Articles about Data Security

'Security, privacy' main barrier to 'government cloud' rollout in EU

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report. The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security …
OUT-LAW.COM, 04 Mar 2015
Bradley University offer to hackers

Hacked uni's admins hand ID theft prevention reward to data burglars

An Illinois university's sysadmins have seemingly handed data burglars a year-long subscription to LifeLock, an identity alert and credit monitoring system, following a data breach at the US institution which left thousands vulnerable to identity theft. With the best of intentions, Bradley University reacted to being hacked by …
Files on shelves

Connected Data gets serious about the business of file sharing

It’s now available in Europe – yep, Connected Data has upped its peer-to-peer, file sync ’n share game with Transporter for Business, a way of sharing files that has no public cloud security risk at all. The Transporter is a cone-shaped device providing private cloud, peer-to-peer file sharing for consumers. There are some 12, …
Chris Mellor, 04 Mar 2015

US government green-lights data swapping for security firms

Security firms looking to share research data with their peers need not fear the US Federal Trade Commission or Department of Justice any more. The FTC and DOJ issued a joint policy statement on Thursday assuring the security community that they will not pursue antitrust cases against companies that share their security …
Shaun Nichols, 10 Apr 2014
Amazon data center

Amazon's clouds are da bomb, say EU data protection watchdogs

Amazon’s cloud services have been declared safe by Europe’s privacy rights watchdogs. The Article 29 Working Party (a group made up of all Europe’s national data protection authorities), led by the Luxembourgish CNPD, has found that Amazon Web Services’ standard contractual clauses meet all the requirements of EU data protection …
Jennifer Baker, 01 Apr 2015
Smart home

Internet of Thieves: All that shiny home security gear is crap, warns HP

In a recent study, every connected home security system tested by HP contained significant vulnerabilities, including but not limited to password security, encryption, and authentication issues. HP's Fortify on Demand security service assessed the top 10 home security devices – such as video cameras and motion detectors – along …
John Leyden, 10 Feb 2015

Home Depot ignored staff warnings of security fail laundry list

Home Depot is facing claims it ignored security warnings from staff, who say prior to its loss of 56 million credit cards, it failed to update anti virus since 2007, did not consistently monitor its network for signs of attack, and failed to properly audit its eventually-hacked payment terminals. The fixer-upper retail giant …
Darren Pauli, 22 Sep 2014
picard

Premera healthcare: US govt security audit gave hacked biz thumbs up

Serious doubt has been cast on the US government's data security regulations after Premera Blue Cross was declared secure by Uncle Sam – just months before the healthcare giant was ransacked for financial and medical information by hackers. The biz underwent a computer security audit by a federal watchdog in January 2014, was …
Iain Thomson, 23 Mar 2015
Winnie-the-Pooh honey

Business expects data retention will hit their bottom lines: survey

Risk management outfit Protiviti says Australian businesses are fearful that the government's proposed metadata retention scheme is going to cost them. The government is in the throes of considering a two-year retention regime for Australian telecommunications carriers and ISPs. While the Parliamentary Joint Committee on …

GCHQ grants security clearance to Samsung's Knox mobe security

The official containerisation solution for security on Samsung phones and tablets has passed muster with GCHQ. It’s now deemed safe enough for UK government employees to get a Galaxy Note 3, Galaxy S3 S4 or Galaxy S5 all of which run the Korean firm's KNOX software. This is only to the OFFICIAL (PDF) level of security. This is …
Simon Rockman, 16 May 2014
car hacking

Hacker hijack 'threat': Your car's security is Adobe Flash-grade BAD

Democratic Senator Ed Markey (D-MA) has published a report after questioning 20 automakers about the security of their cars' internal networks – and how much personal data they store. The results aren't great. In short, as we've long suspected, the computers in today's cars can be hijacked wirelessly by feeding specially crafted …
Iain Thomson, 09 Feb 2015

Trustwave gobbles up Application Security, gorges itself on tech

Data security biz Trustwave has acquired fellow data security provider Application Security, a startup that specialises in automated database security scanning technologies. Financial terms of the deal, announced on Monday, were undisclosed. Privately-held Application Security develops security software for relational databases …
John Leyden, 12 Nov 2013
Our Playmobil figure innocently tweeting away at his computer

My employer, comply with data protection law? Don't think so – say 3 in 4 office drones

Less than a quarter of staff at businesses in the UK, France and Germany think their organisation fully complies with data protection laws, according to a new study. Cyber security company Sophos commissioned a survey of 1,500 office workers in the three countries and found that 77 per cent of respondents were not confident that …
OUT-LAW.COM, 03 Oct 2014

Redmond may buy security company it says is wrong about AD flaw

Microsoft is reportedly in talks to buy Israeli security firm Aorato for $200 million after this week pouring cold water on its claim to have discovered a critical flaw in Active Directory. Aorato was founded by former Israeli Defense Force hackers and offers products that detects attacks on against Active Directory. As …
Darren Pauli, 16 Jul 2014
The Register breaking news

RSA adds Big Data analytics to security service suite

In just under a month, security folks are coming to San Francisco for the annual RSA show, and if Wednesday's announcement from the company is to go by, one of the major themes at conference will be Big Data. At a press conference at its Massachusetts headquarters, RSA unveiled its Security Analytics appliance that's designed to …
Iain Thomson, 31 Jan 2013
Old Bailey Lady Justice

Microsoft vs US.gov, Internet of Stuff, Big Data: Some of 2015's legal cloudy issues

Cloud, Big Data, the Internet of Things are among the hottest topics that vendors are driving in 2015, but there are five legal developments in each that are worth tracking. 1. Microsoft and US government go to court Again, Microsoft is resisting attempts by the US government to get access to the user data it is holding outside …
Frank Jennings, 15 Jan 2015
Tubbs from the League of Gentlemen. Illustration by Doeth Gwraig

Warning to those who covet the data of Internet of Precious Things

Data generated by devices in the "internet of things" age should be "regarded and treated as personal data", data protection authorities from across the globe have agreed. The watchdogs said it is "more likely than not" that such data can be attributed to individuals. "Internet of things’ sensor data is high in quantity, …
OUT-LAW.COM, 22 Oct 2014
management governance3

New security standard for CHAPS who have your CREDIT CARD data

A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules. PCI DSS 3.0 is designed to "help organisations take a proactive approach to …
John Leyden, 08 Nov 2013
Dambuster_Mohne_dam_breach

Mandatory data breach laws back on Australian agenda

Australia's on-again, off-again debate about data breach notification laws is on again, courtesy of a report into financial system regulation, at least until the government cans the idea (again). Register readers will recall that a Privacy Alerts bill was proposed by the previous government before the 2013 election, then delayed …

IBM claims first with Hadoop data security suite

IBM is launching what it claims is the first data security system for Hadoop, as part of its biggest product rollout of security software and services yet seen from the company. Big Blue's not the highest profile security firm, but it has been buying in a lot of talent over the last three years and last year grouped staff and …
Iain Thomson, 18 Oct 2012

Security products: Best of breed or create your own monster?

IT security is not just about antivirus or firewall products anymore. There is a whole layer cake of different product types designed to protect your organisation in different ways. It is a stack, in much the same way as TCP-IP networking or web server functionality has stacks of functionality. The question is, what's the best …
Danny Bradbury, 07 Nov 2014
storage arrays superimposed on cloudy sky

What you need to know about keeping your cloud data safe

The first reaction many corporate users – even those who are quite technically aware – have when considering a migration to cloud computing is to worry about data security. It is a fairly natural emotional response of course; you are effectively surrendering a kind of ownership of your data over to a third party. So what if a …
Data breach image

Look out: That data protection watchdog can bite

Despite all the furores, calamities and Snowden-related shenanigans of recent years, the UK’s privacy watchdog remains something of a pussycat, and a lean one at that. Granted powers in April 2010 to fine firms £500,000 for breaches of the various laws it covers, the Information Commissioner’s Office (ICO) has flexed its mini- …
Tom Brewster, 26 Nov 2014
Double Facepalm; when one facepalm is not enough.

Don't bother telling people if you lose their data, say Euro bods

Analysis Businesses should not need to notify consumers that their personal data has been lost or stolen if the data has been encrypted, EU ministers have said. Ministers in the Justice and Home Affairs Committee of the EU's Council of Ministers backed the plans as part of a wider partial agreement reached last week on reforms to EU data …
OUT-LAW.COM, 15 Oct 2014
Cloud security

Make sure big data doesn't land you in big trouble

Size isn't everything. Big data may be about storing terabytes or petabytes of information but it is also about complexity, and complexity often brings security challenges. Are you ready to handle them? Right now, someone in a marketing or finance role somewhere in your organisation is probably putting together a big data …
Danny Bradbury, 14 Nov 2014
The Register breaking news

Retailer challenges Visa penalty fees in data security dust-up

In a payment industry first, a sporting-goods retailer has filed a multimillion-dollar lawsuit against Visa, arguing that the penalties the credit card company charges its members for data security breaches are unfair. As reported by Wired, retailer Genesco alleges that Visa seized some $13m in funds from its merchant bank …
Neil McAllister, 12 Mar 2013

Despite your fancy-schmancy security tech, passwords still weakest link in IT defences

The use of stolen login credentials continues to be the most common way for network intruders to access sensitive information. Two out of three breaches were the result of weak or swiped passwords, making a case for strong two-factor authentication, according to Verizon’s latest annual Data Breach Investigations Report. The …
John Leyden, 22 Apr 2014
New York City's Manhattan skyline

New York side-eyes California's hack attack laws: I'll have what she's having

New York's attorney general is asking the state to set new rules requiring companies to confess when they've been hacked. The Big Apple's AG Eric Schneiderman said that he is going to ask the state to force organizations to disclose the loss of customer user names, passwords and security question answers as part of its …
Shaun Nichols, 15 Jan 2015
The Register breaking news

Got a data security policy? Chances are your IT bods don't know it

Advisory firm Forrester Research questioned 2,383 IT workers from five countries for a report called Understand The State Of Data Security And Privacy: 2012 To 2013, but only 56 per cent of those surveyed in North America and Europe said that they were aware of their employers' current data security policies, according to a …
OUT-LAW.COM, 27 Sep 2012
The Register breaking news

Press exposure of Federal data security hole leads to legal threats

An investigation into a security slip that left the identity information for over 170,000 users of a US federal government program publicly available online has led to accusations of hacking and legal threats. The Scripps News investigative team spent the last month studying companies running Lifeline, a federal program to …
Iain Thomson, 22 May 2013

FTC gets judicial thumbs-up to SUE firms over data breaches

In a ruling this week, a US federal judge affirmed the Federal Trade Commission's authority to file lawsuits against companies for failing to take "reasonable and appropriate" data security measures, rejecting a claim that the agency lacks that power. District Judge Esther Salas of the US District Court of New Jersey denied …
Neil McAllister, 12 Apr 2014

Building big data? Are you building a security headache too?

The world and its dog has been shocked by the Prism news story. Early in June, we found out that the US National Security Agency (NSA) had developed a secret data-gathering mechanism to steal all our data and store it in a large data warehouse. We are outraged that it is being mined, searched and otherwise prodded. But do we …
Danny Bradbury, 19 Aug 2013

Korean credit card bosses offer to RESIGN over huge data breach

An IT contractor has been arrested over the theft of credit card and personal details of 20 million South Koreans. Investigators allege an IT worker at the Korea Credit Bureau copied names, social security numbers and credit card details of millions onto a USB stick before flogging them to a marketing firm. He has been charged …
John Leyden, 22 Jan 2014
PayPass

Survey: Just 1 in 3 Euro biz slackers meets card security standards

European businesses are lagging far behind the rest of the world in compliance with global payment card industry security standards, according to a new survey. Just under one-third (31 per cent) of surveyed European businesses met 80 per cent or more of the PCI Data Security Standard (DSS) requirements, compared with 75 per cent …
John Leyden, 11 Feb 2014

EU Justice Department stalls India's security clearance

India’s outsourcing giants are likely to face more delays in their frustrated bid to tap a potential IT services market worth $30 billion, after a report emerged suggesting the EU still has big data security concerns with the country. The EU and India have been trying to finalise their Broad-based Trade and Investment Agreement …
Phil Muncaster, 19 Jun 2013
French cartoon, 1790: devil disguised as man walking tightrope

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned. The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for " …
OUT-LAW.COM, 11 Jan 2013
grab_that_cash

Review of UK data protection: Should fines go OVER HALF A MIL?

The UK government should consider raising the level of fines that the Information Commissioner's Office (ICO) can impose on organisations that breach the Data Protection Act (DPA), an expert has said. Data protection law specialist Kathryn Wynn of Pinsent Masons, the law firm behind Out-Law.com, said that a previous increase in …
OUT-LAW.COM, 06 Mar 2014
Google Drive

Put those smartphones away: Google adds anti-copying measures to Drive for Work

Google has rolled out five new functions aimed at beefing up the security, administration and sharing features of its Drive for Work cloud business suite and the equivalent education package. Youtube video "Since we launched Drive for Work 9 months ago, we've watched as more and more businesses moved to the cloud - and seen …
Iain Thomson, 31 Mar 2015

Who'd be Target's infosec chief? Tesco CIO joins hack-battered firm

UK retail giant Tesco has lost its veteran CIO to Target, whose IT chief is stepping down after just a year. Tesco’s Mike McNamara is taking charge of Target’s IT operations at 1,790 retail stores, 37 distribution centers, global development and online. He replaces Bob DeRodes, hired in spring 2014 after US retailer Target lost …
Gavin Clarke, 04 Feb 2015

Dating site PAYS cracker for stealing creds

A blackhat hacker who stole 20 million credentials and attempted to sell some online has been handed a bug bounty by one of his victims, Russian dating site Topface. The mix 'n' meet site was hacked last month by blackhat 'Mastermind' who published millions of email addresses online and was found attempting to hawk the …
Darren Pauli, 03 Feb 2015
Silhouette of spy discerning password from code uses a command on graphic user interface

US anti-backdoor bill: If at first you're shot down in flames – try, try again

Lawmakers in the US are making an effort to revive legislation that would ban government agencies from demanding backdoor access to hardware, websites and software. Under the proposed Secure Data Act, developers cannot be forced to insert security holes into devices and code. The FBI, for one, would like to use such flaws to …
Shaun Nichols, 05 Feb 2015
Clouds in blue sky

Nena-bothering stats tempt Ericsson into Cleversafe's arms

Cleversafe has got itself a great new reselling deal. Popular telco kit supplier Ericsson is selling a Secure Cloud Storage offering based on Cleversafe's object storage software. Ericsson thinks it can enable telcos to offer better cloud IT services if the worries of their large enterprise customers about data security and …
Chris Mellor, 06 Mar 2015
Car-2-Car

We're not Mr Brightside: Asda Car Insurance broker hacked

No customer data was exposed after the firm behind Asda Car Insurance was hacked, said the broker as it explained why the ACI website went offline earlier this week. Reg reader and Asda Car Insurance customer Arthur forwarded us a notice he received from Brightside Group, who provide white label insurance products for Asda and …
John Leyden, 03 Oct 2014
Cloudy sky

Bah! No NSA-proof Euro cloud gang. Cloud computing standards will 'aid data portability'

New cloud computing standards to be developed within the EU should facilitate users' ability to transfer data and services between cloud providers, MEPs have said.17 Dec 2013 Cloud computing TMT & Sourcing Outsourcing TMT Advanced Manufacturing & Technology Services The European Parliament has backed a new resolution on cloud …
OUT-LAW.COM, 19 Dec 2013

Hey banks: Use Win XP after deadline? You'll PAY if card data's snaffled

Banks that use the Windows XP operating system will face a risk to their compliance with payment card data security rules if they continue to operate the software after Microsoft withdraws its extended support services, a US regulatory body has warned. Microsoft confirmed in 2010 that it would end "extended support" for Windows …
OUT-LAW.COM, 14 Oct 2013
cloud

Sophos gulps down hot Mojave, will puff out more secure clouds

Sophos has slurped up the security firm Mojave Networks in a bid to develop the world's strongest and most secure cloud. You should probably now get excited about data security. "Mojave Networks is a young innovative company that has built a leading platform right at the intersection of three cutting-edge areas of security: …
Jasper Hamill, 08 Oct 2014

Horrific moment curvy mum-of-none Mail Online spills everyone's data

Middle England will be shocked to discover that the Daily Mail's website, the world's most read online newspaper, has only gone and admitted to a shameful data security cock-up. The publication - which is known for displaying loads of pictures of tits and ass online normally alongside an equal amount of outrage about tits and …
Kelly Fiveash, 06 Aug 2013

Pizza stores popped, sandwich stores sacked in PoS plunder

Some 324 restaurants across the United States, including 216 Jimmy John's outlets, have had payment terminals compromised by malware after a breach at vendor Signature Systems. The massive breach occurred when an intruder stole remote log-in credentials for Signature's point of sale (PoS) kit, according to cyber-crime reporter …
Darren Pauli, 29 Sep 2014
JP Morgan HQ at Canary Wharf

JPMorgan Chase mega-hack was a simple two-factor auth fail

Hackers broke into JPMorgan's network through a giant security hole left open by a failure to switch on two-factor authentication on an overlooked server. The New York Times reports that technicians at JPM had failed to upgrade one of its network servers, meaning that access was possible without knowing a combination of a …
John Leyden, 23 Dec 2014
Tim Cook Apple CEO with glowing green eyes, dark glasses a la Demon Headmaster

Chinese hackers slurp iCloud passwords, Apple's CEO jumps into his jet for China

Apple boss Tim Cook has met top Chinese officials following a major attack on the security of the iCloud website – an assault that some security analysts have blamed on Beijing. Cook was snapped in full demon headmaster mode heading into a pow-wow with Vice Premier Ma Kai. According to the Xinhua news agency, the issues of " …
Jasper Hamill, 22 Oct 2014