Diary of a Data Breach Investigation

[security curmudgeon <jericho () attrition org>]

http://www.cio.com/article/487728/Diary_of_a_Data_Breach_Investigation

By Anonymous
Wed, April 01, 2009  CSO  Monday

When the CISO asks to speak to you with that look on his face, you know 
the news isn't good. We were contacted by one of our third-party vendors, 
whom we had hired to do analysis on our website traffic.

It appears that we have been passing sensitive information to them over 
the Internet. This sensitive information included data, such as customer 
names, addresses and credit card information. Because we are a public 
company, there are many regulatory guidelines that we have to follow like 
Sarbanes-Oxley (SOX) and the Payment Card Industry's (PCI) data security 
standard.

Fortunately for us, our vendor has retained a copy of everything that we 
have sent to them.

Unfortunately for us, it was six months of information totaling over a 
terabyte.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss