Ransomware attack at blood center: Org tells users their data’s been stolen

A blood center has begun sending data breach notifications to its users after suffering a ransomware attack and theft of personal data. The New York Blood Center’s NYBC suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a...

Avery had credit card skimmer stuck on its site for months

The consequences of a wave of credit card skimmers—which is normal around the holidays—are starting to show. Label maker Avery has filed a data breach notification, saying 61,193 people may have had their credit card details stolen. On December 9, Avery said it became aware of an attack on its...

India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements

The Indian government has published a draft version of the Digital Personal Data Protection DPDP Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau PIB sa...

TDECU data breach affects half a million people

The Texas Dow Employees Credit Union TDECU has filed a data breach notification, reporting that the data of 500,474 people has been accessed in an external system breach. TDECU is the largest Houston-area credit union, and the fourth largest in the state of Texas. The credit union was founded by...

Wind River ‘Security Incident’ Affects SSNs, Passport Numbers

Wind River Systems, which develops embedded system software, on Friday warned of a “security incident” that had exposed personnel records. One or more files were downloaded from the company’s network on or around September 29, it said. Affected data included information maintained within the...

Credential-Stuffing Attack Hits The North Face

The North Face has reset its customers’ passwords after attackers launched a credential-stuffing attack against the popular outdoor outfitter’s website. In a recent data-breach notification, the company told customers that it was alerted to “unusual activity involving its website,”...

Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts

UPDATE Broadvoice, a well-known VoIP provider that serves small- and medium-sized businesses, has leaked more than 350 million customer records related to the company’s “b-hive” cloud-based communications suite. The data includes hundreds of thousands of voicemail transcripts, many involving...

Data privacy law updates eyed by Singapore

In early 2019, Singapore’s data privacy regulators proposed that the country’s data privacy law could use two new updates—a data breach notification requirement and a right of data portability for the country’s residents. The proposed additions are commonplace in several data privacy laws around...

GDPR Compliance: Manage Procedural Risk Assessments with New GDPR Templates

The EU’s General Data Protection Regulation GDPR goes into effect today, imposing strict security requirements on any company worldwide that handles the personal data of EU residents. Qualys Security Assessment Questionnaire SAQ – a Qualys app that helps you with this type of procedural risk...

Welcome to the Cyber-Regulatory Market of 2018 and Beyond

In the past few years, we’ve seen an increase in the number of companies facing legal consequences for ineffectively meeting deadlines requiring them to measure the effectiveness of their security solutions. Combined with these deadlines, companies also have to prove they have awareness and contr...

GDPR and Breach Detection: How to Ask the Right Questions to Meet the GDPR Breach Notification Rule

It is now less than four months before the General Data Protection Regulation GDPR becomes effective. This new data regulation of the European Union is designed to provide individuals with rights and protections over their personal data collected by business around the world. It aims to unify dat...

January 24, 2018 – Morning Cyber Coffee Headlines – “Taco” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! January 24, 2018 - Headlines Carbon Black in the News: Amazon Web Services Buys...

Australia’s “Essential Eight” is Critical to Meet 2018 Cybersecurity Mandates & Privacy Laws

Christopher Strand, Carbon Black’s security risk and compliance officer recently wrote a blog discussing how the new mandatory data breach notification rule in the Privacy Amendment Notifiable Data Breaches Bill 2016, helps bring attention to cybersecurity solutions and focus on the practices...

White House Creates Cyber Governance Unit Within OMB

With the framework explained for a number of government cybersecurity-related initiatives, now it’s time to talk money. The White House anted up strong in 2015 with proposals for a new data breach notification standard, as well as plans to facilitate information-sharing between the public and...

Data Breach Exposes Customer Payment Card Information

Grocery giants Albertsons and SUPERVALU announced yesterday that a data breach may have exposed the credit and debit card information of an unknown number of its customers at various grocery store locations in more than 18 states. Behind Kroger’s, Albertsons is the second largest grocery store...

South Carolina Data Breach Casts Spotlight on Lack of Encryption, Stolen Credentials

South Carolina governor Nikki Haley said a mouthful this week when she spilled a dirty industry secret that Social Security numbers are generally not encrypted by state agencies. Reeling from a Department of Revenue data breach that leaked 3.6 million Social Security and credit card numbers as we...

House GOP Task Force Favors Private Incentives, Fewer Regulations for Cybersecurity

A House GOP task force called on Congress this week to adopt voluntary incentives – rather than federal requirements – to get private companies to further develop their cyber security. The GOP proposes a combination of tax credits, grants, insurance and rules set by non-regulatory agencies as a w...

Senate Considers Using Mob Law To Go After Cybercriminals

Members of the Senate Judiciary Committee listened as one of the nation’s top cyber cops asked for expanded powers to go after cybercriminal groups, including the use of statutes written to combat the mafia. But confronted with the prospect of a major face lift for the U.S.’s preeminent cyber...

Schmidt: White House Feels 'Very Positive' About Prospects of Data Breach Bill Passing

Howard Schmidt has been the White House cybersecurity coordinator for nearly 18 months now, and in that time has helped develop and shape the Obama administration’s policies and thinking on cybercrime, online privacy and cybersecurity. In the second part of a recent interview with Threatpost edit...

Qakbot Virus Causes Possible Data Breach at Mass. Agencies

An untold number of computers at the Massachusetts Department of Unemployment Assistance and Department of Career Services were compromised in April, leading state officials to warn hundreds of thousands of people that their personal information may have been stolen as part of the attack. However...