Reuters reports that Sega Corporation is the latest company to fall victim to hackers, following breaches at Citigroup, Sony, and the International Monetary Fund. In the government sector, the U.S. Central Intelligence Agency and the U.S. Senate sites were hacked by Lulz Security, which also took responsibility for the Sony breach. Ironically, Lulz has offered to help Sega track down those who targeted the video game company, while also releasing a letter promising new attacks on government and corporate websites. The New York Times reports that British police have arrested a man suspected of being involved in hacking international business and intelligence agencies, and possibly affiliate with Lulz. In the meantime, the Washington Post reports that the National Security Agency has rolled out a pilot program whereby it feeds Internet service providers data sets in order to help them combat cyberattacks against defense contractors.
Entries in information security (4)
The Federal Trade Commission has reached consent agreements with Lookout Services and Ceridian Corporation for inadequate data protection practices. In both cases, the FTC charged that the companies’ stated information security policies did not align with their practices, leading to a security breach that compromised 65,000 Social Security numbers and other personal data. The FTC settlement mandates that the companies implement an information security program with a third-party security audit every other year for 20 years.
According to the Washington Post, a few weeks ago, EMC reported to the SEC that its RSA Security SecurID system was victimized by “an extremely sophisticated” cyberattack. SecurID tokens are used by more than 30,000 private companies and government agencies. EMC said that, while personally identifiable information wasn’t compromised, other stolen information might pave the way for a future successful attack.
More recently, Reuters reports that online marketer Epsilon fell victim to a hacker, who accessed the names and email addresses of customers from major banks, retailers, and service providers. Affected companies included TiVo, Walgreen, Capital One Financial Corp., Target, HSN, and Citigroup. While sensitive information, such as account and credit card numbers, wasn’t stolen, the breach highlights the need for information security.
Now, the U.S. Senate Privacy, Technology and the Law subcommittee is investigating the Epsilon breach, and may move toward legislation designed to increase protection of online consumer information.
Gawker has been hacked. MasterCard’s website was brought to its knees. Amazon was attacked. The backlash of cyberattacks from supporters of WikiLeaks founder Julian Assange has reverberated through the business community, putting into stark relief the need for information security. This BNet blog post emphasizes the need for an information security policy, coupled with training and buy-in for those at all levels of an organization, is paramount.