Data Loss Database Blog

1 CommentsOpen Security Foundation Launches New Cloud Security Project

2010-07-27 by jkouns

The Open Security Foundation, providing independent, accurate, detailed, current, and unbiased security information to professionals around the world, announced today that it has launched Cloutage (cloutage.org) that will bring enhanced visibility and transparency to Cloud security. The name Cloutage comes from a play on two words, Cloud and Outage, that combine to describe what the new website offers: a destination for organizations to learn about cloud security issues as well as a complete ...

(read more...)

3 CommentsJCPenney has dodged a huge bullet... until now.

2010-03-29 by d2d

Now being reported in the mainstream media, JCPenney was "Company A" in the recently infamous Albert Gonzalez trial. In court filings, we found some attachments that seem to have been a convincing factor in the judges decision to unseal the identity of "Company A", a.k.a JCPenney. JCP fought hard to keep its identity concealed, but ultimately it would seem that these attachments, as well as some reporting by Evan Schuman made the difference.

Attachment A, filed in document 14 of the case (f

...

(read more...)

5 CommentsCourt Says Posting PII Online is Cool -- First Amendment Cool

2010-03-24 by d2d

I'm going to have to apologize in advance for the extreme use of ellipses here. I'm frankly confused as can be over this blog post, and the result is aggressive punctuation.

In what seems to be one of the most ridiculous situations we've read about recently, the Richmond Times reports that a U.S. District Court judge has ruled that a woman posting Social Security numbers of government workers online was, well... *cough*... *pains me to type this*...protected by the First Amendment. Yes... p

...

(read more...)

0 CommentsFringe Incidents

2010-03-23 by d2d

Since the database's inception, we have added incidents based on specific criteria and omitted incidents that didn't quite fit that criteria. The criteria has traditionally been:

• An incident must have lost one or more of the following data types:
  • Social Security or national ID number
  • Credit card number
  • Bank account number
  • Medical record
  • Financial account number
• AND the number of records lost/stolen/missing must be greater than 10,
• AND the data lost must have had

...

(read more...)

0 CommentsOpen Security Foundation - Advisory Board - Call for Nominations

2010-02-12 by jkouns

The Open Security Foundation (OSF) is an internationally recognized 501(c)(3) non-profit public organization seeking senior leaders capable of providing broad-based perspective on information security, business management and fundraising to volunteer for an Advisory Board. The Advisory Board will provide insight and guidance when developing future plans, an open forum for reviewing community feedback and a broader view when prioritizing potential new services.

OSF was founded in 2004 and ...

(read more...)

0 CommentsOpen Security Foundation - State of the Union 2010

2010-02-06 by jkouns

The Open Security Foundation (OSF) has grown from a humble beginning in 2004 to an internationally recognized 501(c)(3) non-profit public organization. Through the work of a small team of dedicated information security enthusiasts, the Open Source Vulnerability Database (OSVDB) and DataLossDB projects have provided organizations of all sizes with the knowledge and resources to accurately detect, protect and mitigate information security risks. OSF research is often cited throughout the securi...

(read more...)

4 CommentsWhere did the breach go?

2010-01-07 by d2d

Where on earth did the breach go? We've asked ourselves, we've asked others, and we've been asked by many.

The simple answer is, we don't know! It could be anything, really, that has caused the dramatic decline in reported data loss incidents in 2009. Here are a few ideas:

• The decline is media related. Data breaches are 'passé'.
• Organizations are implementing better security.
• Organizations aren't reporting incidents.
• Solar Flares

None of these, with the exc

...

(read more...)

0 CommentsHappy Holidays, New Year, etc

2009-12-22 by d2d

What does the coffee shop, the mall, the discount super center, the grocery store, the post office, the laundromat, and your favorite local restaurant have in common?

Aside from a fundamental desire to part you from your money, they also are a common stopping point on the way home from work, or while out shopping. This week and next, think about your data while you get that double mocha latte, or run in for a last-minute holiday gift. Leave the laptop someplace safe (not in the back

...

(read more...)

3 CommentsWhen Reporters Go Looking For Data Breaches...

2009-12-15 by d2d

They often find them, and usually get a complimentary legal threat or outright lawsuit to go with it.

Recently, a Minnesota Public Radio reporter went digging, and indeed found records exposed. The records in question were I-9 processing forms held by Texas-based Lookout Services. The undisputed truth seems to end about there. The reporter wrote about the incident, and the attention the incident stirred caused the entire state of Minnesota to stop using Lookout Services for I-9 verificati

...

(read more...)

9 CommentsFederal Data Breach Bill (H.R. 2221) Passes House

2009-12-09 by d2d

Yesterday, for the first time ever, a data breach notification bill actually came to a vote in the United States Congress. The House of Representatives passed by voice vote H.R. 2221, the Data Accountability and Trust Act. This bill and others have been introduced many times over the past several sessions of Congress, but unlike other similar bills and this bills' predecessors, H.R. 2221 not only came out of committee, but was voted on and passed.

This bill is similar in nature to multiple

...

(read more...)