BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

EPA data breach highlights worrying trend

From: security curmudgeon <jericho () attrition org>
Date: Wed, 8 Aug 2012 12:40:42 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.csoonline.com/article/713031/epa-data-breach-highlights-worrying-trend

By Taylor Armerding
CSO
August 07, 2012

In the war over government data security, the statistics indicate the bad 
guys are winning. And some security experts say any hope of reversing that 
trend will take "a whole new paradigm" in IT security.

The U.S. Government Accountability Office (GAO) reported last week that 
federal data breaches involving unauthorized disclosures of personally 
identifiable information increased by 19%, or about 13,000 to 15,500, from 
2010 to 2011.

At least some of the time, victims of those breaches are being left in the 
dark about it for months. About 123,000 Thrift Savings Plan participants 
whose personal information was compromised in a July 2011 breach were not 
notified until this past May.

That is not the only instance. The Washington Business Journal reported 
that the U.S. Environmental Protection Agency (EPA) waited until last week 
to notify 5,100 employees and 2,700 "other individuals" of a data security 
breach last March that exposed their Social Security numbers and banking 
information.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: