Re: [Dataloss] Best Buy Suffers Second Email Breach

[Dotzero <dotzero () gmail com>]

On Fri, May 6, 2011 at 6:27 PM, Jeffrey Walton <noloader () gmail com> wrote:
> > Best Buy had already parted ways with that provider
> > prior to the discovery of the breach, he said, due to a
> > "strategic business decision."
> Again begs the question: why is the unnamed firm retaining the data
> which belongs to another [who severed the relationship]?

Based on the article it appears that the loss may have occurred before
the relationship was severed but the notification took place after the
relationship was severed. There is nothing in the article to indicate
whether the data was held after the relationship was severed.

> On Fri, May 6, 2011 at 5:37 AM, security curmudgeon
> <jericho () attrition org> wrote:
> > http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229402808/best-buy-suffers-second-email-breach.html
> >
> > Best Buy Suffers Second Email Breach
> > Epsilon hack victim's customer emails exposed yet again -- via a different vendor
> > May 04, 2011 | 05:05 PM
> > By Kelly Jackson Higgins
> > Dark Reading
> >
> > Best Buy, which was among the 100 or so companies hit in the recent
> > Epsilon breach, is responding to a second consecutive breach at the hands
> > of one of its vendors.
> >
> > The big-box electronics retailer found on April 22 that email addresses of
> > some of its customers had been "accessed without authorization" via one of
> > its vendors, according to a Best Buy spokesman, who declined to name the
> > vendor. Best Buy had already parted ways with that provider prior to the
> > discovery of the breach, he said, due to a "strategic business decision."
> >
> > Best Buy would not elaborate on how many customer emails were stolen or
> > provide any details about the attack. It's unclear whether the latest
> > breach was in any way connected to the Epsilon incident.
> >
> > "I don't know that they are related. But it's an interesting coincidence
> > time-wise," says Dave Marcus, director of McAfee Labs security research
> > communications.
> >
> > [..]
> _______________________________________________
> Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
> Archived at http://seclists.org/dataloss/
> Unsubscribe at http://datalossdb.org/mailing_list
>
> Learn encryption strategies that manage risk and shore up compliance.
> Download Article 1 of CREDANT Technologies' The Essentials Series:
> Endpoint Data Encryption That Actually Works
> http://credant.com/campaigns/realtime2/gap-LP1/
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/