Archive for February, 2012
Personal Information is under threat from “social engineering”
Posted by brianfpennington in brian pennington on 28/02/2012
This week as uncovered two more breaches of the Data Protection Actafter action was taken by the Information commissioner and the Serious and Organised Crime Agency (SOCA) against individuals who used social engineering for profit. The more criminal of the two cases involved “private detectives” blagging confidential information for their clients to use. SOCA defines […]
PCI SSC announces formal training in Europe (London)
Posted by brianfpennington in PCI DSS Compliance on 21/02/2012
The Payment Card Industry Security Standards Council (PCI SSC) has announced three formal courses in London. The three courses are: Qualified Security Assessor (QSA) Training The PCI Security Standards Council operates an in-depth program for security companies seeking to become Qualified Security Assessors (QSAs), and to be re-certified each year. The five founding members of […]
Is the Information Commissioner having a purge on breaches?
Posted by brianfpennington in brian pennington on 16/02/2012
It seems that the Information Commissioner’s Office is releasing, on a daily basis, details of organisations that have breached the Data Protection Act. Every day some employee has done something they should not have done posted to the wrong place, not used the correct system, etc. which means the common cause is human… The latest involves Cheshire […]
Another bad day for councils but this time there were costs attached – £180,000!
Posted by brianfpennington in PCI DSS Compliance on 13/02/2012
Today the Information Commissioners Office has notified two councils of monetary fines for breaching the Data Protection Act. Croydon Council has been handed a penalty of £100,000 Norfolk County Council has been served with an £80,000 Croydon Council The Croydon Council breach was the result of an unlocked bag belonging to a social worker being […]
Bad day at the office for UK Councils as several breach the Data Protection Act
Posted by brianfpennington in brian pennington on 10/02/2012
Today the Information Commissioner has notified five councils after they breached the Data Protection Act. Information Commissioner, Christopher Graham said: “At a time when councils are increasingly working with community partners, when data is shared it is vital that they uphold their legal responsibilities under the Data Protection Act. Failures not only put local residents’ privacy […]
Report on Malware Activity for the last 6 months 2011 – M86
Posted by brianfpennington in brian pennington on 09/02/2012
M86 a web and email security company has released its review of the last 6 months of 2011. The report has some excellent screen shots of malicious attacks, particularly phishing and spam attacks. The screenshots should be shown to all school pupils and college students so they do not make the mistakes. Equally all organisations […]
PCI Security Standards Council invites payments community to input on PIN Transaction Security
Posted by brianfpennington in PCI DSS Compliance on 08/02/2012
The PCI Security Standards Council (PCI SSC), has announced the launch of a 30-day period to solicit feedback from PCI Participating Organizations on the next version of the PCI Hardware Security Module (HSM) security requirements. Hardware security modules (HSM) are non-cardholder facing devices used in connection with the protection of sensitive data, such as cardholder data (e.g. PINs), and the cryptographic […]
PayPal, Payments and PCI
Posted by brianfpennington in PCI DSS Compliance on 07/02/2012
Ingenico has announced a partnership with PayPal which will enable merchants with Ingenico POS devices to accept PayPal payment options, read the press release here. Ingenico and PayPal have each made statements on the relationship: “Today’s savvy shoppers want the option to choose how they pay for goods and are agile enough to easily switch between multi-shopping […]
E*Trade Securities Ltd falls foul of the ICO after losing customer records
Posted by brianfpennington in Uncategorized on 03/02/2012
In April 2010 E*Trade Securities Ltd discovered that 608 customer records were lost at a UK based storage facility and despite an investigate were unable to recover the records. E*Trade Securities Ltd did not have a formal agreement to store the customer information securely and subsequently informed Information Commissioner’s office in December 2010. E*Trade Securities Ltd […]
Fortnum and Mason fail PCI DSS requirements after a phone call…
Posted by brianfpennington in PCI DSS Compliance on 02/02/2012
It was reported that Fortnum and Mason’s had a Payment Card Industry Data Security Standard (PCI DSS) issue resulting from an employee asking a customer to email their credit card details so that a dispute could be resolved. “We have now fully investigated the claim that a customer was asked for their credit card details via […]
-
You are currently browsing the archives for February, 2012
Brian Pennington
-
