Tag Archives: today

[ISN] Target poised to settle breach for $10 million

http://www.usatoday.com/story/money/business/2015/03/18/target-hack-breach-10-million/24991847/ By Jay Knoll KARE-TV March 19, 2015 MINNEAPOLIS – Target Corp. is poised to settle a class-action lawsuit filed following the retailer’s massive data breach in 2013, court documents filed Wednesday in Minnesota show. A $10 million dollar fund will be established for victims of the breach, the 97-page settlement says. Victims will be eligible for up to $10,000 compensation each. Some aspects of the proposed class action settlement appear unique, said Mark Melodia, founder of the information technology, privacy and data security practice at the law firm of Reed Smith in New York City. “First, the amount of attorneys’ fees contemplated by this deal is at the high end of the historical range, even for multi-district litigation proceedings,” Melodia said, cautioning that he has not had time to study the settlement. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] CIA Restructuring Adds New Cyber Focus

http://www.defenseone.com/technology/2015/03/cia-restructuring-adds-new-cyber-focus/106953/ By Patrick Tucker defenseone.com March 6, 2015 The CIA will create a new directorate designed to boost the agency’s ability to collect and use digital intelligence in operations, agency CIA Director John Brennan announced. The move to launch a “directorate of digital innovation” comes a two weeks after the Washington Post first reported that Brennan would be restructuring the agency to place a much stronger emphasis on the use of computers and electronic intelligence. The move is a big change for the agency, one that reflects a fundamental evolution in intelligence gathering. CIA traditionally has been tasked with collecting information from human sources (also called HUMINT). The NSA, conversely, is tasked with collecting information from electric sources in the form of signals (also called SIGINT). Today’s announcement is a formal recognition that the electronic world is overtaking the human one, and that collecting information from humans now has a digital component to it. “Digital technology holds great promise for mission excellence, while posing serious threats to the security of our operations and information,” Brennan said, in message to the Intelligence Community, released Friday. “We must place our activities and operations in the digital domain at the very center of all our mission endeavors.” Brennan said a new senior position will “oversee the acceleration of digital and cyber integration across all of our mission areas.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] US watchdog: Anthem snubbed our security audits before and after enormous hack attack

http://www.theregister.co.uk/2015/03/05/us_watchdog_anthem_audits/ By Shaun Nichols The Register 5 Mar 2015 A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed. And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s systems, and was again turned away. “We do not know why Anthem refuses to cooperate,” government officials told The Register today. The Office of the Inspector General (OIG) for the US Office of Personnel Management (OPM) told us it wanted to audit Anthem’s information security protections back in 2013, but was snubbed by the insurer. According to the agency, Anthem participates in the US Federal Employees Health Benefits Program, which requires regular audits from the OIG, audits that Anthem allegedly thwarted. Other health insurers submit to Uncle Sam’s audits “without incident,” we’re told. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Credit Card Breach at Mandarin Oriental

http://krebsonsecurity.com/2015/03/credit-card-breach-at-mandarian-oriental/ By Brian Krebs Krebs on Security March 4, 2015 In response to questions from KrebsOnSecurity, upscale hotel chain Mandarin Oriental Hotel Group today confirmed that its hotels have been affected by a credit card breach. Reached for comment about reports from financial industry sources about a pattern of fraudulent charges on customer cards that had all recently been used at Mandarin hotels, the company confirmed it is investigating a breach. “We can confirm that Mandarin Oriental has been alerted to a potential credit card breach and is currently conducting a thorough investigation to identify and resolve the issue,” the company said in an emailed statement. “Unfortunately incidents of this nature are increasingly becoming an industry-wide concern. The Group takes the protection of customer information very seriously and is coordinating with credit card agencies and the necessary forensic specialists to ensure our guests are protected.” Mandarin isn’t saying yet how many of the company’s two-dozen or so locations worldwide may be impacted, but banking industry sources say the breach almost certainly impacted most if not all Mandarin hotels in the United States, including locations in Boston, Florida, Las Vegas, Miami, New York, and Washington, D.C. Sources also say the compromise likely dates back to just before Christmas 2014. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Target Says Credit Card Data Breach Cost It $162M In 2013-14

http://techcrunch.com/2015/02/25/target-says-credit-card-data-breach-cost-it-162m-in-2013-14/ By Ingrid Lunden Techcrunch.com February 26, 2015 When it comes to data breaches, retailers are one of the biggest targets these days, and today we have some detail on the costs around one of the more high-profile attacks. Target today said that it has booked $162 million in expenses across 2013 and 2014 related to its data breach, in which hackers broke into the company’s network to access credit card information and other customer data, affecting some 70 million customers. The figure, revealed in the company’s Q4 earnings published today, includes $4 million in Q4, and $191 million in gross expenses for 2014, as well as $61 million gross for 2013. Target says that the gross number was offset in part by insurance receivables of $46 million for 2014 and $44 million for 2013. This is also not including whatever expenses Target may incur as a result of class action lawsuits filed after the breach, or wider damage to its reputation with customers. In January, a federal judge gave plaintiffs the nod to proceed with their class action case against the company. Overall Target posted revenues of $21.8 billion, beating analyst estimates, and adjusted earnings per share of $1.50, beating its guidance. The company also recorded a pre-tax loss of $5.1 billion related to the company pulling out of operating in Canada. In pre-market trading, the company’s shares were up a little over 1% to $77.85 per share. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Target Says Credit Card Data Breach Cost It $162M In 2013-14

http://techcrunch.com/2015/02/25/target-says-credit-card-data-breach-cost-it-162m-in-2013-14/ By Ingrid Lunden Techcrunch.com February 26, 2015 When it comes to data breaches, retailers are one of the biggest targets these days, and today we have some detail on the costs around one of the more high-profile attacks. Target today said that it has booked $162 million in expenses across 2013 and 2014 related to its data breach, in which hackers broke into the company’s network to access credit card information and other customer data, affecting some 70 million customers. The figure, revealed in the company’s Q4 earnings published today, includes $4 million in Q4, and $191 million in gross expenses for 2014, as well as $61 million gross for 2013. Target says that the gross number was offset in part by insurance receivables of $46 million for 2014 and $44 million for 2013. This is also not including whatever expenses Target may incur as a result of class action lawsuits filed after the breach, or wider damage to its reputation with customers. In January, a federal judge gave plaintiffs the nod to proceed with their class action case against the company. Overall Target posted revenues of $21.8 billion, beating analyst estimates, and adjusted earnings per share of $1.50, beating its guidance. The company also recorded a pre-tax loss of $5.1 billion related to the company pulling out of operating in Canada. In pre-market trading, the company’s shares were up a little over 1% to $77.85 per share. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NIST outlines guidance for security of copiers, scanners

http://gcn.com/articles/2015/02/25/nist-replication-device-security.aspx By GCN Staff Feb 25, 2015 The National Institute of Standards and Technology announced its internal report 8023: Risk Management for Replication Devices is now available. The guidance covers protecting the information processed, stored or transmitted on replication devices (RDs), which are devices that copy, print or scan documents, images or objects. Because today’s RDs have the characteristics of computing devices (storage, operating systems, CPUs and networking) they are vulnerable to a number of exploits, NIST said. Among the threats to RDs are: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Surprise! America Already Has a Manhattan Project for Developing Cyber Attacks

http://www.wired.com/2015/02/americas-cyber-espionage-project-isnt-defense-waging-war By Kevin Poulsen Threat Level Wired.com 02.18.15 “What we really need is a Manhattan Project for cybersecurity.” It’s a sentiment that swells up every few years in the wake of some huge computer intrusion—most recently the Sony and Anthem hacks. The invocation of the legendary program that spawned the atomic bomb is telling. The Manhattan Project is America’s go-to shorthand for our deep conviction that if we gather the smartest scientists together and give them billions of dollars and a sense of urgency, we can achieve what otherwise would be impossible. A Google search on “cyber Manhattan Project” brings up results from as far back as 1997—it’s second only to “electronic Pearl Harbor” in computer-themed World War II allusions. In a much-circulated post on Medium last month, futurist Marc Goodman sets out what such a project would accomplish. “This Manhattan Project would help generate the associated tools we need to protect ourselves, including more robust, secure, and privacy-enhanced operating systems,” Goodman writes. “Through its research, it would also design and produce software and hardware that were self-healing and vastly more resistant to attack and resilient to failure than anything available today.” These arguments have so far not swayed a sitting American president. Sure, President Obama mentioned cybersecurity at the State of the Union, but his proposal not only doesn’t boost security research and development, it potentially criminalizes it. At the White House’s cybersecurity summit last week, Obama told Silicon Valley bigwigs that he understood the hacking problem well—“We all know what we need to do. We have to build stronger defenses and disrupt more attacks”—but his prescription this time was a tepid executive order aimed at improving information sharing between the government and industry. Those hoping for something more Rooseveltian must have been disappointed. On Monday, we finally learned the truth of it. America already has a computer security Manhattan Project. We’ve had it since at least 2001. Like the original, it has been highly classified, spawned huge technological advances in secret, and drawn some of the best minds in the country. We didn’t recognize it before because the project is not aimed at defense, as advocates hoped. Instead, like the original, America’s cyber Manhattan Project is purely offensive. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail