Tweet 'n' Low
The Federal Trade Commission has reached an agreement with Twitter Inc. that prohibits the company from making misleading statements about its protection of the privacy, confidentiality and security of personal consumer information for 20 years, Bloomberg News
In January and May of 2009, hackers gained control of consumers' personal Twitter account information, and they were able to impersonate them, sending out e-mails from their accounts, Bloomberg reported on March 11.
The issue is significant to bankers because consumers often reuse the same passwords for multiple accounts online.
Under the agreement, Twitter, of San Francisco, must set up a security program for consumer information, which will be reviewed by an independent auditor every year for 10 years. If Twitter violates the agreement it could face fines of $16,000 per infraction, Bloomberg reported.
IE Spy
Microsoft Corp. is correcting a so-called
The exploit could potentially affect all users of the Windows operating system. It lets hackers pose as the user and steal information from them.
At issue for the banks is IE's use of MHTML, or "mime" HTML, which can combine images and HTML code into one file. MHTML also works hand in hand with ActiveX, which powers most online banking sites.
A quick fix would be to deactivate ActiveX, experts said, but that would impair those websites. Microsoft has not yet released a patch for the problem.
Breach Day
The cost of data breaches for companies continues to rise, according to a
In 2010 the average cost was $214 per record for organizations, compared with $204 in 2009. The average cost to organizations was $7.2 million, up from $6.8 million, the report said.
Rapid responders, contrary to what many assume, paid more than those companies that waited: For companies that notified customers of a breach within one month, costs were $268 per record, compared with $174 per record for companies that took longer to respond. Rushing to resolve breaches costs companies more, the report said.
Malicious attacks were the most costly and caused 31% of all data breaches, up 7 percentage points from 2009. Malicious attacks cost $318 per record.
Negligence, however, remains the most common threat, accounting for 41% of all data breaches. The cost associated with these breaches was $196 per record.
Ponemon Institute, of Traverse City, Mich., and Symantec, of Mountain Valley, Calif., released the report on March 8.
Gas Guzzlers
Police thwarted a scheme to steal thousands of credit card numbers at gas stations in Mountain View and Los Altos, Calif., the San Jose Mercury News
The skimming took place in December, but authorities did not release details until March 8. Boris Tumasyan, 24, and Sarkis Sarkisyan, 23, allegedly collected more than 3,600 credit card numbers from gas pumps, the Mercury News reported.
Police were alerted after a gas station attendant investigated an error message at one of the skimmed pumps.
When the attendant opened the pump, the story said, he found a circuit board and wires, components of the skimmer. Police then installed an alarm system in the pump.
When the alleged scammers returned to open the pump, it tripped the alarm, and police arrested the duo.
Tumasyan and Sarkisyan were charged with conspiracy, altering a computer and acquiring credit card information with the intent to defraud.
Both men are expected to enter pleas in April.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
