Health Net of the Northeast will pay $250,000 in fines to Connecticut as part of a settlement regarding a lost or stolen hard-drive that contained medical records and personal information of 1.5 million people, including 446,000 in Connecticut.
via Insurance Capital – News, Conversation and Links about Connecticut’s Insurance Industry.
The Internal Revenue Service risked disclosing taxpayer information when it failed to identify contractors that had access to financial records and to fix known security weaknesses at facilities where files are stored.
According to an audit released on Tuesday by the Treasury Inspector General for Tax Administration, the IRS did not identify all the vendors that store and process taxpayer data, making it impossible to complete annual security reviews. In addition, at facilities where the IRS did conduct reviews, it failed to check if weaknesses it had identified were corrected.
via IRS fails to identify contractors with access to taxpayer data – Nextgov.
Today, AMR Corporation , the parent company of American Airlines, Inc., sent letters to potentially affected retirees, former employees, and a limited number of current employees about a compromise of certain personal information. The data, which had been kept by AMR’s pension department, spans a time period from 1960 through 1995, and consists of images of historical microfilm files for approximately 79,000 retirees, former employees, and a limited number of current employees. No customer data was compromised
From 1 July small and medium enterprises using electronic point of sale terminals and e-commerce systems need to reach basic compliance with an entry-level version of the standard or face higher merchant fees or, in extreme cases such as in the aftermath of security breaches, the withdrawal of merchant statuses.
Larger firms need to comply with the full versions of the PCI DSS standard by 30 September.
via Visa tightens rules for small sellers • The Register.
NIST Special Publication 800-53 – the bible for federal government chief information security officers as well as others charged with securing their organizations IT systems – has been revised by the National Institute of Standards and Technology.
NIST Tuesday issued SP 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations. This latest guidance is aimed at helping agencies implement continuous monitoring of their IT systems as they move away from the traditional paper-based compliance rules under the Federal Information Security Management Act.
via NIST Revises Security Controls Bible.
Tokenization and encryption may be the best solution to one of the biggest data-security challenges facing merchants: how to protect confidential payment card information against emerging threats without disrupting normal business operations. That’s according to a security brief released on Tuesday by RSA, the Security Division of EMC. Security experts from processor First Data Corp. and Visa Inc. also contributed to the report
via News.
Merchants have gained some welcome breathing room for complying with PCI: The PCI Standards Council today announced its standards cycle will move from a two- to three-year cycle.The extra year between new versions of the PCI DSS, PA-DSS, and PCI DTS standards came in response to complaints from merchants and others in the secure payment industry that the current schedule of releasing new requirements every two years was too tight.
via PCI Standards Stretched To Three-Year Cycle – DarkReading.
With every company reliant on software to run its business, an alarming rise in data breach incidents across industries, but especially credit card processing, means application security is becoming an increasingly critical part of any organisation’s overall IT security strategy. For organisations that store, transmit or process credit card information, it is vital as they must be able to demonstrate compliance with the Payment Card Industry Data Security Standards (PCI DSS).
via Do You Have What It Takes To Pass Your Payment Card Industry Audit? – Banking Business Review.
A Bank of America call center employee has pleaded guilty to charges that he stole sensitive client information and then tried to sell it for cash.
Brian Matty Hagen pleaded guilty last week to one count of bank fraud. According to court filings he allegedly recorded customer account information when BofA customers called him for technical support at the Florida call center where he worked.
via BofA call center worker pleads guilty to data theft.
Federal auditors have criticized the security and design of a General Services Administration e-travel system, suggesting changes to it as part of a yearly review of the agency's IT process.
In the Office of the Inspector General's semiannual report to Congress, auditors said that the GSA's implementation of the E2 Solutions travel management system has security and usability issues that, among other things, don't properly measure the performance of the system and make it unfriendly for users, particularly disabled ones.
via Auditors Fault GSA Travel System Security — Government Travel — InformationWeek.
