Archive for February, 2014

Calif. DOJ Boosts Involvement in Data Breach Investigations

On Thursday, California Attorney General Kamala Harris (D) announced that the state Department of Justice will take a more active role in preventing and investigating data breaches after hundreds of such incidents occurred over the past two years, including some at health care institutions, the AP/Contra Costa Times reports.

Background on Breaches

There have been about 300 data breaches in California over the past two years, affecting 21.3 million consumers.

The number of data breaches increased by 30% from 2012 to 2013, when reporting requirements went into effect.

Organizations that experienced breaches in 2012 included:

  • American Express Travel Related Services;
  • Kaiser Permanente;
  • The state Department of Public Health; and
  • The state Department of Social Services.

Breaches compromised private consumer information, such as:

  • Social Security numbers; and
  • Credit card and bank account data.
  • Details of State Involvement

As part of the efforts to reduce data breaches, the California Department of Justice has released a cybersecurity guide for small businesses. The guide was developed at no cost in conjunction with the state Chamber of Commerce and the mobile security firm Lookout.

The 34-page guide recommends that small businesses:

  • Encrypt their data;
  • Use a secure browser connection;
  • Install firewalls;
  • Ensure password are protected; and
  • Prepare an emergency response plan for cyberattacks.

In a letter introducing the new guide, Harris said, “California is at the center of the digital revolution that is changing the world,” adding, “Unfortunately, cybercrime, data breaches, theft of proprietary information, hacking and malware incidents are now routine.”

Harris also announced that the state Department of Justice is leading a multistate investigation over a recent nationwide data breach that affected consumer data at Target and Neiman Marcus (Thompson, AP/Contra Costa Times, 2/27).

Article source: http://www.californiahealthline.org/articles/2014/2/28/calif-doj-boosts-involvement-in-data-breach-investigations

,

No Comments

Secret Service investigating possible data breach at Sears

Sears said Friday it has launched an investigation to determine whether it was the victim of a security breach, following Target Corp’s revelation at the end of last year that it had suffered an unprecedented cyber attack.

Staff and wire report

1:55 p.m. CST, February 28, 2014

The U.S. Secret Service is investigating a possible security breach at Sears Holdings Corp., after a series of cyber attacks on retailers that have exposed the credit-card data of millions of U.S. consumers, a person familiar with the investigation told Bloomberg News.

The person, who asked not to be named because the matter is under investigation, didn’t disclose details about the scope or timing of the possible breach.

Hoffman Estates-based Sears said it has found no evidence that it has been hacked.

  • Related
  • Sears Headquarters in Hoffman Estates.

    Sears Headquarters in Hoffman Estates.

  •  Retail earnings: Sears, J.C. Penney see paths diverge

    Retail earnings: Sears, J.C. Penney see paths diverge

  • Sears narrows loss in 4Q, loses $1.36 billion in 2013

    Sears narrows loss in 4Q, loses $1.36 billion in 2013

  • Sears Canada’s same-store sales fall in 4Q

  • Sears launches curbside pickup

  • Sears names new auto unit chief

  • Illinois’ Fortune 500 companies

“There have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach,” the company said in a statement. “We have found no information based on our review of our systems to date indicating a breach.”

The U.S. Secret Service is already investigating digital attacks on several other retailers, including Target Corp. and Neiman Marcus Group, that have exposed the credit-card data of millions of U.S. consumers.

– Bloomberg News contributed to this report.

 

Article source: http://www.chicagotribune.com/business/breaking/chi-sears-data-breach-20140228,0,6757176.story

,

No Comments

Apple Releases Security Updates for Safari 6.1.2 and Safari 7.0.2

  • Home
  • FAQ
  • Contact Us
  • Traffic Light Protocol
  • Privacy Use
  • Accessibility
  • Get a PDF Reader

US-CERT is part of the Department of Homeland Security.

Article source: http://www.us-cert.gov/ncas/current-activity/2014/02/27/Apple-Releases-Security-Updates-Safari-612-and-Safari-702

, ,

No Comments

Apple Releases Security Updates for Safari 6.1.2 and Safari 7.0.2

  • Home
  • FAQ
  • Contact Us
  • Traffic Light Protocol
  • Privacy Use
  • Accessibility
  • Get a PDF Reader

US-CERT is part of the Department of Homeland Security.

Article source: http://www.us-cert.gov/ncas/current-activity/2014/02/27/Apple-Releases-Security-Updates-Safari-612-and-Safari-702

, ,

No Comments

Target Earnings Slide 46% After Data Breach

Target Corp.’s massive data breach and mounting losses from its push into Canada took a toll on the retailer’s latest quarter.

The earnings report on Wednesday offered the first detailed look at the financial fallout of the breach and the task ahead as Target seeks to recover from one of the largest credit-card thefts in history. It faces more than 80 related lawsuits, including some from card issuers, as well as federal and state…

Article source: http://online.wsj.com/news/articles/SB10001424052702304255604579406694182132568

,

No Comments

Target Earnings Slide 46% After Data Breach

Target Corp.’s massive data breach and mounting losses from its push into Canada took a toll on the retailer’s latest quarter.

The earnings report on Wednesday offered the first detailed look at the financial fallout of the breach and the task ahead as Target seeks to recover from one of the largest credit-card thefts in history. It faces more than 80 related lawsuits, including some from card issuers, as well as federal and state…

Article source: http://online.wsj.com/news/articles/SB10001424052702304255604579406694182132568

,

No Comments

Target Earnings Drop 46% as Canada Takes Toll

Target Corp.’s massive data breach and mounting losses from its push into Canada took a toll on the retailer’s latest quarter.

The earnings report on Wednesday offered the first detailed look at the financial fallout of the breach and the task ahead as Target seeks to recover from one of the largest credit-card thefts in history. It faces more than 80 related lawsuits, including some from card issuers, as well as federal and state…

Article source: http://online.wsj.com/article/SB10001424052702304255604579406694182132568.html

,

No Comments

Target Earnings Drop 46% as Canada Takes Toll

Target Corp.’s massive data breach and mounting losses from its push into Canada took a toll on the retailer’s latest quarter.

The earnings report on Wednesday offered the first detailed look at the financial fallout of the breach and the task ahead as Target seeks to recover from one of the largest credit-card thefts in history. It faces more than 80 related lawsuits, including some from card issuers, as well as federal and state…

Article source: http://online.wsj.com/article/SB10001424052702304255604579406694182132568.html

,

No Comments

Data breach at Indiana University: Are colleges being targeted?

Indiana University is alerting 146,000 students and recent graduates that their names, addresses, and social security numbers may have been exposed in a recent data security breach.

Skip to next paragraph

The data was accidentally stored in an insecure location for 11 months, but was only downloaded by three automated webcrawling programs, rather than by a targeted attack, so “the chance of sensitive data falling into the wrong hands … is remote,” said James Kennedy, a university associate vice president, in a statement.

But these and other recent breaches at universities “underscore the fact that there needs to be enforceable data security standards,” says Khaliah Barnes, director of the student privacy project at the Electronic Privacy Information Center in Washington. While the privacy of student information is protected under federal law, she says, specific practices for data security are largely left up to universities and the technology sector.

RECOMMENDED:

How much do you know about cybersecurity? Take our quiz.

When states started requiring public disclosure of data breaches about a decade ago, higher education institutions were “the miscreants” – with huge numbers of breaches, says Fred Cate, director of Indiana University’s Center for Applied Cybersecurity in Bloomington.

Fortunately many of the problems were along the lines of lost laptops, rather than cyber-attacks by criminals, he says, and in recent years, as universities have caught up with prevention practices, they’ve brought the number of breaches down significantly. Now, fewer people are affected in all of higher education than are affected by a single major commercial breach such as the recent compromise of credit cards at Target, he says.

Since the beginning of 2013, 47 data breaches have occurred in the education sector, including K-12 and higher ed, according to a database maintained by the Privacy Rights Clearinghouse in California. Since 2005, 718 such breaches have been recorded.

Despite improvements, higher education must continue its vigilance, Professor Cate says, because criminals are now starting to catch on to how much sensitive information universities store on everyone from students and staff to patients at university hospitals.

Earlier this month, for instance, 309,000 individuals’ records – including social security numbers, birthdays, and university ID numbers – were exposed by a sophisticated cyberattack on the University of Maryland. The US Secret Service has joined the investigation to determine how multiple layers of security were compromised. The university has offered five years of free credit protection services to everyone affected, and has launched a task force to improve its cyber-security.

“Every day, there are thousands of probes of our defenses that we spot and thwart,” said Wallace Loh, president of the University of Maryland, in a statement Tuesday. “There is an arms race between hackers playing offense and universities playing defense. In 2012, we doubled our IT security staff and doubled our annual investments in cyber-security. We will continue to make the necessary investments.”

Keeping up with cyber-threats is “wildly expensive,” Cate says. “Not only is there a technology arms race, but also a training and awareness arms race,” since security is only as good as the training of the people who have to execute the necessary steps. Universities are environments with less of a command-and-control structure than most businesses, and it’s challenging to enforce the most up-to-date policies throughout various academic departments, Cate says.

Indiana has set up a call center for people potentially affected by the breach. The fact that the Indiana data was not likely accessed by someone with ulterior motives is probably little comfort for students, Ms. Barnes says. “Students don’t particularly care how their information was breached,” she says. “Eleven months is a long time to have your social security number exposed.”

Security was one issue addressed this week when the US Department of Education issued guidance to schools and universities on student data privacy. The guidance clarifies standards for information gathered by third parties, such as technology vendors, that interact with schools. The ever-broadening potential uses of student data, for everything from marketing to federal tracking of the effectiveness of education policies, continues to concern privacy advocates.

Barnes recommends that universities publish the types of information they collect about students, where such information is hosted, and how students can amend it. “That can start a dialogue,” she says, with students weighing in if they believe a particular vendor doesn’t have a good enough reputation for security and privacy protection.

RECOMMENDED:

How much do you know about cybersecurity? Take our quiz.

Article source: http://www.csmonitor.com/USA/Education/2014/0226/Data-breach-at-Indiana-University-Are-colleges-being-targeted

,

No Comments

Data breach at Indiana University: Are colleges being targeted?

Indiana University is alerting 146,000 students and recent graduates that their names, addresses, and social security numbers may have been exposed in a recent data security breach.

Skip to next paragraph

The data was accidentally stored in an insecure location for 11 months, but was only downloaded by three automated webcrawling programs, rather than by a targeted attack, so “the chance of sensitive data falling into the wrong hands … is remote,” said James Kennedy, a university associate vice president, in a statement.

But these and other recent breaches at universities “underscore the fact that there needs to be enforceable data security standards,” says Khaliah Barnes, director of the student privacy project at the Electronic Privacy Information Center in Washington. While the privacy of student information is protected under federal law, she says, specific practices for data security are largely left up to universities and the technology sector.

RECOMMENDED:

How much do you know about cybersecurity? Take our quiz.

When states started requiring public disclosure of data breaches about a decade ago, higher education institutions were “the miscreants” – with huge numbers of breaches, says Fred Cate, director of Indiana University’s Center for Applied Cybersecurity in Bloomington.

Fortunately many of the problems were along the lines of lost laptops, rather than cyber-attacks by criminals, he says, and in recent years, as universities have caught up with prevention practices, they’ve brought the number of breaches down significantly. Now, fewer people are affected in all of higher education than are affected by a single major commercial breach such as the recent compromise of credit cards at Target, he says.

Since the beginning of 2013, 47 data breaches have occurred in the education sector, including K-12 and higher ed, according to a database maintained by the Privacy Rights Clearinghouse in California. Since 2005, 718 such breaches have been recorded.

Despite improvements, higher education must continue its vigilance, Professor Cate says, because criminals are now starting to catch on to how much sensitive information universities store on everyone from students and staff to patients at university hospitals.

Earlier this month, for instance, 309,000 individuals’ records – including social security numbers, birthdays, and university ID numbers – were exposed by a sophisticated cyberattack on the University of Maryland. The US Secret Service has joined the investigation to determine how multiple layers of security were compromised. The university has offered five years of free credit protection services to everyone affected, and has launched a task force to improve its cyber-security.

“Every day, there are thousands of probes of our defenses that we spot and thwart,” said Wallace Loh, president of the University of Maryland, in a statement Tuesday. “There is an arms race between hackers playing offense and universities playing defense. In 2012, we doubled our IT security staff and doubled our annual investments in cyber-security. We will continue to make the necessary investments.”

Keeping up with cyber-threats is “wildly expensive,” Cate says. “Not only is there a technology arms race, but also a training and awareness arms race,” since security is only as good as the training of the people who have to execute the necessary steps. Universities are environments with less of a command-and-control structure than most businesses, and it’s challenging to enforce the most up-to-date policies throughout various academic departments, Cate says.

Indiana has set up a call center for people potentially affected by the breach. The fact that the Indiana data was not likely accessed by someone with ulterior motives is probably little comfort for students, Ms. Barnes says. “Students don’t particularly care how their information was breached,” she says. “Eleven months is a long time to have your social security number exposed.”

Security was one issue addressed this week when the US Department of Education issued guidance to schools and universities on student data privacy. The guidance clarifies standards for information gathered by third parties, such as technology vendors, that interact with schools. The ever-broadening potential uses of student data, for everything from marketing to federal tracking of the effectiveness of education policies, continues to concern privacy advocates.

Barnes recommends that universities publish the types of information they collect about students, where such information is hosted, and how students can amend it. “That can start a dialogue,” she says, with students weighing in if they believe a particular vendor doesn’t have a good enough reputation for security and privacy protection.

RECOMMENDED:

How much do you know about cybersecurity? Take our quiz.

Article source: http://www.csmonitor.com/USA/Education/2014/0226/Data-breach-at-Indiana-University-Are-colleges-being-targeted

,

No Comments