Home » News
Spammer's dream: Trojan steals job seekers data from monster.com
A new Trojan, called Infostealer.Monstres collected the personal details of job seekers and then uploaded it to a remote server under the control of the attackers. The remote server held over 1.6 million entries with personal information belonging to several hundred thousands candidates, mainly based in the US, who had posted their resumes to the Monster.com Web site. Such a large database of highly personal information is a spammers dream.
Former Payroll Co. Employee Accidentally Exposes Old Client Data
Payroll processing company Ceridian Corp. has apologized to employees of a New York advertising company, Innovation Interactive, after personally identifiable information of 150 Innovation Interactive employees was inadvertently made available on the Internet. The data include names, addresses Social Security numbers (SSNs) and salary and checking account information. Apparently, a man who no longer works for Ceridian took payroll files with him by accident when he left the company. The files were inadvertently posted on a web site because they somehow became mixed in with his family photos. Ceridian is looking at records back through March 2006 to see if anyone accessed the data. The breach was discovered by a former Innovation Interactive VP who googled himself, discovered the data and contacted Innovation Interactive. Ceridian has sent letters of apology to affected employees and is offering two years of personal data monitoring.
Fidelity Says 2.3 Million Records Stolen
Fidelity National Information Services, a financial processing company, said Tuesday a subsidiary's employee stole 2.3 million consumer records containing credit card, bank account and other personal information.
Endpoint Attacks Loom as Top IT Security Threat to Enterprises
According to Roby Jacob, CEO of Zellerent, the result is "CIOs are prepared for yesterday's threats, when viruses and malware primarily attacked infrastructure. But today they are in serious danger from far more sophisticated threats and targeted strikes that attack endpoints. By endpoints, we mean browsers, workstations, email clients, PDAs, and the hardware and software that end users interact with."
How Credit-Card Data Went Out Wireless Door
The biggest known theft of credit-card numbers in history began two summers ago outside a Marshalls discount clothing store near St. Paul, Minn.
The hackers, who have not been found, downloaded at least 45.7 million credit- and debit-card numbers from about a year's worth of records, the company says.
1.8 million more people affected by latest VA loss
The public relations nightmare for the U.S. Department of Veterans Affairs (VA) worsened this week with the announcement that last month's loss of a relatively low impact hard drive loss actually affected 1.8 million people.
New Appellate Court Ruling May Foster HIPAA Litigation
Because most national privacy rules (notably HIPAA and Gramm-Leach-Bliley) contain no private cause of action, plaintiffs struggle to find creative ways to sue over such privacy and security violations. For "injured" victims, finding an appropriate legal theory may be a critical threshold requirement to securing monetary damages. For companies facing privacy obligations, understanding these challenges is critical to appropriately assessing litigation risks.
Study Says One Anti-Virus Engine Not Enough To Protect Your Business
FBI study shows 97 percent of organizations have anti-virus software installed, yet 65 percent have been affected by a virus attack at least once during the previous 12 months.
ID Thieves Turn Sights on Small E-Businesses: For Online Shoppers, Security Seals No Guarantee That Hackers Aren't Watching
While public attention has remain fixed on a series of high-profile data losses or database breaches at federal government agencies, large corporations and universities, experts who study financial fraud say hackers increasingly are targeting small, commercial Web sites. In some cases, criminals are able to gain real-time access to the sites' transaction information, allowing them to steal valid credit card numbers and quickly charge large numbers of fraudulent purchases.
Federal Database Exposes Social Security Numbers of USDA Funding Recipients
WASHINGTON, April 23, 2007 - The U.S. Department of Agriculture (USDA) has narrowed to approximately 38,700 the number of people whose private identification information was accessible to the public on a government-wide website. The 38,700 people affected were awarded funds through the Farm Service Agency (FSA) or USDA Rural Development (RD).