The online exposure of an unsecured spreadsheet containing personal data on 660 subscribers to the Affordable Care Act health insurance exchange in Vermont has led the state to impose a $264,000 penalty on an IT services firm.
Credit-reporting agency Equifax says its massive breach was even worse than it suspected, affecting 145.5 million U.S. consumers. But it revised the number of suspected Canadian victims from 100,000 down to 8,000, yet says it's discovered that some also had payment card data compromised.
The latest edition of the ISMG Security Report is devoted to a special report on how enterprises around the world should prepare for the European Union's General Data Protection Regulation, which starts being enforced in May.
Former Equifax CEO Richard Smith this week heads to Capitol Hill to testify about the massive breach suffered by the credit bureau. Lawmakers will likely focus on breach detection and response, information security practices and the suspicious timing of three executives' stock sales.
The recent Equifax mega-breach demonstrates how essential it is to have a robust, well-tested incident response plan in place that includes a strong public relations component, says Heath Renfrow, CISO at U.S. Army Medicine
A federal criminal case alleges that a former Hewlett-Packard Enterprise Corp. employee shut down Oregon's Medicaid information systems for several hours after he was laid off. Some security experts caution organizations to take steps to minimize risks from workers who are laid off or fired.
Upscale supermarket chain Whole Foods Market says it's investigating a payment card breach affecting dozens of taprooms and an unspecific number of restaurants located inside its stores. But it says no point-of-sale systems at checkout lanes were compromised.
A zero-day vulnerability in Apple's built-in password manager can be exploited, allowing attackers to steal all stored credentials in clear-text format, a security researcher warns. The flaw affects the latest version of macOS - High Sierra - plus one or more prior versions.
Leading the latest edition of the ISMG Security Report: an interview with NIST's Ron Ross about revised guidance on how to get C-suite executives to help shape information risk management. Also, DHS, FBI leaders outline goals for protecting the U.S. election system.
New York state's financial regulator has reportedly subpoenaed Equifax - in the wake of it suffering a breach affecting 143 million U.S. consumers - seeking extensive documentation, including when and how the credit-reporting agency discovered the breach and responded.
Fast-food chain Sonic Drive-In is investigating a potential breach involving customers' payment card data. Its alert follows a large, potentially related batch of stolen card data appearing for sale on a cybercrime "carder" marketplace called "Joker's Stash."
Organizations need to develop "a friendly business relationship" with law enforcement so they can share information about a data breach to help with the investigation, says Luis Cerritos of the Royal Canadian Mounted Police.