Security News
The FBI has created a new policy to give "Timely" breach notifications to state and local officials concerning election hacking and foreign interference. It will also require agents to work directly with state and local election officials to identify and mitigate cyberthreats to election infrastructure as quickly as possible, according to the FBI announcement.
P&N Bank in Perth, Australia, says a server upgrade gone wrong led to the breach of sensitive personal information in its customer relationship management system. The CRM system contains names, mailing addresses, email addresses, phone numbers, customer numbers, ages, account numbers, account balances and what the bank described as other "Nonsensitive" data related to interactions with customers.
On January 13, 2020, a federal court approved the proposed settlement for the class action suit filed against Equifax over the massive data breach it disclosed in September 2017. As announced in July 2019, impacted individuals have until January 22, 2020, to submit claims for the free credit monitoring services or the alternative reimbursement compensation offered in the settlement, to receive reimbursement for Equifax services, or to receive reimbursement for out-of-pocket losses and/or time spent dealing with the data breach.
P&N Bank has notifed customers of a data breach that resulted in a large amount of sensitive information being compromised. Passwords, birthdate, health information, driver's license numbers, passport numbers, social security numbers, tax file numbers, and credit card numbers were not included in the breach, the bank says.
The $380.5 million will be placed into a fund for consumers affected who are part of the class outlined in the lawsuit. It should also be noted that of the 147 million affected by the data breach, approximately 15 million are part of the class action lawsuit.
Still, Chief Judge Thomas W. Thrash Jr. writes that "This settlement is the largest and most comprehensive recovery in a data breach case in U.S. history by several orders of magnitude." The minimum cost to Equifax will be $1.38 billion, which includes $1 billion in security upgrades, Thrash writes. "This settlement is the largest and most comprehensive recovery in a data breach case in U.S. history by several orders of magnitude."-Chief Judge Thomas W. Thrash Jr. Equifax failed to catch such a large exfiltration of data because a security certificate on a traffic monitoring device had expired, the report says.
The logs record when someone uses the Peekaboo app and the specific action they took at a certain point in time, such as uploading data or content. Exposed data includes email addresses, detailed device data and often, links to photos and videos, all of which get stored on servers hosted by Singapore-based Alibaba Cloud.
After a data breach, if individuals' stolen information is offered for sale on the dark web, that potentially bolsters class action lawsuits filed by plaintiffs against the breached organization, says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C. Data offered for sale "Actually shows that someone is attempting to monetize the victims' information," he says in an interview with Information Security Media Group. The clinic reported a health data breach in July 2016 to the Department of Health and Human Services as a "Unauthorized access/disclosure" incident involving its electronic health records and affecting 201,000 individuals.
The UK Data Protection Regulator has issued a monetary penalty of £500,000 against Dixon Carphone for what it describes as "Multiple, systemic and serious inadequacies" in the firm's security posture. This allowed Dixons to argue that the PAN was not personal data, and that this aspect of the breach was consequently not subject to the personal data focus of the data protection laws.
British regulators have fined Dixons Carphone, a large electronics and phone retailer, £500,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. In January 2018, the ICO fined it £400,000 for a 2015 breach of its Carphone Warehouse subsidiary after an attacker exploited an outdated WordPress installation.