breach

If you didn't get an e-mail warning this week that your name and e-mail address were part of a database that was breached, consider yourself lucky, and unique.

E-mails from dozens of companies--including Citibank, Chase, Capital One, Walgreens, Target, Best Buy, TiVo, TD Ameritrade, Verizon, and Ritz Carlton--began flooding inboxes this week after a company called Epsilon announced that its system had been breached. Some people have reported receiving as many as four of these warnings.

Citibank is a household name, as are most of the brands on the list (which now reaches more than 55, according to this list on DataBreaches.net). … Read more

The list of customers affected by the Epsilon database breach continues to grow.

The breach, which took place last week but was announced over the weekend, compromised the e-mail addresses and some names belonging to the customers of many major U.S. companies that outsource their marketing and e-mail communications to Epsilon.

The company said Monday that 2 percent of the companies it counts as clients are affected by the security breach. There is no official list of affected companies that's available, and a company spokesperson said Epsilon cannot release the names of its clients. Epsilon is in the … Read more

For some reason, I am reminded of Eric Schmidt's dictum.

You know, the one that went something like: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

It comes to mind because someone whose motivations seem slightly troubling has taken it upon himself to be the Julian Assange of porn.

For there now exists a site called PornWikiLeaks, on which, as you might be able to imagine, certain intimate details of porn stars are displayed for all to see.

The site doesn't … Read more

Cybercriminals are increasingly moving from stealing just personal data to capturing trade secrets and other corporate intellectual capital that they can easily sell through the underground market, according to a new report from McAfee and the SAIC.

In today's release of a new study, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF), McAfee and the Science Applications International Corporate find that the theft of trade secrets, marketing plans, R&D data, and even source code is on the rise, especially as such information is often unprotected.

Based on a global … Read more

If you use TripAdvisor you may soon be getting more spam. The travel site told customers in an e-mail today that someone had breached its network and stolen e-mail addresses for an undisclosed number of its members.

"This past weekend we discovered that an unauthorized third party had stolen part of TripAdvisor's member email list," Steve Kaufer, co-founder and chief executive, wrote in the e-mail. "We've confirmed the source of the vulnerability and shut it down. We're taking this incident very seriously and are actively pursuing the matter with law enforcement."

He did … Read more

RSA warned its customers yesterday that its network had been breached and data had been stolen that could affect customers using its popular SecurID token authentication technology. Although details are scarce, here's what we know so far.

What happened? Someone launched an "extremely sophisticated cyberattack" on RSA in the form of an Advanced Persistent Threat and data was stolen related to the SecurID technology, the company said in a statement on its Web site. APT attacks are often used for espionage, targeting source code and other information within a company or government agency. They typically involve knowledge … Read more

Negligence is the biggest cause of data breaches at corporations, but criminal attacks are growing fastest, a study released today concludes.

The average cost of a data breach for a victimized organization increased to $7.2 million, and the average cost per record came to $214, up $10 from the previous year, according to the 2010 Annual Study: U.S. Cost of a Data Breach, which was conducted by the Ponemon Institute and based on data supplied by 51 U.S. companies across 15 different industry sectors.

The costs associated with a breach involve detecting the incident, investigation, forensics, customer … Read more

Links from Monday's episode of Loaded:

Groupon and FTD get caught allegedly selling flowers for twice the price in a Valentine's Day deal scam

Sony makes the PlayStation phone official. It's called the Sony Xperia Play

Sony also launches the Xperia Neo and Xperia Pro

LG unveils the Optimus 3D, a smartphone that can capture and play 3D content

Research In Motion announces plans for LTE and HSPA+ editions of the BlackBerry PlayBook

Pandora files for an initial public offering

Bank of America may have had a security breach over the weekend

Google launches a site to … Read more

Online dating site eHarmony is advising some of its customers to change their passwords due to a security breach.

A hacker employed an SQL injection vulnerability in an ancillary site that eHarmony operates for content management. The hacker obtained a file that included user names, e-mail addresses, and "hashed passwords," eHarmony said. The breach--first reported today on the Krebs on Security blog--affected an informational site called eHarmony Advice, which includes message boards that require eHarmony user names and passwords to access.

The dating service's main site uses separate databases and Web servers, and "at no point … Read more