BreachExchange mailing list archives
Diary of a Data Breach Investigation
From: security curmudgeon <jericho () attrition org>
Date: Wed, 22 Apr 2009 19:06:18 +0000 (UTC)
http://www.cio.com/article/487728/Diary_of_a_Data_Breach_Investigation By Anonymous Wed, April 01, 2009 CSO Monday When the CISO asks to speak to you with that look on his face, you know the news isn't good. We were contacted by one of our third-party vendors, whom we had hired to do analysis on our website traffic. It appears that we have been passing sensitive information to them over the Internet. This sensitive information included data, such as customer names, addresses and credit card information. Because we are a public company, there are many regulatory guidelines that we have to follow like Sarbanes-Oxley (SOX) and the Payment Card Industry's (PCI) data security standard. Fortunately for us, our vendor has retained a copy of everything that we have sent to them. Unfortunately for us, it was six months of information totaling over a terabyte. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) CREDANT Technologies, a leader in data security, offers advanced data encryption solutions. Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently across your enterprise to ensure regulatory compliance. http://www.credant.com/stopdataloss
Current thread:
- Diary of a Data Breach Investigation security curmudgeon (Apr 22)