Data Breach

Study: Cost of Data Breaches Increasing

A study published by Ponemon Institute, and sponsored by IBM, purported that the average total cost of data breaches increased 15% in the last year to $3.5 million, or $145 per record containing protected information.  The study included participants from 314 companies in at least 10 countries.  There are a number of key facts that the study shows regarding reduction factors in the cost of a breach, as well as factors that increase the cost.  The study found that appointing CISO, maintaining a business continuity management program, and developing an incident response program can reduce the cost per record of a [...]

Data Breach?

UPDATED 4/15 A colleague was notified today by his bank, BBVA Compass, that his account was likely involved in a breach and that shortly his debit card was going to be cancelled and he would be issued a new one.  He went to a branch office to deposit a check and asked the teller why  a recording from the bank called the day before asking him to call back for important information(confirming that it was not a robo-call). His point was if it was really important shouldn't a person have been on the other end of the line? It is [...]

By | 2014-04-15T14:23:32-05:00 April 1st, 2014|Data Breach, Information Security, Research|0 Comments

NBC Sochi Hack Report Fraudulent

UPDATED: Kyle Wilhoit, Senior Trend Micro Researcher, further confirmed that NBC misrepresented the 'hacks' in their video in his blog posts here and here and his whitepaper.  Wilhoit is quoted in his blog as saying, "First, all the attacks required some kind of user interaction....Second, these attacks could happen anywhere. They would not just happen in Moscow, nor did it require us to be in Moscow....Third, the infections occurred on newly unboxed hardware. Had basic security precautions such as updating the operating system or not opening emails from unrecognized sources been done, these attacks could have been prevented." UPDATED: We originally [...]

Breach Alert! Yahoo user data stolen

As evidence to why users should not use the same usernames and passwords across sites, it appears that data collected from recent breaches was used to massively hack into user email accounts at Yahoo.  Yahoo recognized the attack and has taken steps to reset passwords.  Their Security Update was posted on Tumblr today. According to Yahoo they are taking steps to protect users: We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an [...]

Scammers take advantage of Target Breach victims

Can you recognize a phishing email?  Target recently sent out an email to those affected by the data breach with information about the breach and steps to take if your information was involved.  That email can be viewed on Target's website. Scammers are also taking advantage of the situation and sending their own Target breach notification emails.  Can you spot the differences in a real and fake email? Honestly, I am surprised that Target sent their email the way they did.  One of the first ways to identify a suspicious email is whether or not you recognize the sender.  In [...]

Target Data Breach Timeline

Updated: Originally posted by the WSJ, and sourced here from Business Insider, Target had warning last spring about a new emerging threat against POS systems.  Internal analysts requested additional scrutiny. Updated: According to an article posted on Krebsonsecurity "the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor." The recent retail breaches show that compliance is not enough.  Cyber security needs to be an organizational wide initiative:    Initial Target Data Breach Breach: Target, sometime between Thanksgiving and December 15th, 2013.  Estimated 40 million records. Discovered: Sometime around mid December 2013. Reported: Target confirms [...]

Target Breach now affects 110 million users

Joshua Carter, public relations manager at Target, said, “This theft is not a new breach; these are two distinct thefts as part of the same breach and this development was uncovered in the course of the ongoing investigation. The 70 million guests impacted by this new development are separate from the 40 million number that was previously shared.” This goes to show how easily a data breach can get out of hand.  Not only has it taken months for all of the information come out, the breadth of the breach continues to grow.  The Verizon breach report says that it [...]

By | 2014-01-24T20:25:28-05:00 January 10th, 2014|Compliance, Data Breach, Information Security, Privacy|0 Comments

Poor Patching, Communication Facilitated July Dept. of Energy Breach

Source: http://threatpost.com/poor-patching-communication-facilitated-july-dept-of-energy-breach/103200 The U.S. Department of Energy is describes what lead to July breach Failures around vulnerability management, access controls and a general lack of communication between decision makers Hackers were able to penetrate a Web-facing application and steal personal information on 104,179 current and former employees, dependents and contractors. They had access to information that could have included Names, addresses, Social Security numbers, dates of birth and bank account information, unencrypted DOE failed to live up to industry standards and government mandates around not only encryption of sensitive data but also to install software updates, purchased in March, that would [...]

Two Missing BCBS laptops may impact 800k people

Source: http://threatpost.com/two-missing-insurance-laptops-may-impact-800k-people/103202 Someone broke into the offices of Horizon Blue Cross Blue Shield of New Jersey and stole two laptops that contained the sensitive information of more than 800,000 members The medical insurance provider claims that the machines were locked to an employee workstation inside Horizon’s Newark headquarters The laptops are password protected but also admitted that they had failed to encrypt them Stolen machines may have contained member names, addresses, dates of birth, Horizon Blue Cross Blue Shield of New Jersey identification numbers, Social Security numbers, and clinical information Horizon Blue Cross Blue Shield of New Jersey claims that they have no [...]

Target Stores said have data breach of over 40 million customers

Source: http://news.cnet.com/8301-1009_3-57616054-83/target-investigating-massive-black-friday-data-breach-report/ Everyone will be attacked, and many will be breached.  Have you taken steps to protect your organization or made plans for how to react in the event of a data breach?  Securit360 offers services to fortify your security programs, train your employees, and measure your vulnerabilities. [av_button label='Contact Us' link='page,35' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='right' icon_select='no' icon='ue800' font='entypo-fontello']