Breach affects 100,000 Navy, Marine Corps personnel
The latest data breach to affect the U.S. military has left 100,000 Navy and Marine Corps personnel at risk for data fraud. According to the Reuters news service, personal data belonging to aviators and air crew was publicly available on a Web site for more than six months. The Navy has confirmed it's investigating how that was allowed to happen, but it's still unclear what the ramifications might be. Last December, the full names and Social Security numbers of active and reserve members who have served in the last 20 years appeared on the Naval Safety Center Web site, Reuters said. At the time that information appeared on the Web site, Navy and Marine Corps commands received the same data on 1,083 program disks that were mailed out as part of the service's Web Enabled Safety Program. Thursday, the Naval Safety Center learned of the problem and wiped the information off the Web site. Safety center spokeswoman Evelyn Odango told Reuters the problem appeared to be an errant file. "The information was inadvertently included in a file that was then posted on the Web," she said. "We found out about it through a Web site user and it was removed immediately."
Phishing scam uses phone trick to dupe PayPal users
UK-based antivirus firm Sophos said it has uncovered a new phishing scan that tries to trick PayPal customers into calling a phone number and giving up their credit card information. The email, which
PCI security standard getting more teeth
Every merchant that handles credit card data has spent the last year adjusting to the Payment Card Industry (PCI) data security standard. Now it appears that standard is about to be made tougher, with MasterCard International Inc. and Visa USA Inc. preparing to unveil new security rules in the next 30 to 60 days. Eduardo Perez, vice president of corporate risk and compliance at Foster City, Calif.-based Visa, told Computerworld that some of the new rules will better address the growing list of Web application security threats, while others will mandate that companies ensure the third parties that they deal with have adequate controls to protect credit card data.
Survey: 84% suffer security incident in past year
Security breaches are becoming more common in the business world than some might expect, according to the results of a survey conducted by New York-based CA Inc. The firm polled 642 large North American organizations and more than 84% of respondents admitted experiencing a security incident over the past 12 months. In a breakdown of the findings, CA said security breaches have increased 17% since 2003. As a result, 54% of organizations reported lost workforce productivity; 25% reported public embarrassment, loss of trust/confidence and damage to reputation; and 20% reported losses in revenue, customers or other tangible assets. Of the organizations which experienced a security breach, 38% suffered an internal breach of security. CA said the findings indicate that security isn't being taken seriously enough at all levels of an organization, especially in the financial service industry. Nearly 40% of respondents indicated that their organizations don't take IT security risk management seriously at all levels, while 37% believe their organization's security spending is too low. Only 1% said it's too high.