Tag Archives: pan

What security can learn from the $15M Sprint employee breach

Federal prosecutors this week charged nine former Sprint employees with fraud and aggravated identity theft after learning they had cloned customer cell phone numbers to make $15 million worth of calls. According to the complaint from federal prosecutors, the individuals who have been charged worked at Sprint stores in the Bronx, Bergen, N.J., and Tampa, Fla., and used company computers to get confidential information about thousands of customers. The data was used to create the so-called ‘clone’ cell phones. Of the $15 million worth of calls, a large percentage of them were international calls, said prosecutors.

via What security can learn from the $15M Sprint employee breach.

Roundup of largest data breaches / incidents

records date organizations
130,000,000 2009-01-20 Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank
94,000,000 2007-01-17 TJX Companies Inc.
90,000,000 1984-06-01 TRW, Sears Roebuck
76,000,000 2009-10-05 National Archives and Records Administration
40,000,000 2005-06-19 CardSystems, Visa, MasterCard, American Express
26,500,000 2006-05-22 U.S. Department of Veterans Affairs
25,000,000 2007-11-20 HM Revenue and Customs, TNT
17,000,000 2008-10-06 T-Mobile, Deutsche Telekom
16,000,000 1986-11-01 Canada Revenue Agency
12,500,000 2008-03-26 LaSalle Bank, BNY Mellon Shareowner Services, Archive Systems Inc, The Walt Disney Company, SYNOVUS

Windows DLL load hijacking exploits go wild

Less than 24 hours after Microsoft said it couldn’t patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company’s software.

Also on Tuesday, a security firm that’s been researching the issue for the last nine months said 41 of Microsoft’s own programs can be remotely exploited using DLL load hijacking, and named two of them.

via Windows DLL load hijacking exploits go wild.

Trojan blamed for Spanish air crash

A plane crash that killed 154 people in 2008 might have been partly connected to the infection of an important ground safety system by malware, a Spanish newspaper has claimed.

The Spanair plane took off from Madrid to fly to the Canary Islands on 20 August 2008, but failed to clear the runway. Of the 172 passengers and aircrew on board, only 18 survived.

via Trojan blamed for Spanish air crash.

Google Apps gets FISMA-certified for government work

Google has landed an important federal certification for encryption and security. An official Google blog post said that the company has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government for its Google Apps office productivity suite, including Gmail.

via Google Apps gets FISMA-certified for government work.

Healthcare Breaches Spin Out Of Control

If the past week is any indication and I’m afraid it is, health care companies are doing an abysmal job at protecting personal health care data.This evening the Colorado Department of Health Care Policy and Financing announced that state officials discovered an unauthorized removal of a computer hard drive from the state’s Office of Information Technology Department: The information did NOT include addresses, dates of birth, social security numbers or any other financial information that could be used for identity theft. It included name, state ID number and the name of the client’s program. Approximately 111,000 clients, or one-fifth of those receiving public health insurance, will receive notification by first-class mail, as required by HIPAA.

via Healthcare Breaches Spin Out Of Control – Security Blog – InformationWeek.

Connecticut AG reaches agreement with Health Net over data breach

Connecticut Attorney General Richard Blumenthal has announced that his office has reached a settlement with health insurance company Health Net over a failure to secure patient information on almost a half-million state enrollees, and subsequent failure to promptly notify consumers about the breach. The settlement involves Health Net of the Northeast Inc., Health Net of Connecticut Inc., and parent companies UnitedHealth Group Inc. and Oxford Health Plans.

via DOTmed.com – Connecticut AG reaches agreement with Health Net over data breach.

AMR Corporation Sends Letters to Certain Retirees and Employees Regarding Data Compromise and Offer

Today, AMR Corporation , the parent company of American Airlines, Inc., sent letters to potentially affected retirees, former employees, and a limited number of current employees about a compromise of certain personal information. The data, which had been kept by AMR’s pension department, spans a time period from 1960 through 1995, and consists of images of historical microfilm files for approximately 79,000 retirees, former employees, and a limited number of current employees. No customer data was compromised

via PR-USA.net – AMR Corporation Sends Letters to Certain Retirees and Employees Regarding Data Compromise and Offer.

Do You Have What It Takes To Pass Your Payment Card Industry Audit? #PCI

With every company reliant on software to run its business, an alarming rise in data breach incidents across industries, but especially credit card processing, means application security is becoming an increasingly critical part of any organisation’s overall IT security strategy. For organisations that store, transmit or process credit card information, it is vital as they must be able to demonstrate compliance with the Payment Card Industry Data Security Standards (PCI DSS).

via Do You Have What It Takes To Pass Your Payment Card Industry Audit? – Banking Business Review.