From the folks at Attrition and the DatalossDB.
---------- Forwarded message ----------
From: security curmudgeon <jericho@attrition.org>
Date: Aug 12, 2009 4:22 PM
Subject: Follow-up: Heartland CEO on Data Breach: QSAs Let Us Down
To: dataloss-discuss@datalossdb.org, dataloss@datalossdb.org
http://www.csoonline.com/article/499527/Heartland_CEO_on_Data_Breach_QSAs_Let_Us_Down
Heartland CEO on Data Breach: QSAs Let Us Down
Sent: Monday, July 27, 2009 2:35 PM
To: McDonnell, Michael
Cc: Choon Ming; bugtraq@securityfocus.com; full-disclosure-bounces@lists.grok.org.uk
Subject: Re: computer crime statistics
Try the Verizon Business Data Breach investigations report. I think it
has some statistics you are looking for.
http://www.verizonbusiness.com/products/security/risk/databreach/
Scotty
* WHID 2009-1: Gaza conflict cyber war (http://www.xiom.com/whid-2009-1)
Other incidents of interest added recently to WHID:
* WHID 2008-43: Russian nuclear power web sites attacked amid accident
rumors
* WHID 2008-36: RBS WorldPay Data Breach Hits 1.5 Million
* And lastly, the big TJX hack, that finally got into WHID as new reports
suggest that web hacking also had a role in it, WHID 2007-89: The big TJX
hack
2. PRODUCT DESCRIPTION
PGP Desktop Email provides enterprises with an automatic, transparent
encryption solution for securing internal and external confidential
email communications. With PGP Desktop Email, organizations can
minimize the risk of a data breach and comply with partner and
regulatory mandates for information security and privacy.
(http://www.pgp.com/products/desktop_email/index.html)
3. VULNERABILITY DESCRIPTION
* WHID 2009-16: Primary schools hit by smut hack
(http://whid.webappsec.org/whid/2009/16/primary_schools_hit_by_smut_hack)
We also continue to follow older incidents and the following incidents where
significantly updated this week:
* WHID 2008-36: RBS WorldPay Data Breach Hits 1.5 Million
(http://whid.webappsec.org/whid-2008-36) - scope of incident revealed.
* WHID 2008-01: Information stolen from geeks.com
(http://whid.webappsec.org/whid-2008-01) - FTC settlement documents shed
light on the incident.
Try the Verizon Business Data Breach investigations report. I think it
has some statistics you are looking for.
http://www.verizonbusiness.com/products/security/risk/databreach/
Scotty
McDonnell, Michael wrote:
> You probably will have more look searching databases provided by your local
> library. If your local University has a data librarian they might be able to
This may help as well:
http://www.privacyrights.org/ar/ChronDataBreaches.htm
Michael Theroux
IT Security Specialist
Plexus Corp.
-----Original Message-----
* WHID 2009-16: Primary schools hit by smut hack
(http://whid.webasppsec.com/whid/2009/16/primary_schools_hit_by_smut_hack)
We also continue to follow older incidents and the following incidents where
significantly updated this week:
* WHID 2008-36: RBS WorldPay Data Breach Hits 1.5 Million
(http://whid.webasppsec.com/whid-2008-36) - scope of incident revealed.
* WHID 2008-01: Information stolen from geeks.com
(http://whid.webasppsec.com/whid-2008-01) - FTC settlement documents shed
light on the incident.
