Sensational !!
If you have an account with Bank of America or Chase, two of the nation’s largest banks, a major security flaw has been exposed that could make your information vulnerable to an Internet crook – or even a nosy neighbor.
via Security flaw could expose credit card data – Business – ConsumerMan – msnbc.com.
A Qualified Security Assessor Company (QSAC) has finally had their status revoked by the PCI SSC. In a little noticed release dated August 4, 2011, the PCI SSC announced through an FAQ that as of August 3, 2011, Chief Security Officers (CSO) of Scottsdale, Arizona is no longer a QSAC.
via Kicked Out Of “The Club” « PCI Guru.
Responding to the theft of 57 hard drives in 2009 , BlueCross BlueShield of Tennessee has completed a $6 million project to encrypt all of its at-rest data.
The company announced late last month that it spent more than 5,000 man-hours on the encryption effort, which encompassed about 885TB of data.
via Health Insurer Encrypts All Stored Data.
LinkedIn will make changes to a “social advertising” feature that sparked criticism for using members’ names and photographs in advertisements on its website.
After a day of mounting criticism, the social networking service said in a blog post Thursday that it had been “listening” to its users and “could have communicated” its intentions with the new ad feature more clearly. As a result, it said, it will change how the advertisements appear.
via LinkedIn Hurries to Address Privacy Spat.
The Payment Card Industry Security Standards Council today published guidelines aimed at helping merchants and others processing payment cards make effective use of what’s known as “tokenization” technologies to conceal sensitive account information.
via PCI group outlines technology to conceal sensitive account information.
Despite the strong security benefits, Visa and the card issuers come out much farther ahead in this program when compared to the merchants, as generally seems to be the case when it comes to card industry events
via Second Thoughts about Visa’s EMV program.
One of the ways our customers can be are assured their data is protected is through third-party audits and certifications. Since 2008, Google Apps has successfully undergone annual SAS 70 Type II audits. This year the SAS70 Type II audit has evolved into the SSAE 16 Type II attestation and its international counterpart, ISAE 3402 Type II. We’re happy to announce that Google is one of the first major cloud providers to be certified for compliance to these new audit standards.
KPMG, which won OCR’s $9.2 million contract for HITECH-required HIPAA audits in June 2011, told the Saint Barnabas Health Care System of West Orange, NJ, in June 2010 that a KPMG employee lost an unencrypted flash drive that may have contained a list with some patient names and information about their care, Saint Barnabas reported on its website.
via HIPAA Auditor Involved in Own Data Breach.
Data Breaches Involving Business Associates
According to data on OCR’s website, there have been 292 breaches affecting 500 or more individuals since September 2009. Business associates have been involved in 57, or about 20%, of those breaches.
via OCR Deciding Whether To Run HIPAA Audits on Business Associates – iHealthBeat.
