The U.S. Senate Judiciary Committee has approved two bills that would require organizations with data breaches to report them to potential victims.

Stricter rules won't deter government employees from using file-sharing services that can provide access to sensitive documents, such as the inadvertent release of an internal congressional report about House members' possible ethical violations, security professionals said.

Deutsche Bahn has been fined more than €1 million to cover a number of serious breaches of data protection legislation dating back over the past ten years.

During a cybersecurity discussion held Wednesday in Washington D.C., Jeffrey Troy, chief of the FBI's Cyber Criminal Section, said that law enforcement agencies could get a better grip on fighting the surge of cybercrimes if businesses were legally required to report data breaches to potential victims.

No matter how much money you've spent on IT security or how well you have trained your staff, there's a pretty good chance you will get attacked.

Joe Simitian, a Democratic state senator from California, is still scratching his head, some two weeks after Gov. Arnold Schwarzenegger vetoed SB-20, an update to the landmark 2003 Golden State breach notification bill, known as SB-1386.

Shocked and confused, junior Terry Thomas checked his bank statement and noticed a charge he did not make.

ChoicePoint, one of the nation's largest data brokers, has been fined $275,000 by the U.S. Federal Trade Commission for a data breach that exposed personal information of 13,750 people last year.

Far and away, the largest percentage of partners - 39.7 percent - cited Data Breaches as the biggest security threat facing customers in Everything Channel's State of Technology Survey.

NASA was hit with more malware than any other federal agency in 2007 and 2008, according to a new report issued by the Government Accountability Office.

Governor Arnold Schwarzenegger has vetoed an update to California's landmark data-breach notification law, saying that the new bill would be too hard on businesses without adequately benefiting consumers.

The HITECH Act's data breach notification requirement is the first such requirement to come from the federal government, but it most likely will not be the last. And from what I can tell, the harm threshold observers have been concerned about in the HITECH Act might not be as big of an issue the next time around.

Data breaches that don't involve financial information sound relatively benign. But Paul Royal recently discovered that these kinds of breaches are often part of a multi-step attack aimed at stealing personal financial data.

With the incidents of password compromises clearly increasing, webmail services like Hotmail, Gmail, and Yahoo Mail opine that the most probable cause of the data breach from their sites is 'phishing' by hackers.

Facebook has cut off scores of fake member profiles attempting to push rogue anti-virus programs to unwitting users

Chairmen of the House Energy and Commerce Committee and the Ways and Means Committee remind Health and Human Services Secretary Kathleen Sebelius that Congress considered and rejected the very rules that now trigger a health IT data breach notification.

PayChoice, which this week confirmed that its online payroll systems operations were breached on Sept. 23, is now beginning to offer details on what it thinks may have happened.

The House Energy and Commerce Committee is slated to vote Wednesday on legislation that would require strong security policies from firms that collect and store individuals' sensitive information and provide for nationwide notification in the event of a data breach.

It has become a regular occurrence in the news to see both individuals and groups of people have their personal identifying information breached.

The University of North Carolina at Chapel Hill on Friday began notifying about 163,000 women about the potential compromise of their Social Security numbers and other personal information after a hacker breached a system containing the data.

A bank's effort to prevent the disclosure of information about a data breach arising from an errant Gmail message has been rejected by a federal judge in San Jose, California.

Data breaches have hit an all time high and with that have been a dramatic increase in new data security and privacy laws and regulations.

Privacy and civil rights advocates accused the U.S. Department of Health and Human Services of trying to neuter a landmark data breach notification law for health care organizations that is scheduled to go into effect next week.

Holding software companies, ISPs and financial institutions liable for public and private sector data breaches could help prevent them, according to an internet public policy expert.

A rule requiring healthcare providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals of a breach of their unsecured protected health information will become effective September 23, 2009.

Vivek Kundra, the federal CIO appointed by President Obama in March, announced on Tuesday a cloud computing initiative designed to cut spending on government data centers, but maintain a high level of security.

Industrial manufacturing giant DuPont has sued an employee it claims was planning to smuggle trade secrets to China, according to a report this week in The News Journal of Delaware.

The U.S. Department of Health and Human Services (HHS) has issued new regulations requiring health care providers, health plans and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their protcted health information (PHI) is breached.

A socially engineered penetration test of a credit union's computer system went awry last week, resulting in the issuance of a fraud alert from the agency that supervises federal credit unions.

Hacker Ehud Tenenbaum has pleaded guilty in connection to charges of fraud that netted millions of dollars from banks in Indiana, Florida, Texas and California, according to the U.S. Attorney's office in New York.

Members of an alleged fraud ring have been arraigned in New York, charged with stealing identities and obtaining $22 million of wireless phone equipment and services

A Missouri law that takes effect Aug. 28 raises the stakes if companies that operate in the state don�t protect consumer data.

Iris scanners and facial-recognition cameras aren't just for spies anymore.

Most organizations use real data during the testing and development of applications, but are not confident about their ability to protect it, leaving a gaping security hole that can result in a data breach, according to a survey released Tuesday.

Federal indictments were handed down in Washington, D.C. on Monday against three men accused of involvement in what the U.S. Department of Justice (DoJ) is calling the largest credit- and debit-card data breach in the United States.

The man who prosecutors said had masterminded some of the most brazen thefts of credit and debit card numbers in history was charged on Monday with an even larger set of digital break-ins.

Cloakware Inc., the provider of proven software solutions for securing mission-critical information assets, reports that demand for solutions that guard against insider threats has surged in the past six months.

Over the past decade, electronic transactions have slowly supplanted paper-based systems in many industries. For example, individuals and Wall Street brokerage firms employ electronic trading; federal and state taxpayers increasingly e-file their returns; and attorneys e-file pleadings and federal court documents.

Bank of America and Citigroup account holders living in Massachusetts recently have received replacement credit and debit cards, according to a report Monday, but bank representatives do not believe a new data breach is to blame.

One of the frustrations with information security is that it's always difficult � if not impossible � to quantify risk. Without the ability to quantify risk, it's often the case that solutions that would mitigate the risk are left unimplemented because there's no way to prove that the risk would turn into a breach, downtime, or other revenue impacting incident.

Enterprises in the Asia Pacific have been warned they need to sharpen up their data security or soon face the prospect of having governments forcing them to do so.

The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed to a risk of identity theft following an inappropriate transfer of the personal information in mid-July, according to a letter sent to department employees last week.

McAfee is yet to confirm with delegates to its recent Strategic Security Conference that their details were leaked in a bulk email, as reported on iTnews yesterday.

Reports that companies involved in some of the latest data breaches were PCI-compliant continues to spark discussion of whether PCI is a solid measuring stick for overall security.

Take a look at the number of reported data leaks in the US and Australia and you could be forgiven for thinking that we�re a pretty secure lot.

The latest caches of sensitive data reportedly found on peer-to-peer (P2P) file-sharing networks are shocking:

Network Solutions, a provider of Web-related services for small and medium businesses, has started reaching out to customers about a data breach that was discovered in early June.

Network Solutions is investigating a breach on its servers that may have led to the theft of credit card data of 573,928 people who made purchases on Web sites hosted by the company.

The U.K. Financial Services Authority (FSA) fined HSBC Life 1.6 million pounds (US$2.6 million), HSBC Actuaries 875,000 pounds (US$1.4 million) and HSBC Insurance Brokers 700,000 pounds (US$1.1 million)--making a total of 3.1 million pounds (US$5.1 million) in penalties between them.

Privacy watchdog the Information Commissioner's Office (ICO) has found five more NHS organisations in breach of the Data Protection Act.

CEOs and their senior executives don't see eye to eye on key security issues, according to a new survey.

Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides.

Multinationals are fighting a battle on two fronts when it comes to cyber security as they seek to fend off new, emerging security threats and also comply with evolving global regulations.

Zurich North America Commercial has announced the Zurich Security and Privacy Protection Policy, its enhanced and expanded product to help businesses manage the financial and reputational risks of cyberspace.

Seven in ten UK organisations experienced a data breach incident over the last year, up from 60 per cent in the previous year.

California officials have received more than 800 reports of health data breaches in the first five months after a new state law went into effect January 1.

The State Department does not have an accurate accounting of its laptop computers, including ones meant for classified use, and has failed to encrypt machines as it is supposed to do to protect sensitive information, according to a new report by the department's inspector general.

Indiana says it will use a new law and improved services to better protect residents from identity theft.

A widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several government agencies, including some that are responsible for fighting cyber crime, The Associated Press has learned.

Every time you swipe your credit card and wait for the transaction to be approved, sensitive data including your name and account number are ferried from store to bank through computer networks, each step a potential opening for hackers.

Even for a place where personal information is under siege, the case of Brandy Combs is unusual.

Robert Carr was settling in for the evening in a New York hotel on Jan. 12 this year when at 10:30 p.m. he got a phone call that every financial services executive dreads.

Today's world is moving towards mobile computing due to which companies are replacing desktops with laptops. Corporate laptops mostly contain confidential and sensitive data.

Goldman Sachs has not seen its business or clients harmed by the activities of a computer programmer being held in custody for allegedly stealing secret trading codes from the firm, a source familiar with the situation said.

We're not as good as we should be at handling sensitive data.

The Delaware Attorney General's Office recently announced it reached an agreement with the TJX Companies Inc. following a multistate investigation of its data security practices.

Washington Technology received a number of trenchant comments about the July 1 Web story, "DHS requires more personal information from employees, contractors," by staff writer Alice Lipowicz.

No company wants their confidential, competitive data to wind up for sale at a market in Ghana.

Given the complexity of the compliance industry today, it's more common than not for insurance and securities organizations to outsource a portion or all of their compliance administration to an independent organization.

TJX Cos Inc said on Tuesday it reached a settlement with 41 states resolving an investigation of a data breach in its computer system, which the off-price retailer revealed in 2007.

Every time you swipe your credit card and wait for the transaction to be approved, sensitive data including your name and account number are ferried from store to bank through computer networks, each step a potential opening for hackers.

Privacy issues, not untendered contracts should be the greatest worry for Ontarians when it comes to eHealth.

The government has blocked proposals for it to collect and publish data on all NHS security breaches, GP can reveal.In a letter to ministers, written last year and released under the Freedom of Information Act, DoH director of IT implementation Richard Jeavons argued that disciplining offences was the 'responsibility of individual organisations'.

A federal class action claims AETNA insurance allowed hackers to enter its Web site and gain access to personal information about 450,000 employees, former employees and potential employees.

Hackers raided a server at the University of California, Berkeley last fall, stealing everything from Social Security numbers to immunization records in an episode that highlights one danger of moving health information from file cabinets to cyberspace, Forbes reports in a first-person account by one of the 160,000 victims.

Aviva USA, the life insurance and annuity arm of Aviva P.L.C., said it has discovered a data breach that leaked the Social Security numbers, names and possibly addresses of 550 of its customers.

Theft/unauthorized third-party use of customs officials' password for accessing the computer network (Customs Electronic Data Interchange or EDI) used by both the customs staff and the merchant community is causing loss of revenue, says an internal communication circulated to the offices at the Central Board of Excise and Customs (CBEC).

A cybersecurity report issued today by the national security and homeland security advisors to President Obama lays a useful foundation for cybersecurity policy in the coming years.

The personal medical records of tens of thousands of people have been lost by the NHS in a series of grave data security leaks.

A House committee has revived data security legislation that has languished for the last several years.

Small and medium-sized New Zealand companies are more susceptible to IT security breaches, including loss of confidential data, than similar organizations overseas, according to a global survey.

Many banks are reflexively reissuing debit cards in the wake of a breach, possibly stopping fraud losses but sustaining huge reissuance costs and eroding customers� trust. That�s according to survey research released this week.

Pfizer Inc. has reported a possible data breach that occurred March 26 when an employee left a backup hard drive in a box that was later discarded in the trash.

Credit card fraud may get most of the publicity when it comes to identity theft, but ATM and debit card theft is expected to grow 10 to 14 percent this year, according to a survey of financial institutions released today.

For now, providers have two choices under a new healthcare data privacy and security law: data encryption or breach notification.

A federal appeals court has revived a Tampa class-action suit seeking money for Florida shoppers whose credit and debit card numbers were swiped in a data breach that hit 109 Sweetbay Supermarkets.

Payment processing firm Heartland Payment Systems has finally revealed that the major data breach it suffered last year has cost the company more than $12m (�7.9m) in fines and legal costs.

"Attention, Virginia!" the ransom note begins. "I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions.

European Commissioner Viviane Reding said she will push member states to adopt a proper data breach notification law - something the Information Commissioner in the UK has failed to get.

Heartland Payment Systems, which exposed the personal information of millions of credit card customers in a major data breach last year, has been given its PCI compliance back.

The Department of Health and Human Services (HHS) issued guidance specifying the technologies and methods that HIPAA covered entities can use to make protected health information (PHI) unusable, unreadable or indecipherable, thereby qualifying for a safe harbor from the new federal breach notification requirement.

Hansen said that businesses will increasingly be required to integrate identity management and access control technologies with their security infrastructures in order to prevent data from being lost or stolen.

Hold on tight to your company laptop. If you leave it at the airport or have it stolen, your company could be out nearly $50,000, on average.

A key oversight panel in the House of Representatives said this week that it is re-opening an investigation into the "indavertent sharing" of sensitive government and consumer data through popular peer-to-peer file swapping programs such as BearShare and Limewire.

A survey released ahead of this week's RSA Conference in San Francisco shows that network security fraud specialists want more transparency in reporting of data breaches.

Rules proposed by the Federal Trade Commission on April 16 on disclosure of breaches of personal health information would greatly expand the number of companies that would be subject to notifying individuals if their personal health data was exposed because records were lost or stolen, or because a hacker broke into a computer health network.

The Czech government confirmed on Saturday that a computer file containing personal information about European Union leaders was mishandled during the April 5 EU-U.S. summit in Prague.

The year 2008 saw a huge increase in malicious code threats, and the United States retained the dubious distinction of being the top cyber sore spot, according to Symantec's Internet Security Threat Report for 2008.

PIN hackers are almost enough to make you long for the good old days of typewriters, fountain pens and paper transactions at your bank.

In compliance with the American Recovery and Reinvestment Act, the Federal Trade Commission has issued a proposed rule that would require personal health record vendors and related groups to notify customers if their identifiable health information is breached, Health Data Management reports.

The total cost to a company of recovering from a single data breach reached $6.6 million in 2008, an increase of 4.5 percent from the $6.3 million cost in 2007, according to a recent benchmark study conducted by the Ponemon Institute and sponsored by PGP Corp.

As the country's top counter-terrorism officer resigns over photographs of sensitive papers, Steve Pratt blunders into the world of stolen laptops, missing memory sticks and top secrets exposed in public.

Microsoft (www.microsoft.com) announced on Wednesday it has released the sixth volume of its Microsoft Security Intelligence Report, which showed a significant rise in rogue security software.

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

Getting hacked is like having your computer turn traitor on you, spying on everything you do and shipping your secrets to identity thieves.

The biggest security breaches in corporations these days are employees who have been laid off or who are about to get laid off.

The economic crisis presents new data security risks for businesses worldwide, yet many are cutting back on protective measures due to tightening budgets, according to data security experts from Kroll's Fraud Solutions practice. The irony, advises Kroll, is that it's more important than ever for businesses to stay committed to the incident response plans and security measures needed to protect sensitive data.

A U.S. District Court judge will decide in the next few days whether the Hannaford Bros. data breach class action suit will go to trial.

The biggest security risk for a corporation is internal frustration

Great American Insurance Group introduced a new modular policy providing coverage for a variety of cyber risks.

Thieves troll through popular social networking sites such as Facebook or MySpace for individuals posting their spring break or vacation plans on their profiles.

As the US is now pushing for stronger data retention laws to aid law enforcement, it looks like some parts of Europe (who have been on the data retention bandwagon for much longer) are starting to push back in the other direction.

According to a data security and encryption survey carried out by independent consulting and technical services company IT Force, 47.8% of IT decision makers consider their employees to be the biggest threat to sensitive data in their organisations.

Many have blamed the bad guy or criminal hackers for all the problems we have in the security world. And while the bad guy is certainly a problem, they are a small part.

Sending a letter to patients to notify them of a data breach in your office is more than just a nice thing to do -- it's becoming something you must do.

An Army database that contains personal information about nearly 1,600 soldiers may have been penetrated by unauthorized users, Army officials have announced.

Visa announced on Friday that it has removed Heartland Payment Systems and RBS WorldPay -- two payment processors that have announced massive data breaches in recent months -- from its list of service providers compliant with payment industry guidelines.

Companies, governments, and individuals need to do more to protect against information security threats, according to an international information policy think tank.

Simitian, speaking at the Security Breach Notification symposium in Berkeley, said the new legislation would force organizations that are breached to admit the extent of the compromise, and to provide consumers with enough information to determine on their own whether they face a risk of harm.

On Tuesday, the government released new information about a potential security breach involving the presidential helicopter fleet.

A Cranberry company that monitors peer-to-peer file-sharing networks discovered a potentially serious security breach involving President Barack Obama�s helicopter.

Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions ranging from AIDS to mental health problems.

The recently enacted economic stimulus law includes new requirements for how companies must notify people of breaches to their protected health information. Some experts say the rules could lead to federal breach notification requirements for other types of data.

The breaches of the Customer Information System (CIS), which is run by the Department of Work and Pensions, were revealed in a DWP memo to housing benefit and council tax benefit staff on 15 January.

Desks across the nation are sitting idle along with thousands of data rich PCs, laptops, smartphones and other electronic devices. This "abandoned" equipment is ripe for data theft.

Another U.S. payment processor has suffered a database breach that exposed credit card and debit card information, according to several credit unions. The name of the payment processor has not been released and it is unclear how many consumers are affected.

New research has suggested that growing businesses need to ensure they have a proper handle on the security of their data.

The Article 29 Working Party has repeated its demand for a data breach notification law.

"Security", as the first article in this series points out, can always be found near the top of the list of concerns of every IT manager and IT director. Unfortunately the same subject can also manage to not quite make it onto the more important list of things to do something about now.

A Chicago-area Starbucks employee has brought a class-action lawsuit against the coffee retailer, claiming damages from an October 2008 data breach.

The Federal Aviation Administration was doing such a good job at protecting data in its computer systems that the Office of Management and Budget chose it in January to be one of four agencies to guide other federal agencies in their cybersecurity efforts.

Two financial institutions have confirmed that the telltale signs of a second major credit-card breach are indeed real.

Six out of every 10 employees stole company data when they left their job last year, said a study of US workers.

Millions of cell phones are sold every year. Many are lost, stolen, millions more end up on eBay, recycled or tossed in the trash. Many of these phones still have enough data on them to commit identity theft or, in the wrong hands, make your life miserable.

Hardly a day goes by when we do not awake to press reports of security breaches resulting in the loss of thousands, sometimes even millions, of records.

For the second time in three months, the University of Florida, Gainesville, has acknowledged a major data breach - and a statement posted on the university's Web site indicated that there was a third, less-public breach discovered by the school during the same period.

Citigroup is reportedly one of a number of financial institutions that are sending replacement credit cards to customers in response to last year's data breach of Heartland Payment Systems.

Kelly said in no uncertain terms that Facebook does not own your data and content, never did and never will. What's more: Any reproduction of your data has to be subject to the privacy settings you choose as a Facebook user.

Reported cyberattacks on U.S. government computer networks climbed 40% last year, federal records show, and more infiltrators are trying to plant malicious software they could use to control or steal sensitive data.

The White House has engaged a hard-charging consultant for an unprecedented review of U.S. cybersecurity policy to determine whether the government needs to be more pro-active in slowing cybercrime attacks on individuals and businesses.

The hacker responsible for breaking into U.S.-based Kaspersky Lab support website on Feb. 7 set off a wave of attacks against the antivirus vendor when details of the breach were published on a hacking community website.

Reports are surfacing that there has been another major information security breach at a credit card payment processor, though the company has not yet been identified.

In times like these when you have no job or no more furniture to sell, what do you do? Sell sensitive information from your company, if you are the unscrupulous kind!

We're barely into February and already a rash of computer security breaches is shaping up to be one of the biggest technology stories of the year.

I can just imagine the howls of laughter and high fives (virtual ones of course) that must have been going on as hackers managed to crack the security of Kaspersky's website this weekend. Apparently the breach cut deep into the company's database and provided access to customer information, activation codes, product bug lists and other admin related information.

The personal information of UK citizens is being lost and stolen at an unprecedented rate, the UK's privacy watchdog said today.

According to the FBI affidavit (pdf) even though he was fired Unix engineer Rajendrasinh Babubha Makwana, 35, still had access to his computer access. Using that access Makwana wrote a logic bomb and planted it at the tail end of a legitimate script that was run every day on the Fanny Mae servers.

The breaches at Monster.com and Heartland Payment Systems are raising questions about the efficacy of data-loss disclosure laws enacted in at least 45 states.

In a move designed to avoid the time and costs associated with a protracted legal battle, Certegy Check Services Inc. has offered to settle a class-action lawsuit filed on behalf of 8.5 million people whose personal data was compromised by an insider theft that the company disclosed last July.

The US Department of Veterans Affairs (VA) has agreed to pay $20m to veterans whose personal details were lost after the theft of one of its laptops.

The amendments passed on December 22/23 by the Parliament to the eight year old ITA 2000, has been watched keenly by IT and ITES companies. Many are happy since the resulting ITA 2000-Version 2008 which we prefer to call ITA 2008-has tried to address the demand for Data Protection.

Agencies should hold contractors liable for security breaches to encourage better protection of sensitive information upfront, said a director at a top computer security training organization in response to this week's breach of the federal government's primary Web site for job postings.

New Zealand's Chris Ogle probably thought it was his lucky day when he scored a used MP3 player cheap. But his luck soured when it turned out to be broken -- and loaded with 60 pages of U.S. military data and personally identifying information.

The most interesting aspect of the recently reported data breach at Heartland Payment Systems is the relatively light press coverage.

Stolen computers, mislaid memory sticks and missing case notes have all seen people put at risk by their personal data being lost.

Debie Keesee got the bad news four days before it hit the financial press Tuesday: Sophisticated hackers had intercepted vast streams of unencrypted data sent by one of the nation's largest bank-card processors, potentially exposing millions of consumers to fraud.

10 million Americans victimized by identity thieves in 2008, according to the Federal Trade Commission.

Talks are currently underway to decide the level of fines that will be imposed on organizations that lose confidential data.

2009 is coming with new security challenges and organizations have to be prepared for them.

Justice secretary Jack Straw has proposed that the Information Commissioner's Office should receive many of the extra powers it has requested

The Information Commissioner now has the power to levy fines on those who recklessly lose confidential or personal information.

The folks behind blogging site JournalSpace.com have learned the hard way that RAID is not a substitute for backups, with the news that a disgruntled ex-employee has taken down the site completely.

The number of people impacted by data breaches could more than double in 2009 as the credit crunch deepens, according to KPMG�s Data Loss Barometer.

If the World Bank banned Wipro and Megasoft in mid-2007, why are we getting to hear about it only now?

For India to maintain its leadership in this field, and to further expand it, certain enablers are necessary�in fact their need has been felt by the industry for quite some time.

The US Internal Revenue Service (IRS) remains exposed to a wide range of cybersecurity problems, while the agency has fixed less than half of the problems identified in a November audit, according to a recent report by the US Government Accountability Office.

An investigation into a security breach in Texas has found that an agency providing services to Hurricane Katrina evacuees inadvertently allowed the names and personal information of more than 16,000 evacuees to be posted on two Web sites.

Over half of global financial firms have no accurate record of where customer and employee data is collected, transmitted or stored, according to new research from consultancy PricewaterhouseCoopers

The $1 billion fraud unearthed last week at a leading Indian outsourcing firm has spawned fears it could tarnish the image of India overseas as an outsourcing powerhouse, thus impeding business prospects.

Attackers are leveraging legitimate websites to more quickly spread malware that exploits a zero-day vulnerability in Internet Explorer (IE), Microsoft said this weekend.

Among web browsers, Google Chrome and Apple's Safari provide the least amount of protection for stored passwords, according to new research from internet security consultancy Chapin Information Services.

The use of malware on Web sites to steal passwords and other sensitive information is skyrocketing, according to a new report from the Anti-Phishing Working Group.

Even as organizations invest millions of dollars in security mechanisms meant to defend them against potential threats, business initiatives such as outsourcing, combined with the seemingly unstoppable onslaught of cyber-crime, will continue make it hard to prevent attacks targeting electronic data in the coming year, according to a new research report.

Cybercrime and outsourcing were named top security concerns according to a new study commissioned by Lumension Security and conducted independently by The Ponemon Institute.

To examine the risks associated with the misuse of data, ID Analytics conducted an internal data theft study, as reported in CRM Daily.

A little more than a week ago, retail store operator TJX settled a class-action suit filed over the theft of 45.7 million credit and debit cards from its system.

A bipartisan think tank is calling on the incoming Obama administration to enact sweeping changes in U.S. cybersecurity policy -- a move that aims to close holes in the nation's and federal government's Internet infrastructure.

While 92 percent of security professionals in new Ponemon-Lumension study say their organization suffered a cyberattack, only 55 percent of IT staffers said the same

Paul Ducklin, Sophos' Head of Technology, Asia Pacific, offers his predictions for the security landscape in 2009

Seventy per cent of SMEs are failing to protect their corporate networks from Wi-Fi invasions, according to network access control vendor Napera Networks.

UAE bank-card users are under continued attack from an international fraud in which tens of millions of dirhams have been taken from accounts.

As handheld devices gain more data features and storage, they also are increasingly becoming a smoking gun in an enterprise data breach, especially when it comes to the insider threat, security experts say. But getting hold of these devices and freezing the evidence on them isn't so easy.

ID Analytics, a provider of on-demand identity intelligence, conducted an internal data theft study that provides an analysis of the behavior patterns associated with the misuse of identities stolen from the workplace by employees. The study's findings also provide an understanding of the harm resulting from an internal versus external data breach.

A study in the works from J. Campana & Associates indicates that public- and volunteer-sector enterprises -- schools, government agencies, non-profits and such -- account for well over half of all info-security breaches.

The state law requires businesses that �own, license, store or maintain personal information� on customers to encrypt that data, especially on portable devices such as laptops. That responsibility is extended from the primary business to contractors, such as telemarketing firms, and it extends to transmissions on wireless devices such as BlackBerries.

Close to 500,000 customers of Canadian Imperial Bank of Commerce's Talvest mutual funds unit will never know if their personal data was accessed by outsiders, a nearly two-year investigation has concluded.

Data hackers are silently infesting corporate organisations and creating an invisible battlefield, but so many Boards of Directors will not admit to their vulnerabilities and weaknesses.

Data abuse is a rapidly growing problem in the UK. In all walks of life, in both the private and public sectors, we hear of major security breaches over personal data, and public concern over such breaches is becoming more and more voluble. However, few commentators have highlighted the fact that personal data on the commercial markets is also subject to increasing levels of abuse.

During the past year, banks have lost more of their customers' personal data than ever before. According to numbers released Nov. 18 by the data breach tracking organization Identity Theft Resource Center, financial institutions were responsible for more than half the 33 million personal records known to be lost in all reported data breaches so far this year, compared with just 7% of known lost records in 2007.

Close to half a million people will likely never know whether their personal information was compromised in a data breach at the Canadian Imperial Bank of Commerce (CIBC), according to the Office of the Privacy Commissioner of Canada.

It goes without saying information security breaches cost companies money, but more than that they can cost your reputation. Breaches often result in lawsuits, settlements, compliance penalties, reputation damage, brand damage and a loss of employee confidence.

IBM Corp. denied Friday that the company had failed to live up to the terms of the $863 million contract with the State of Texas to consolidate the data centers of 27 state agencies.

Cisco published the final installment of its comprehensive study into data leakage trends last week, with the latest results highlighting the continued contribution of insider activity to the overall problem of electronic information loss.

The first ripples of a growing wave of cybercrime may be appearing. In the physical world, the connection between declining business and crime is simple enough: As the above-ground economy suffers, the underground economy swells.

Since June of 2008, all merchants accepting credit cards have been required to become PCI-DSS compliant. PCI-DSS is a security standard to help prevent and control loses from businesses losing card holder data, specifically credit card numbers.

The UK's privacy and data protection watchdog, the Information Commissioner's Office (ICO), is seeking the power to fine businesses up to 10% of their revenues for breaking data laws.

A newly formed group, the Alliance for Secure Business Information, recently released the results of a survey that found that nearly half of data breaches reported by respondents involved paper documents.

Express Scripts, a pharmacy benefits manager that does business in all 50 states, is offering $1 million reward for information leading to a data breach last month that compromised personal and in some cases medical information on at least 75 people, the company said Tuesday.

November 24th is set to see a peak in the spread of viruses and malicious software.

A major vulnerability in Adobe Reader has been detected by Trend Micro.

The law governing corporate information security obligations in the United States is rapidly expanding. The newest legal obligation, created largely by laws enacted during the past 18 months, is the duty to disclose security breaches involving sensitive personal information to those who may be adversely affected by such breaches.

When it comes to data-loss prevention, good network security can make all the difference, as Intel and its former employee, Biswamohan Pani, discovered. Pani was indicted by a grand jury last week for allegedly stealing more than $1 billion in Intel's intellectual property after the former design engineer jumped ship to competitor AMD.

Chinese hackers have been able to successfully attack the White House computer network and obtain email messages between United States' government officials, the Financial Times reported Friday, citing a senior U.S. official.

St. Louis-based Express Scripts announced that it received a letter from an unknown source trying to extort money from the company by threatening to expose millions of the company's patient records. The pharmacy benefit management company said that the letter included the personal information of 75 members, including their names, dates of birth, social security numbers, and in some cases, their prescription information.

A New York man has been charged with providing co-conspirators with a "sniffer" program for capturing payment card data as it traveled across corporate networks; he is apparently the latest person to be indicted in connection with data breaches at TJX Companies Inc. and other major retailers.

The number of data breaches reported to the U.K.'s Information Commissioner's Office (ICO) has soared to 277 in almost a year, new figures released Wednesday revealed. In almost 12 months, 80 of those breaches concerned the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector, among others.

Crystal IT ( www.crystalit.us), a provider of comprehensive data loss solutions redefines data security with the introduction of its Avert(TM)-Access Control, the premier front-end module for its comprehensive multi-level approach. As many data loss prevention companies scramble to find a viable solution to handle the unprecedented levels of data breaches, Crystal IT is moving forward to lead the industry.

It is almost a year ago since 25 million child benefits records were lost by the HMRC but this is really only the tip of the data loss iceberg - since November 2007 the breach total has risen to 277 unique cases.

Almost 80 per cent of local organisations have experienced a data breach in the past five years, with a further 40 per cent reporting between six and 20 known breaches during the period, according to Symantec's first Australian data loss survey.

A pair of prominent Republicans supporting presidential candidate John McCain urged the Ohio inspector general yesterday to investigate the use of government computers to find personal information about "Joe the Plumber."

Earlier this year the head of Revenue and Customs resigned after his department lost the details of as many as 15 million child benefit claimants in what was believed to be the world's biggest ID protection failures.

New study from EMC's RSA security division reveals innocent insiders' dilemmas with security policies, remote and role-based access, and mobility Over 50% are working around IT security policies in order to get their jobs done

Since the mid 1990s, private sector and government researchers as well as the media have tracked not only the growth of the laptop market but also frequent losses. At the same time, law enforcement and security professionals quickly realized that laptop theft was a swift portal to even more valuable confidential information.