As details about the Epsilon e-mail breach unfold, the list of affected companies grows, including major banks and merchants. Here is the latest list of the companies known to have been impacted by the incident.
The Social Security Administration sold the information in a database of deceased individuals that erroneous contained the Social Security numbers, dates of birth, full names and ZIP codes of living people, the inspector general reports.
"Although we have made good progress in creating information sharing entities, to share information securely and efficiently, we have not adequately tackled the critically important issues associated with the timeliness and completeness of information," Financial Services Sector Coordinating Council Chair Jane Carlin...
State agencies transferred information containing unencrypted, personal information to unsecured servers between January and May 2010, but the exposure was not discovered until two weeks ago, Texas Comptroller Susan Combs says.
The Epsilon e-mail breach has opened the door for what experts fear could be 'massive spear phishing attacks.' Here are 7 security tips to help organizations protect themselves and their customers.
It's serious news that RSA's SecurID solution has been the target of an advanced persistent threat. But "It's not a game-changer," says Stephen Northcutt, CEO of SANS Institute. "Anybody who says it is [a game-changer] is an alarmist."
When it comes to e-marketing and the reliance on third parties such as Epsilon, Nicolas Christin of Carnegie Mellon University says banks and merchants should "come clean" about the information they share with outside entities.
Terrell Herzig, information security officer at UAB Medicine, discusses the steps he's taking in the wake of the attack against RSA's SecurID two-factor authentication products.
Communicating with customers about the incident and warning them not to click links in phishing e-mails are all these impacted institutions and companies really can do, says Jeremiah Grossman, chief technology officer of WhiteHat Security.
Privacy Attorney Lisa Sotto says the Epsilon e-mail breach is a warning about the state of data security employed by some third-party service providers. Strong contracts related to security practices must be the norm, not the exception.
"Persistent" is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.
"It is the biggest breach we have ever seen; and to say no financial information has been stolen is, well, understating the massive breach and concern," says Neil Schwartzman, founder and chief security specialist at CASL Consulting.
After the revelation of Operation Aurora, the term began to take on a different meaning. "In essence," IBM's X-Force report says, "APT became associated with any targeted, sophisticated or complex attack regardless of the attacker, motive, origin or method of operation."
Users of RSA's SecurID two-factor authentication products, acting on advice from the company, are devising strategies to monitor for threats and take preventive steps in the aftermath of a hacker attack against the products.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
