Chronology of Data Breaches shows hundreds of ways that the personal information of consumers is lost, stolen or exposed

Canadian researcher Ron Bowes has created a sort of Wall of Sheep for the entire Internet

Manhattan District Attorney Cyrus R. Vance, Jr. announced the indictment of Iguosade Osahon, 28, for stealing more than $500,000 by exploiting stolen identity information over a three-year period

Want to keep your online data secure? You may need a 12-character password, researchers say

Preventing patient data breaches is cited as the number one priority for healthcare IT decision makers, but work remains for complying with security regulations, according to a national survey that examines IT trends in healthcare

According to an analysis by the Health Information Trust Alliance (HITRUST), regulated health care organizations that have reported health information breaches of 500 or more people could cumulatively spend upwards of $1 billion in related costs

Survey finds 69% of IT managers regularly send highly sensitive information -- payroll, customer, or financial data -- via unsecured e-mail, finds Ipswitch study

Data breaches are occurring at health-care organizations at a much higher rate than in any other industry

According to a study on Cybercrime released by Verizon Wireless almost half of security breaches in the United States Government are committed with the help of insiders with knowledge of the system

There have been 41 data breaches involving financial institutions so far in 2010 - well on the way to surpassing the 62 such incidents in all of 2009

Of the 385 organizations hit with data breaches so far this year, 113 were in health care, according to the Identity Theft Resource Center's report for July 28

The 2010 Verizon Data Breach Investigations Report, based on a first-of-its kind collaboration with the U.S. Secret Service, has found that breaches of electronic records last year involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups

The Digital Forensics Association announces the release of a new research study on data breaches

New Ponemon report studies real attack cases and their financial fallout; new Digital Forensics Association study tallies five-year public breach data

The disappearance of 800,000 patients’ records from South Shore Hospital spotlights the growing danger of medical identity theft, which is an increasingly popular target for organized fraud rings

A Freedom of Information request has revealed that the Ministry of Defence has lost 340 laptops in the last two years, with nine staff disciplined

Nearly 13 million people have suffered from identity theft so far this year. That's ridiculous! Lax security threatens to hammer a nail in the coffin for privacy.

As many as 9 million Americans have their identities stolen each year, according to the Federal Trade Commission, which is pressing businesses to step up their levels of data oversight under a new red flags rule set to go into effect that went into effect on Dec. 31

A law forcing all organisations to publically declare data breaches is expected to be in place in the UK within four years

ICO blames lack of staff training for the loss of data relating to over 9,000 children

Companies rely on the expertise of information security professionals to protect that data and prevent unauthorized access. The question, though, is who is protecting the sensitive and confidential data from the information security professionals?

Consumers may soon have a stronger voice when it comes to data breaches. The Senate Judiciary Committee recently approved two bills: the Data Breach Notification Act and the Personal Data Privacy and Security Act, which, if they become law, will require businesses whose data has been compromised to inform all affected consumers of the breach – and in a timely fashion

U.S. Department of Health and Human Services (HHS) issued new data breach notification regulations for healthcare providers, health plans and other entities that are covered by the HIPAA

From tomorrow small businesses that take credit card payments will be obliged to enrol in the credit card industry's Payment Card Industry Data Security Standard (PCI DSS) compliance programme.

More than 800 patient records are lost by the NHS every day, startling figures revealed last night. The scale of breaches emerged in exclusive Daily Mail research into the scandal of sensitive data that is lost or stolen

Companies that collect personal information need to develop plans in advance to guard against data theft so they can protect the company in case of a breach and communicate to those affected, according to a panel of experts

A Louisville hospital is facing a potentially devastating lawsuit over a major data breach

ACE announced the launch of a new audio podcast: "How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised."

Sophisticated hackers aren't the only ones gaining access to sensitive data on the Interne

After agreeing to a $60 million settlement with Visa earlier in the year, Heartland Payment Systems has added another $41 million to the pot for MasterCard

Since the Health Information Technology for Economic and Clinical Health (HITECH) Act went into effect, requiring hospitals and other health care organization to beef up client data protections. Despite this, a recent study found that health care data is still hemorrhaging from peer to peer networks

Javelin Strategy and Research estimates that credit and debit card issuers spent $252.7 million in 2009 replacing more than 70 million cards compromised by data breaches

With every company reliant on software to run its business, an alarming rise in data breach incidents across industries means application security is becoming an increasingly critical part of any organisation�s overall IT security strategy

The number of entities that have reported major patient information breaches to HHS' Office for Civil Rights nearly tripled from 32 in February to 93 by June 11, HealthLeaders Media reports

Five California hospitals got an expensive reminder of just how serious the state is about protecting patients' sensitive data. Expect more of the same in the near future

Issues for Industry and Public Policy,� focuses primarily on potential public policy responses to the security to the corporate credit and payment card systems

Forty-eight of the 55 US states and territories have some form of data breach law on the books

Four South Central and three London trusts are unable to use a Cerner IT upgrade centre in Kansas due to data security fears

Irish organisations which lose the personal data of more than 100 people will have to report the data security breach to the authorities, according to new rules proposed by that country's privacy regulator

Recent report by the Ponemon Institute found the average global total cost of data breaches jumped to an astounding $6.75 million total cost per breach, with an average cost of $204 per affected record.

Federal courts are getting far more aggressive in penalizing companies that fail to protect confidential client data

While mortgage brokers undertook positive steps following a series of data breaches, a privacy audit by the Office of the Privacy Commissioner of Canada highlights outstanding issues that left the personal information of both clients and non-clients at risk

Colorado Casualty Insurance Co. has filed a federal lawsuit maintaining that it is not responsible for compensating the University of Utah for $3.3 million in costs related to a 2008 data breach

Javelin Strategy and Research estimates credit and debit card issuers spent $252.7 million in 2009 replacing more than 70 million cards compromised by data breaches

More and more states have enacted legislation concerning data breaches, but the hacker is not the only way small businesses gets breached

government laws and regulations do not directly mandate data encryption, they effectively require companies to encrypt data

Theft or loss of personal data relating to more than 100 individuals would have to be reported to the Data Protection Commissioner under a draft code of practice outlined today

More than 1,000 security breaches involving the loss of personal data have now been reported to the Information Commissioner's Office, with the list topped by the NHS, the privacy watchdog said on Friday.

Credit card information not secured

Facebook, MySpace and several other social-networking sites have been sending data to advertising companies that could be used to find consumers' names and other personal details

Under proposed laws companies might be forced to inform their customers of data breaches

This study, by Perimeter CTO Kevin Prince, provides a review of the scope and impact of data security breaches in an effort to encourage proactive modification to risk mitigation technologies, policies, and procedures that reduce exposure to a data breach incident

International Monetary Fund wants more power to probe individual companies to see if they pose the type of broad risks that crippled the world economy in 2008

Heartland Payment Systems Inc. late on Wednesday announced a $41.4 million settlement with MasterCard Inc

The National Retail Federation (NRF) estimates that over a 1 billion has been spent on PCI compliance, What is needed, it seems, is a technology based solutions

Nearly eight months after new rules were enacted requiring stronger protection of health care information, organizations are still leaking data

The hotel industry has become a prime target for hackers.

Two instances of health data breaches this week served as a stark reminder that laptops might be the more insidious information security threat to government healthcare organizations

Internal staff have traditionally been viewed as a bigger threat to business security than external hackers, does this still holds true given the increasing sophistication of cyber criminals

A House panel will hold a hearing next week to assess the agency's information security practices.

Experts help retailers withstand first wave of PCI-compliance standards

There have been several new regulations that have come into effect that require businesses to take specific steps to secure their customers' data.

Since the Health and Human Services Dept. started posting a list of health care breaches, there have been 64 incidents reported, affecting more than 1 million people

Between Sept. 22, 2009, and Feb. 15, 2010, at least 47 instances of breaches of unsecured protected health information occurred in the United States

Most laws are state-by-state, with only a few federal laws in place. An in-depth look at state laws

Regulations requiring U.S. companies to notify customers when their data has been compromised is taking its toll on corporate bottom lines

British businesses have seen a rise in data breaches as they fail to protect against threats brought in by the adoption of new technologies, according to research by PricewaterhouseCoopers.

Businesses should be looking at who has access to their data inside the company rather than who is trying to get in, claims a senior security executive

U.S. corporations faced highest costs among world powers -- existence of breach notification laws affected cost numbers country-to-country

A new study shows just how much data loss disclosure rules punish firms that have spilled sensitive information.

ICO voluntarily reported 287 data breaches over the past few years

Since 2005, there have been a least 358.4 million digital data breaches that resulted in the loss of U.S. consumers' personal information, according to new research from The Privacy Rights Clearinghouse

A just released survey of about 200 compliance executives in hospitals from around the country shows that data breaches and medical identity theft continue to soar

Patient data maintained by hospitals represents a potential playground for anyone with an inclination toward fraud and theft

A new version of the data-stealing trojan Zeus is for the first time able to successfully exploit Mozilla's Firefox browser to commit online banking fraud

Spring 2010 HITECH Act Hospital Compliance Report

The survey of 728 IT professionals found many enterprises are having trouble keeping pace with access changes resulting in many employees having more access to systems than necessary

The physical theft or loss of a device containing corporate information is the largest single reason for data breaches, the latest Global Internet Security Report from Symantec reveals

Forty-six states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information

On April 7, 2010, Mississippi enacted a data breach notification law

The state of Virginia has passed a breach notice law requiring notice of security breaches involving medical information

"We need to talk about security, it's becoming an issue."

Theft of computer equipment, staff and third-party negligence, and inside hackers caused the majority of patient data breaches

Websense recently revealed the findings of its data security survey conducted amongst 50 CIOs

A study conducted by the Ponemon Institute and sponsored by IBM shows growing recognition among C-titles executives of the importance of data protection

Hackers are now stealing credit-card data from hotels more often than any other industry

The risk of data theft in the financial services industry is high considering the kind and amount of customer information that is stored at banks.

Most organizations won't go public about an attack unless they have to, but security experts say there are ways to collaborate without being stigmatized

The insurance company is accused of failing to protect medical records, Social Security numbers, and bank account information of 446,000 customers

The U.S. Senate Judiciary Committee has approved two bills that would require organizations with data breaches to report them to potential victims.

Stricter rules won't deter government employees from using file-sharing services that can provide access to sensitive documents, such as the inadvertent release of an internal congressional report about House members' possible ethical violations, security professionals said.

Deutsche Bahn has been fined more than €1 million to cover a number of serious breaches of data protection legislation dating back over the past ten years.

During a cybersecurity discussion held Wednesday in Washington D.C., Jeffrey Troy, chief of the FBI's Cyber Criminal Section, said that law enforcement agencies could get a better grip on fighting the surge of cybercrimes if businesses were legally required to report data breaches to potential victims.

No matter how much money you've spent on IT security or how well you have trained your staff, there's a pretty good chance you will get attacked.

Joe Simitian, a Democratic state senator from California, is still scratching his head, some two weeks after Gov. Arnold Schwarzenegger vetoed SB-20, an update to the landmark 2003 Golden State breach notification bill, known as SB-1386.

Shocked and confused, junior Terry Thomas checked his bank statement and noticed a charge he did not make.

ChoicePoint, one of the nation's largest data brokers, has been fined $275,000 by the U.S. Federal Trade Commission for a data breach that exposed personal information of 13,750 people last year.

Far and away, the largest percentage of partners - 39.7 percent - cited Data Breaches as the biggest security threat facing customers in Everything Channel's State of Technology Survey.

NASA was hit with more malware than any other federal agency in 2007 and 2008, according to a new report issued by the Government Accountability Office.

Governor Arnold Schwarzenegger has vetoed an update to California's landmark data-breach notification law, saying that the new bill would be too hard on businesses without adequately benefiting consumers.

The HITECH Act's data breach notification requirement is the first such requirement to come from the federal government, but it most likely will not be the last. And from what I can tell, the harm threshold observers have been concerned about in the HITECH Act might not be as big of an issue the next time around.

Data breaches that don't involve financial information sound relatively benign. But Paul Royal recently discovered that these kinds of breaches are often part of a multi-step attack aimed at stealing personal financial data.

With the incidents of password compromises clearly increasing, webmail services like Hotmail, Gmail, and Yahoo Mail opine that the most probable cause of the data breach from their sites is 'phishing' by hackers.

Facebook has cut off scores of fake member profiles attempting to push rogue anti-virus programs to unwitting users

Chairmen of the House Energy and Commerce Committee and the Ways and Means Committee remind Health and Human Services Secretary Kathleen Sebelius that Congress considered and rejected the very rules that now trigger a health IT data breach notification.

PayChoice, which this week confirmed that its online payroll systems operations were breached on Sept. 23, is now beginning to offer details on what it thinks may have happened.

The House Energy and Commerce Committee is slated to vote Wednesday on legislation that would require strong security policies from firms that collect and store individuals' sensitive information and provide for nationwide notification in the event of a data breach.

It has become a regular occurrence in the news to see both individuals and groups of people have their personal identifying information breached.

The University of North Carolina at Chapel Hill on Friday began notifying about 163,000 women about the potential compromise of their Social Security numbers and other personal information after a hacker breached a system containing the data.

A bank's effort to prevent the disclosure of information about a data breach arising from an errant Gmail message has been rejected by a federal judge in San Jose, California.

Data breaches have hit an all time high and with that have been a dramatic increase in new data security and privacy laws and regulations.

Privacy and civil rights advocates accused the U.S. Department of Health and Human Services of trying to neuter a landmark data breach notification law for health care organizations that is scheduled to go into effect next week.

Holding software companies, ISPs and financial institutions liable for public and private sector data breaches could help prevent them, according to an internet public policy expert.

A rule requiring healthcare providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals of a breach of their unsecured protected health information will become effective September 23, 2009.

Vivek Kundra, the federal CIO appointed by President Obama in March, announced on Tuesday a cloud computing initiative designed to cut spending on government data centers, but maintain a high level of security.

Industrial manufacturing giant DuPont has sued an employee it claims was planning to smuggle trade secrets to China, according to a report this week in The News Journal of Delaware.

The U.S. Department of Health and Human Services (HHS) has issued new regulations requiring health care providers, health plans and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their protcted health information (PHI) is breached.

A socially engineered penetration test of a credit union's computer system went awry last week, resulting in the issuance of a fraud alert from the agency that supervises federal credit unions.

Hacker Ehud Tenenbaum has pleaded guilty in connection to charges of fraud that netted millions of dollars from banks in Indiana, Florida, Texas and California, according to the U.S. Attorney's office in New York.

Members of an alleged fraud ring have been arraigned in New York, charged with stealing identities and obtaining $22 million of wireless phone equipment and services

A Missouri law that takes effect Aug. 28 raises the stakes if companies that operate in the state don�t protect consumer data.

Iris scanners and facial-recognition cameras aren't just for spies anymore.

Most organizations use real data during the testing and development of applications, but are not confident about their ability to protect it, leaving a gaping security hole that can result in a data breach, according to a survey released Tuesday.

Federal indictments were handed down in Washington, D.C. on Monday against three men accused of involvement in what the U.S. Department of Justice (DoJ) is calling the largest credit- and debit-card data breach in the United States.

The man who prosecutors said had masterminded some of the most brazen thefts of credit and debit card numbers in history was charged on Monday with an even larger set of digital break-ins.

Cloakware Inc., the provider of proven software solutions for securing mission-critical information assets, reports that demand for solutions that guard against insider threats has surged in the past six months.

Over the past decade, electronic transactions have slowly supplanted paper-based systems in many industries. For example, individuals and Wall Street brokerage firms employ electronic trading; federal and state taxpayers increasingly e-file their returns; and attorneys e-file pleadings and federal court documents.

Bank of America and Citigroup account holders living in Massachusetts recently have received replacement credit and debit cards, according to a report Monday, but bank representatives do not believe a new data breach is to blame.

One of the frustrations with information security is that it's always difficult � if not impossible � to quantify risk. Without the ability to quantify risk, it's often the case that solutions that would mitigate the risk are left unimplemented because there's no way to prove that the risk would turn into a breach, downtime, or other revenue impacting incident.

Enterprises in the Asia Pacific have been warned they need to sharpen up their data security or soon face the prospect of having governments forcing them to do so.

The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed to a risk of identity theft following an inappropriate transfer of the personal information in mid-July, according to a letter sent to department employees last week.

McAfee is yet to confirm with delegates to its recent Strategic Security Conference that their details were leaked in a bulk email, as reported on iTnews yesterday.

Reports that companies involved in some of the latest data breaches were PCI-compliant continues to spark discussion of whether PCI is a solid measuring stick for overall security.

Take a look at the number of reported data leaks in the US and Australia and you could be forgiven for thinking that we�re a pretty secure lot.

The latest caches of sensitive data reportedly found on peer-to-peer (P2P) file-sharing networks are shocking:

Network Solutions, a provider of Web-related services for small and medium businesses, has started reaching out to customers about a data breach that was discovered in early June.

Network Solutions is investigating a breach on its servers that may have led to the theft of credit card data of 573,928 people who made purchases on Web sites hosted by the company.

The U.K. Financial Services Authority (FSA) fined HSBC Life 1.6 million pounds (US$2.6 million), HSBC Actuaries 875,000 pounds (US$1.4 million) and HSBC Insurance Brokers 700,000 pounds (US$1.1 million)--making a total of 3.1 million pounds (US$5.1 million) in penalties between them.

Privacy watchdog the Information Commissioner's Office (ICO) has found five more NHS organisations in breach of the Data Protection Act.

CEOs and their senior executives don't see eye to eye on key security issues, according to a new survey.

Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides.

Multinationals are fighting a battle on two fronts when it comes to cyber security as they seek to fend off new, emerging security threats and also comply with evolving global regulations.

Zurich North America Commercial has announced the Zurich Security and Privacy Protection Policy, its enhanced and expanded product to help businesses manage the financial and reputational risks of cyberspace.

Seven in ten UK organisations experienced a data breach incident over the last year, up from 60 per cent in the previous year.

California officials have received more than 800 reports of health data breaches in the first five months after a new state law went into effect January 1.

The State Department does not have an accurate accounting of its laptop computers, including ones meant for classified use, and has failed to encrypt machines as it is supposed to do to protect sensitive information, according to a new report by the department's inspector general.

Indiana says it will use a new law and improved services to better protect residents from identity theft.

A widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several government agencies, including some that are responsible for fighting cyber crime, The Associated Press has learned.

Every time you swipe your credit card and wait for the transaction to be approved, sensitive data including your name and account number are ferried from store to bank through computer networks, each step a potential opening for hackers.

Even for a place where personal information is under siege, the case of Brandy Combs is unusual.

Robert Carr was settling in for the evening in a New York hotel on Jan. 12 this year when at 10:30 p.m. he got a phone call that every financial services executive dreads.

Today's world is moving towards mobile computing due to which companies are replacing desktops with laptops. Corporate laptops mostly contain confidential and sensitive data.

Goldman Sachs has not seen its business or clients harmed by the activities of a computer programmer being held in custody for allegedly stealing secret trading codes from the firm, a source familiar with the situation said.

We're not as good as we should be at handling sensitive data.

The Delaware Attorney General's Office recently announced it reached an agreement with the TJX Companies Inc. following a multistate investigation of its data security practices.

Washington Technology received a number of trenchant comments about the July 1 Web story, "DHS requires more personal information from employees, contractors," by staff writer Alice Lipowicz.

No company wants their confidential, competitive data to wind up for sale at a market in Ghana.

Given the complexity of the compliance industry today, it's more common than not for insurance and securities organizations to outsource a portion or all of their compliance administration to an independent organization.

TJX Cos Inc said on Tuesday it reached a settlement with 41 states resolving an investigation of a data breach in its computer system, which the off-price retailer revealed in 2007.

Every time you swipe your credit card and wait for the transaction to be approved, sensitive data including your name and account number are ferried from store to bank through computer networks, each step a potential opening for hackers.

Privacy issues, not untendered contracts should be the greatest worry for Ontarians when it comes to eHealth.

The government has blocked proposals for it to collect and publish data on all NHS security breaches, GP can reveal.In a letter to ministers, written last year and released under the Freedom of Information Act, DoH director of IT implementation Richard Jeavons argued that disciplining offences was the 'responsibility of individual organisations'.

A federal class action claims AETNA insurance allowed hackers to enter its Web site and gain access to personal information about 450,000 employees, former employees and potential employees.

Hackers raided a server at the University of California, Berkeley last fall, stealing everything from Social Security numbers to immunization records in an episode that highlights one danger of moving health information from file cabinets to cyberspace, Forbes reports in a first-person account by one of the 160,000 victims.

Aviva USA, the life insurance and annuity arm of Aviva P.L.C., said it has discovered a data breach that leaked the Social Security numbers, names and possibly addresses of 550 of its customers.

Theft/unauthorized third-party use of customs officials' password for accessing the computer network (Customs Electronic Data Interchange or EDI) used by both the customs staff and the merchant community is causing loss of revenue, says an internal communication circulated to the offices at the Central Board of Excise and Customs (CBEC).

A cybersecurity report issued today by the national security and homeland security advisors to President Obama lays a useful foundation for cybersecurity policy in the coming years.

The personal medical records of tens of thousands of people have been lost by the NHS in a series of grave data security leaks.

A House committee has revived data security legislation that has languished for the last several years.

Small and medium-sized New Zealand companies are more susceptible to IT security breaches, including loss of confidential data, than similar organizations overseas, according to a global survey.

Many banks are reflexively reissuing debit cards in the wake of a breach, possibly stopping fraud losses but sustaining huge reissuance costs and eroding customers� trust. That�s according to survey research released this week.

Pfizer Inc. has reported a possible data breach that occurred March 26 when an employee left a backup hard drive in a box that was later discarded in the trash.

Credit card fraud may get most of the publicity when it comes to identity theft, but ATM and debit card theft is expected to grow 10 to 14 percent this year, according to a survey of financial institutions released today.

For now, providers have two choices under a new healthcare data privacy and security law: data encryption or breach notification.

A federal appeals court has revived a Tampa class-action suit seeking money for Florida shoppers whose credit and debit card numbers were swiped in a data breach that hit 109 Sweetbay Supermarkets.