Assange data burglar

A UK police website has been hacked, exposing usernames, unencrypted passwords and other sensitive login details for more than 90 serving officers. The miscreant who raided the Hertfordshire force's database also lifted and leaked workplace phone numbers, email addresses, warrant numbers and PINs of the county's Safer …
John Leyden, 31 Aug 2012
FBI's Cyber Most Wanted: Latest entries

New FBI boss says cyber crime, not terrorism, is top of Feds' todo list

The FBI's new director James Comey has told the RSA security conference in San Francisco that he is making thwarting online crime the major focus for his agency in the coming decade. As a result, agents will shift from a reactive mode into a more forward-looking approach when tackling internet crims, by offering services with …
Iain Thomson, 27 Feb 2014
cloud

Desktop virt used to cope with Starbucks workforce security

The trend for mobile working has fuelled demand for desktop virtualisation, says a survey by Citrix as employers want to know that their out-of-office workforce are on secure machines. As employees increasingly work from home, or Starbucks, companies want ways to keep their devices and data secure. Desktop virtualisation is seen …
Anna Leach, 12 Dec 2011

Chicago cabs embroiled in debit-card breach claim mystery as bank tells folks: Pay by cash

Illinois' First American Bank is advising folks in Chicago to pay their taxi fares in cash rather than by card – amid allegations of a computer security breach in the payment processing chain used by cabbies. It is not clear exactly where or how debit or credit card details are allegedly being copied and siphoned off to crooks. …
Shaun Nichols, 04 Mar 2014
The Register breaking news

Firms are RUBBISH at payment security

Most retailers and other businesses are continuing to struggle with payment card industry standards, placing confidential customer data at a heightened risk of exposure as a result. A Payment Card Industry (PCI) Compliance Report from Verizon found that just one in five (21 per cent) organisations achieved compliance during …
John Leyden, 29 Sep 2011
The Register breaking news

Visa and MasterCard warn of credit card data breach

Visa and MasterCard have been quietly informing banking partners that a third-party supplier has suffered a major breach of security that could let the attacker clone users' cards. According to Krebs on Security, the credit card companies are warning that between January 21 and February 25, a successful attack appears to have …
Iain Thomson, 30 Mar 2012

KC engineer 'exposed unencrypted spreadsheet with phone numbers, user IDs, PASSWORDS'

Hull's dominant telco, KC, is investigating revelations of what appears to be poor handling of the company's customer data. This comes after a recent sign-up claimed one of its engineers had unwittingly exposed a customer spreadsheet containing the telephone numbers, user IDs and unencrypted passwords of all its subscribers. The …
Kelly Fiveash, 17 Jan 2014
The Register breaking news

Visa probes reported security breach of card processor

Credit card issuer company Visa is investigating the possible breach of a payment processor in Europe that may have compromised more than 10,000 cards in Eastern Europe. In a statement issued on Thursday, according to IDG News, the issuer said: “Visa Europe has been informed of a potential data security breach at a European …
Dan Goodin, 15 Dec 2011