As detailed in this American Banker article, an FDIC employee who was leaving the agency copied over 40,000 records with PII onto a portable drive. Although technically a data breach, the intent was apparently innocuous as the employee was copying various personal photos and other files (which probably shouldn't be on an FDIC work computer) on [...]
Yesterday's report of a massive data breach involving nearly half of the citizens of Turkey is the latest in a series of hacks designed to make a political or philosophical point. In this case, the hacker (or "hacktivist") apparently had a beef with the Turkish government, although financial gain may also have been an objective. While the [...]
It's a well-understood phenomenon in the payments space: Fraudsters are opportunists who will adapt their tactics to focus on the most vulnerable parts of the payments ecosystem. Sort of a criminal version of "whack a mole". According to a report by TransUnion, adoption of EMV at the retail point of sale is causing a steep [...]
The FTC has questions about how PCI-DSS Qualified Security Assessors (QSAs) conduct their audits and recently ordered itself to study the issue. Merchants and service providers whose processing volume exceeds established volume thresholds are required to use a QSA to assess PCI compliance. The FTC wants to know (among other things) whether QSAs are allowing clients to remedy potential PCI issues before their [...]
What is it they say about an "ounce of prevention"? Home Depot's recent $19.5 million consumer compensation announcement brings their costs related to the 2014 data breach to $161 million, and that doesn't include costs to upgrade internal systems security and beef up their risk management team. Even scarier: Home Depot's lawyers say the settlement [...]
