Data theft reported at two Boston conventions

A spokesman tells The Boston Globe that several convention center employees have also been victimized, and the data breach did not occur there. Source: MassLive.com

Alert: Your password is probably compromised...again

Its time to change your password again in the wake of a hack exposing millions of passwords from Facebook, Google, and Twitter. Source: CSO Online

Arizona data breach impacts millions, costs millions more

A Maricopa County Community College District (MCCCD) data breach that affected millions of individuals has ended up costing the education system millions of dollars more. Source: SC Magazine

U.S. data breach notification laws likely to remain state-by-state

Constantly updating technology coupled with the dynamic and evolving nature of data breaches may be stalling notification laws from becoming uniform across the United States.Source: SC Magazine

Study: IT leaders count the cost of breaches, data loss and downtime

Among costly incidents, IT leaders named breaches to be the most damaging from a financial perspective, accounting for a loss of more than $860,000 on average annually at organizations.Source: SC Magazine

42 Million Passwords Compromised as Hackers Aim at Cupid Online Dating

A large-scale compromise at online dating service Cupid Media earlier this year exposed more than 42 million unencrypted passwords and other information to hackers. Source: Infosecurity Magazine

Technology Sector Lags In Security Effectiveness, Analysis Show

Report analyzed security ratings for more than 70 Fortune 200 companies in energy, finance, retail, and technology. Source: Dark Reading

Attackers Ramp Up Threats to the Energy Sector

The US energy sector experienced the largest number of malware attacks of any industry in the spring and summer of 2012, with the end result being expensive outages at pipelines, oil refineries and drilling platforms. Source: Infosecurity Magazine

US government releases draft cybersecurity framework

NIST comes out with its proposed cybersecurity standards, which outlines how private companies can protect themselves against hacks, cyberattacks, and security breaches. Source: CNET News

Adobe hack attack affected 38 million accounts

A cyberattack launched against Adobe affected more than 10 times the number of users initially estimated. Source: CNET News

UCLA Health dodges $16 million breach claim

California appellate court rules that providers aren't necessarily liable to patients when medical records are stolen or misappropriated unless they are accessed by a third party. Source: FierceHealthIT

SANS Announces Results of its Inaugural Health Care Information Security Survey

Concerns over negligent insiders were primary among 65 percent of respondents. Source: Dark Reading

Federal Security Breaches Traced to User Noncompliance

Are strong security protocols actually making the federal government less secure? Source: CSO Online

Hack of major data brokers weakens bank authentication

LexisNexis, Dun & Bradstreet and Kroll Background America hacks raise more doubt on the effectiveness of knowledge-based authentication. Source: CSO Online

Experian Data Breach Resolution Reveals Five Common Mistakes Made When Handling A Breach

In recognition of National Cyber Security Awareness Month, the list identifies missteps that may put organizations at greater risk for reputational, financial, and legal damage. Source: Dark Reading

Adobe hacked, 3 million accounts compromised

The massive attack exposes customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.Source: CNET News

Compliance deadline on HIPAA rules brings expanded responsibilities for third parties handling data

Updated rules to the Health Insurance Portability and Accountability Act (HIPAA) expand the legal responsibilities of third-party organizations handling protected health information.Source: SC Magazine

Destructive Attacks On Oil And Gas Industry A Wake-Up Call

The oil and gas industry today is in the bull's eye of nation-states, hacktivists, and even cybercriminals, and, like other energy sectors, its industrial control systems are about a decade behind the security curve of the traditional IT environment. Source: Dark Reading

Insider tied to Vodafone breach in which 2 million records were compromised

Police seize suspect's assets in wake of carrier's breach in Germany. Source: CSO Online

Data breach lawsuits roll on as lawyers work to establish legal precedent

Lawsuits following data breaches are certainty. So what are plaintiffs using to win cases or force settlements, and how can corporations respond to this new liability? Source: SC Magazine

4 Million Patients At Risk After Computer Theft From Chicago Medical Group

Unencrypted Social Security numbers, names, addresses, health insurance information potentially exposed in major HIPAA violation. Source: Dark Reading

Do You Know Where Your Databases Are?

Database discovery and important first step to securing sensitive data store. Source: Dark Reading

EXIT Strategy: Insider Threat

Threats from inside an organization – and from third-parties – pose a burgeoning challenge for security professionals. Source: SC Magazine

Employee fired for stealing external hard drive containing patient data

A external hard drive containing personal medical information on thousands of patients was stolen by a former employee of the North Texas Comprehensive Spine and Pain Center in Sherman. Source: SC Magazine

Employee fired for emailing health data to herself

Emailing protected health information (PHI) to a personal email address cost one Rocky Mountain Spine Clinic employee her job last week. Source: SC Magazine

White House to offer companies cybersecurity incentives

With incentives, the government aims to entice power utilities, water infrastructure, and transportation networks to sign onto its upcoming Cybersecurity Framework. Source: CNET News

US Authorities Indict 5 Men for Largest Ever Data Breach Conspiracy

Five people were recently charged with conspiracy in a worldwide hacking spree that stole 160 million credit card numbers and cost the victim companies hundreds of millions of dollars. Source: Infosecurity Magazine

Forget Standardization -- Embrace BYOD

The platform standardization ship has sailed, but mobile device management is your ticket to securing all of those handhelds. Source: Dark Reading

2.5 million Californians exposed to identity theft in 2012

According to a new report from the California Attorney General’s office, data breaches in the state exposed more than 2.5 million residents to the risk of identity theft in 2012 – many of which could have been prevented with the implementation of even the most basic security precautions. Source: Infosecurity Magazine

IRS leaks tens of thousands of Social Security numbers

Social Security numbers for thousands of U.S. citizens were made publicly available online after the Internal Revenue Service (IRS) posted them to a government website. Source: SC Magazine

Hack exposes Morningstar data on 182k investors, including some credit card numbers

Chicago-based investment research firm Morningstar announced that the personal data for tens of thousands of clients was compromised in an "intrusion" dating back to April 2012. Source: SC Magazine

Symantec Delivers DLP 12 To Take On Insider Threats

Symantec recently introduced Data Loss Prevention 12, the company's answer to the ever-increasing need for protection against insider threats. Source: CRN

Significant gap between IT staff and executives' understanding of security

Gaps in understanding between IT staff and executives when it comes to cybersecurity is tracking to the rate at which advanced and zero-day attacks against businesses are growing, according to a Ponemon Institute survey of UK businesses underwritten by FireEye. Source: Infosecurity Magazine

New Survey Shows 79% Of Businesses Experienced A Mobile Security Incident In The Past Year

Survey shows that 67% of firms allow personal mobile devices to connect to their networks. Source: Dark Reading

5 Big Database Breaches Of Spring 2013

During the past couple of months, data breaches have ranged from the mundane to the fantastic, with each occurrence offering valuable lessons for security professionals with regard to locking down databases and the applications that access them. Source: Dark Reading

Human error and system glitches drive nearly two-thirds of data breaches

According to the Ponemon Institute's 2013 Cost of Data Breach Study, human errors and system problems caused two-thirds of data breaches in 2012. They also pushed the global average cost to $136 per compromised record. Source: Infosecurity Magazine

Proxy research firm settles charges with SEC over client breach

Institutional Shareholder Services (ISS), a research firm the advises clients on voting in proxy fights, must pay $300,000 to the U.S. Securities and Exchange Commission (SEC) to settle charges that it failed to protect client information due to access control shortfalls. Source: SC Magazine

Wyndham Hotels court battle over FTC data security authority heats up again

The Federal Trade Commission (FTC) has filed fresh documents asking a U.S. District Court in New Jersey to reject a hotel chain's motion to dismiss a complaint filed against it following multiple data breaches. Source: SC Magazine

Almost half of employees admit to bypassing security controls

Almost half of all employees in a recent survey admitted to bypassing security regulations in order to get their job done. Source: Infosecurity Magazine

Administrative error exposes personal data of 10,200 neurology patients

A New York State medical practice mistakenly emailed the personal information of several thousand patients to other individuals it was treating. Source: SC Magazine

Four Out Of Five Businesses Have Little Or No Visibility Of Data Movement

Survey reveals that companies are failing to adequately monitor the movement of company data and files within and external to their organization. Source: Dark Reading

Data breaches loom in the face of business transformation

The move to cloud applications, ever-present mobility, Big Data and an escalating set of complex cyber-attack vectors and malware are all conspiring to overwhelm security professionals, leaving the door for many businesses wide open to data breaches. Source: Infosecurity (USA)

InfoSec: Understanding business goals is key to embedding company-wide security practices

Information security managers need to better align themselves with company business goals to help embed security practices in an organization. Source: CSO Online

50 million LivingSocial passwords stolen

On Friday 26 April 2013, some 50 million of LivingSocial's 70 million registered users learned that they must reset their passwords following the latest large scale online password theft. Source: Infosecurity Magazine

Symantec report finds small businesses battered by cybercrime

Companies with 250 employees or less absorbed 18 percent of targeted cyberattacks in 2011, but the figure jumped to 31 percent in 2012, Symantec said in its Internet Security Threat Report 2013, released on Tuesday. Source: CSO Online

Hack of college database jeopardizes sensitive data of 125k students

An online database containing the personal information of 125,000 students at Kirkwood Community College in Cedar Rapids, Iowa, was hacked. Source: SC Magazine

Schnucks supermarket chain discloses breach that stole 2.4 million credit card numbers

Hackers raided the St. Louis-based grocery chain's systems to steal 2.4 million credit and debit card numbers. The attacks may have persisted as long as four months, from last December through March 29. Source: SC Magazine

United HomeCare Services Data Breach Could Affect More Than 13,000 Patients

United HomeCare Services in Miami, a non-profit home health and community care organization, has notified 13,617 patients of a possible data breach. Source: Becker's Hospital Review

California companies may be forced to disclose the information they hold on users

The Right to Know Act (AB 1291) is currently being considered in California. It is an Habeus Data act – let the people know what you know about them. EFF says it will place no new demands on data security; others beg to differ. Source: Infosecurity Magazine

90% of unknown malware is delivered via the web

A new study of malware takes an unusual approach – instead of analyzing known malware, it analyzes the unknown malware that traditional defenses miss; and finds that 90% is delivered from the web rather than via emails. Source: Infosecurity Magazine

Laptop hosting patient data stolen from surgeon on vacation

A surgeon's laptop containing the personal information of patients was stolen while he was on vacation. Source: SC Magazine

Healthcare Security Improving But Still Needs Treatment

First quarter year-over-year data breach numbers declined in 2013, but data security black eyes still a symptom of healthcare's need for improved database security. Source: Dark Reading

Preparing for the new norm: 2013 Guarding against a data breach survey

With a slew of bad actors dispatching almost daily advanced attacks, organizations of all sizes must be prepared. Many respondents to this year's "Guarding Against a Data Breach" survey say they are. Source: SC Magazine

Security remains a top investment priority for IT amid mobile workplace evolution

As enterprises evolve to become more mobile and, in essence, geographically limitless, IT decision makers are continuing to grapple with reducing complexity and balancing investment against cost-cutting, but they are committed to addressing core IT challenges such as security threats. Source: Infosecurity Magazine

Desktops-As-A-Service Boost Security, But Beware

At RSA session, panelists argue that companies can better protect sensitive data and systems by using virtual desktop infrastructure, but warn that everything relies on the quality of the hypervisor. Source: Dark Reading

New report claims potential cost of a loss of trust is $400 million

The first in a new series of annual reports seeking to quantify the cost of trust – more specifically the loss of trust – suggests that global 2000 companies can expect a breach of trust to cost almost $400 million. Source: Infosecurity Magazine

Investors Value A Company's Cybersecurity Record

New HBGary report says majority of U.S. investors steer clear of investing in companies that have suffered multiple data breaches -- and they worry more about theft of customer data than intellectual property. Source: Dark Reading

IT departments don't trust their own security choices

One out of five enterprise security professionals in the US say they would not entrust their personal data to their own networks. Source: Infosecurity Magazine

Ex-Employees Say It's OK To Take Corporate Data With Them

New Symantec survey finds nearly 70 percent of employees who recently left or were fired from their job say their organizations don't prevent them from using confidential info. Source: Dark Reading

Retail Top Of 2012 Breach Investigations List, Web Threats Intensify

Separate annual threat reports from Trustwave and Websense show some persistent security problems. Source: Dark Reading

PCI e-commerce guidance issued for merchants

The Payment Card Industry Security Standards Council (PCI SSC) recently published the “PCI Data Security Standard (DSS) E-Commerce Guidelines Information Supplement,”outlining vulnerabilities in e-commerce environments and offering security best practices. Source: SC Magazine

Malware: The Next Generation

Zero-day and rapidly-morphing malware is proliferating across the Web. Is your enterprise ready to stop it? Source: Dark Reading

U.S. Health Department unveils new HIPAA rules

The U.S. Department of Health and Human Services (HHS) has announced updated rules that will extend security and privacy requirements to so-called business associates, those contractors and subcontractors, such as billing companies, that perform services on behalf of a health care provider. Source: SC Magazine

Health data breach at Lucile Packard Children’s Hospital

Lucile Packard Children’s Hospital and the Stanford University School of Medicine experienced a health data breach on Jan. 9 when a password-protected laptop computer with pediatric patient medical information was stolen off-campus from a physician’s car. Source: HealthIT Security

What Antivirus Shortcomings Mean For SMBs

Accepting the risks that come with relying solely on AV not only puts data at risk, but also could kill future earning potential. Source: Dark Reading

MA billing company reaches $140K health data breach settlement

More than two years after Joseph and Louise Gagnon of Goldthwait Associates allegedly mishandled medical records with protected health information (PHI) from four Massachusetts pathology groups at the Georgetown Transfer Station, they will have to shell out $140,000 as part of the settlement with Attorney General Martha Coakley. Source: HealthIT Security

Feds step up HIPAA enforcement with hospice settlement

The Hospice of North Idaho will pay $50,000 to the U.S. Department of Health and Human Services following a breach that affected 441 patients -- an indication that the agency is not letting even small incidents slide. Source: SC Magazine

Global Payments breach cost the company $93.9 million – so far

Global Payments, which has never been particularly forthcoming over the loss of 1.5 million card details (it could have been more) in 2012 (it could have been earlier) has now disclosed associated costs of $93.9 million – but it will be more. Source: Infosecurity Magazine

Device containing Sentara Healthcare patient info stolen

About 56,000 Sentara Healthcare patients could be affected by the theft of a device containing some of their personal information.Source: Daily Press

With BYOD, data breaches just waiting to happen

Smartphone insecurity means healthcare patient information, for one, remains at high risk, studies find. Source: CSO Online

University of Michigan Health Data Breach Affects 4k Patients

Personal health information on approximately 4,000 patients treated by the University of Michigan Health System has been breached, and the health system will soon be notifying affected patients. Source: Becker's Hospital Review