From: security curmudgeon (jerichoattrition.org)
Date: Tue Dec 23 2008 - 04:14:39 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://www.bankinfosecurity.com/articles.php?art_id=1120

By Linda McGlasson
Managing Editor
Bank Info Security
December 22, 2008

>From Hannaford to Countrywide to the Bank of New York Mellon, 2008 has
been a year of high-profile security breaches in or impacting the
financial services industry. Here's our list of the top 10 - and lessons
that should be learned, so we aren't back revisiting these issues in '09.

1. TJX Case Winds Up, Arrests Made

Earlier this year, The TJX Companies (parent of retailer TJ Maxx) settled
in federal court and paid out millions to its federal regulator, the
Federal Trade Commission, banking institutions, credit card companies and
consumers to bring to a close the court cases that had threatened to
overwhelm the company.

The August arrest of 11 alleged hackers accused of stealing more than 40
million credit and debit cards brings law enforcement closer to closing
what is still the largest hack ever. The U.S. Department of Justice
brought charges against 11 alleged hackers from around the globe. Some of
the hacking gang were nabbed and brought to the U.S. to face trial
alongside three U.S.-based defendants. Two of the defendants, Christopher
Scott and Damon Patrick Toey, have already pled guilty in the case. Others
including the ringleader, Alberto Gonzalez, await trial.

Lesson Learned: The wide-range of the perpetrators brings to light
something that those in the cyber intelligence realm have known for some
time: Criminal hackers are part of a very mature and multi-billion dollar
industry that reaches around the world. No organization is immune to the
threat.

2. Bank of New York Mellon

An unencrypted backup tape with 4.5 million customers of the Bank of New
York Mellon went missing on Feb. 27, after it was sent to a storage
facility. The missing tape contains social security numbers and bank
account information on 4.5 million customers - including several hundred
thousand depositors and investors of People's United Bank of Connecticut,
which had given Bank of New York Mellon the information so it could offer
those consumers an investment opportunity.

Lesson Learned: For Bank of New York Mellon, know that when data is
released to a third-party that their security is as good or better than
yours. Encryption isn't just something that is good for the data held at
an institution; it's also something to consider for data that leaves the
institution.

[...]

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]