[Infowarrior] - Fwd: [Dataloss] Diary of a Data Breach Investigation

Richard Forno rforno at infowarrior.org
Wed Apr 22 19:30:41 UTC 2009



Begin forwarded message:

> From: security curmudgeon <jericho at attrition.org>
> Date: April 22, 2009 3:06:18 PM EDT
> To: dataloss at datalossdb.org
> Subject: [Dataloss] Diary of a Data Breach Investigation
>
>
> http://www.cio.com/article/487728/Diary_of_a_Data_Breach_Investigation
>
> By Anonymous
> Wed, April 01, 2009  CSO  Monday
>
> When the CISO asks to speak to you with that look on his face, you  
> know
> the news isn't good. We were contacted by one of our third-party  
> vendors,
> whom we had hired to do analysis on our website traffic.
>
> It appears that we have been passing sensitive information to them  
> over
> the Internet. This sensitive information included data, such as  
> customer
> names, addresses and credit card information. Because we are a public
> company, there are many regulatory guidelines that we have to follow  
> like
> Sarbanes-Oxley (SOX) and the Payment Card Industry's (PCI) data  
> security
> standard.
>
> Fortunately for us, our vendor has retained a copy of everything  
> that we
> have sent to them.
>
> Unfortunately for us, it was six months of information totaling over a
> terabyte.
>
> [..]
> _______________________________________________
> Dataloss Mailing List (dataloss at datalossdb.org)



More information about the Infowarrior mailing list