State agencies transferred information containing unencrypted, personal information to unsecured servers between January and May 2010, but the exposure was not discovered until two weeks ago, Texas Comptroller Susan Combs says.
The Family Planning Council in Philadelphia and its network providers are informing about 70,000 clients of a health information breach stemming from a stolen unencrypted flash drive.
The Epsilon e-mail breach has opened the door for what experts fear could be 'massive spear phishing attacks.' Here are 7 security tips to help organizations protect themselves and their customers.
Two Connecticut state agencies are investigating a health information breach incident at Midstate Medical Center that may have compromised information on 93,500 patients.
A Connecticut hospital is notifying 93,500 of its patients about a breach incident involving data that was downloaded to a personal hard drive in violation of the organization's policies.
It's serious news that RSA's SecurID solution has been the target of an advanced persistent threat. But "It's not a game-changer," says Stephen Northcutt, CEO of SANS Institute. "Anybody who says it is [a game-changer] is an alarmist."
The federal government's official tally of major health information breaches now confirms the recent Health Net incident affected 1.9 million individuals, making it the largest breach on the list. Meanwhile, at least four state agencies are now investigating the incident.
When it comes to e-marketing and the reliance on third parties such as Epsilon, Nicolas Christin of Carnegie Mellon University says banks and merchants should "come clean" about the information they share with outside entities.
Terrell Herzig, information security officer at UAB Medicine, discusses the steps he's taking in the wake of the attack against RSA's SecurID two-factor authentication products.
Communicating with customers about the incident and warning them not to click links in phishing e-mails are all these impacted institutions and companies really can do, says Jeremiah Grossman, chief technology officer of WhiteHat Security.
Privacy Attorney Lisa Sotto says the Epsilon e-mail breach is a warning about the state of data security employed by some third-party service providers. Strong contracts related to security practices must be the norm, not the exception.
"Persistent" is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.
"It is the biggest breach we have ever seen; and to say no financial information has been stolen is, well, understating the massive breach and concern," says Neil Schwartzman, founder and chief security specialist at CASL Consulting.
A California hospital is notifying more than 514,000 patients of a breach of a limited amount of personal information stemming from the theft of an unencrypted computer.
After the revelation of Operation Aurora, the term began to take on a different meaning. "In essence," IBM's X-Force report says, "APT became associated with any targeted, sophisticated or complex attack regardless of the attacker, motive, origin or method of operation."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
