Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.
In a brief statement on Wednesday, the Princeton, N.J.-based Heartland said the settlement “resolves all issues” between the two companies stemming from the intrusion.
via Discover to get $5M from Heartland for ’08 data breach.
“They’ll say, ‘we found data on the most obscure parts of our network, we had no idea it was there,'” Russo says. “We need some methodology to find cardholder data.” Recommendations for that will include data-loss prevention technologies or discovery tools to find cardholder data, Russo says.
via Revisions to credit card security standard on the way.
If the past week is any indication and I’m afraid it is, health care companies are doing an abysmal job at protecting personal health care data.This evening the Colorado Department of Health Care Policy and Financing announced that state officials discovered an unauthorized removal of a computer hard drive from the state’s Office of Information Technology Department: The information did NOT include addresses, dates of birth, social security numbers or any other financial information that could be used for identity theft. It included name, state ID number and the name of the client’s program. Approximately 111,000 clients, or one-fifth of those receiving public health insurance, will receive notification by first-class mail, as required by HIPAA.
via Healthcare Breaches Spin Out Of Control – Security Blog – InformationWeek.
According to Hunter, private information of more than 1,800 people was included on DHEC documents that were discovered by a third party in a public, paper recycling container behind the DHEC building on Bull Street in Columbia. This third party gave the documents to another person, who returned them to DHEC.
via DHEC notifying South Carolina clients of personal information breach |.
But state health authorities have discovered an unknown number of unidentified people have keys to locked bins at the hospital where patient information sheets are deposited for shredding.
UMC officials did not know who had keys to the bins, nor how many had been issued
via Hospital can’t account for keys to bins of patient records for shredding – Friday, March 19, 2010 | 2:01 a.m. – Las Vegas Sun.
Hackers broke into computer systems at Wyndham Hotels & Resorts recently, stealing sensitive customer data.
The break-in occurred between late October 2009 and January 2010, when it was finally discovered. It affected an undisclosed number of company franchisees and hotel properties that Wyndham manages. Wyndham has acknowledged the incident in a note posted to its Web site.
via Wyndham hotels hacked again.
Version 2.0 could mandate automated cardholder data discovery. One change I anticipate is mandating the use of automated cardholder data discovery tools. I say that for a couple of reasons. First, the Council has been encouraging QSAs to use data discovery tools in our assessments. They even provide a list of both open source and commercial products at QSA training sessions complete with examples of how to configure them.
via StorefrontBacktalk » Blog Archive » A Look at PCI in 2010.
Many businesses are familiar with the PCI Security Standards Council’s requirements, yet many card fraud incidents go undiscovered for long periods of time. In fact, according to Verizon’s 2009 Data Breach Investigations Report, 75% of compromises were discovered at least weeks after the compromise.
via Today’s Tip Credit-Card Security: Monitoring – BusinessWeek.
A researcher at IBM reports having developed a fully homomorphic encryption scheme that allows data to be manipulated without being exposed. Researcher Craig Gentry’s discovery could prove to be important in securing cloud computing environments and fighting encrypted spam.
via IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering.
Anyone who peered inside the mixed paper bin at the Dupont Recycling Center this afternoon got an eyeful.
Files, in plain sight, which authorities say contained sensitive medical and identity information.
“Upon finding those, they discovered it wasn’t a small amount. it was a large amount that we had to notify hutcheson medical center and one other medical facility,” says Investigator William Puckett with the Chattanooga Police Department.
via “Thousands” Of Medical Records Discovered In Recycling Bin | newschannel9, records, afternoon – Local News – WTVC NewsChannel 9: Chattanooga News, Weather, Radar, Sports, Lottery.