The state of Connecticut is suing health insurer Health Net, following a data breach that saw 446 000 Connecticut residents’ records compromised, it said yesterday.
via Infosecurity USA – Connecticut goes after Health Net for breach.
Connecticut goes after Health Net for breach
Posted by compliancesoftware
on January 15, 2010
No comments
Heartland Agrees to $60M Settlement with Visa over Breach
Posted by compliancesoftware
on January 9, 2010
No comments
Heartland Payment Systems agrees to pay as much as $60 million to Visa to address losses by credit and debit cardholders affected by the data breach Heartland suffered in 2008.
Heartland Payment Systems on Jan. 8 announced that it has agreed to pay up to $60 million to Visa to cover losses to credit and debit cardholders affected by the massive data breach Heartland suffered in 2008
via Heartland Agrees to $60M Settlement with Visa over Breach – Security from eWeek.
Former UCLA Healthcare System employee pleaded guilty
Posted by compliancesoftware
on January 9, 2010
No comments
A former UCLA Healthcare System employee pleaded guilty today to four counts of illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients.
via LawFuel – The Law News Network.
Companies have just months to replace old wireless payments systems
Posted by compliancesoftware
on January 7, 2010
No comments
Retailers and caterers have just six months to replace old systems if they are to continue to use wireless card payment technology. The industry payment security body might revoke the right to process cards for companies that do not upgrade their technology.
The Payment Card Industry (PCI)'s Data Security Standard (DSS) is the set of technical requirements which must be met by retailers who want to process cards.
It was changed in 2008 to ban the use of Wired Equivalent Privacy (WEP) technology in the transmission of card details from mobile card terminals to the main part of a system.
via Companies have just months to replace old wireless payments systems | Pinsent Masons LLP.
PCI 2.0 could mandate automated cardholder data discovery #PCI
Posted by compliancesoftware
on January 7, 2010
No comments
Version 2.0 could mandate automated cardholder data discovery. One change I anticipate is mandating the use of automated cardholder data discovery tools. I say that for a couple of reasons. First, the Council has been encouraging QSAs to use data discovery tools in our assessments. They even provide a list of both open source and commercial products at QSA training sessions complete with examples of how to configure them.
via StorefrontBacktalk » Blog Archive » A Look at PCI in 2010.
HHS wants contractor to test privacy of ‘anonymous’ data
Posted by compliancesoftware
on January 7, 2010
No comments
HHS intends to hire a contractor to demonstrate either the “ability or inability” to re-identify data from a data set that has been de-identified under the Health Information Portability and Accountability Act (HIPAA) Privacy Rule
via HHS wants contractor to test privacy of ‘anonymous’ data — Federal Computer Week.
MasterCard: December PCI Deadline Change Not For Holiday Conflict
Posted by compliancesoftware
on January 7, 2010
No comments
MasterCard’s decision to reverse itself on its end of year 2010 deadline for new Level 2 PCI requirements was not based on retail complaints or on avoiding the hectic holiday period for merchants, according to a key MasterCard manager heading up the effort. Instead, the change was based on giving retailers more time to work with a new PCI training program, he said.
Are PCI Standards Helpful? Take the Survey and Tell Us Your Views | Practical eCommerce
Posted by compliancesoftware
on December 31, 2009
No comments
Are PCI Standards Helpful? Take the Survey and Tell Us Your Views
Completion of the survey will take only a couple of minutes and by doing so you’ll automatically register for a $25 Amazon gift certificate.
via Are PCI Standards Helpful? Take the Survey and Tell Us Your Views | Practical eCommerce.
Restaurant Owners File Lawsuit Over Credit Card Billing Safety Problems – AboutLawsuits.com
Posted by compliancesoftware
on December 30, 2009
No comments
Several restaurant owners in Louisiana and Mississippi are suing two companies that provided them with point-of-sale POS computer systems for credit card billing, saying that the systems were unsecure and allowed hackers to steal thousands of customers’ credit card information.
via Restaurant Owners File Lawsuit Over Credit Card Billing Safety Problems – AboutLawsuits.com.
PCI Security Standards Council Launches Global Website with New Resources in Eight Languages | SYS-CON INDIA
Posted by compliancesoftware
on December 22, 2009
No comments
Today, the PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced the launch of a new PCI SSC micro site, providing resources to secure payment card data in eight languages.
