The latest technologies and best practices to secure local, virtual, cloud, and hybrid networks.
Computerworld Hong Kong reports that a pharmacy staff member at Hong Kong’s Queen Elizabeth Hospital (QEH) lost a USB drive containing 92 patients’ personal data on February 18, 2014, but didn’t report the loss to management until three days later, on the 21st (h/t PHIprivacy.net). The drive was unencrypted, and didn’t have password protection in…
Bank of the West recently began notifying an undisclosed number of former job applicants that the information they had provided in an online job application may have been accessed by hackers. “On December 19, 2013 we discovered that a retired Internet application that provided job listings and accepted applications for positions at the Bank had…
The Mail on Sunday reports that an anonymous whistleblower says up to 27,000 confidential customer files have been stolen from Barclays Bank and sold to rogue traders (h/t Infosecurity). “This is the worst [leak] I’ve come across by far,” the former commodity broker told the Mail. “But this illegal trade is going on all the…
The Nielsen Company recently began notifying an undisclosed number of employees that their personal information may have been exposed when an employee mistakenly shared a file containing the data by e-mail. “We recently discovered that on December 1, 2013, a Nielsen Audio Human Resources employee accidentally e-mailed a file listing Social Security numbers and names…
WSB-TV reports that three Home Depot human resources employees — Claudette Grimes, Lakisha Grimes and Paulette Shorter — have been arrested for allegedly accessing employees’ confidential information and using it to apply for and open fraudulent credit cards (h/t DataBreaches.net). “Our corporate security, IT security and legal teams quickly investigated the matter and notified law…
There are many devices and services that are under constant attack in today’s business environments. Popular vectors for attack include browsers and smartphones, but the goal of an attack is not the device, service or application. Attackers exploit weaknesses in devices and services in order to get to important business information which is stored in…
EasyDraft, which processes payments for Bright Horizons Family Solutions, recently began notifying an undisclosed number of current and former Bright Horizons customers that their names, bank routing numbers and bank account numbers were mistakenly made available online (h/t DataBreaches.net). According to the notification letter [PDF], Bright Horizons learned on January 8, 2014 that one of…
SQL injection has become the scourge of the Internet era. Year after year, it is cited as one of the top security vulnerabilities on the Internet, responsible for countless data breaches. Jeff Forristal, also known by the alias Rain Forrest Puppy, was one of the first people to ever document SQL injection. Forristal, now the…
Crown Castle recently began notifying an undisclosed number of its U.S. employees that their payroll information may have been accessed by hackers. On October 31, 2013, the company determined that an unknown person or persons bypassed Crown Castle’s security system and accessed an e-mail containing an attached payroll file that listed U.S. employee names, Social…