In a decision that should send major corporations to double-check their cyberinsurance, a federal appeals court ruled Monday that retail customers could go ahead and file a class-action lawsuit against Neiman Marcus in the wake of last year's data breach.
Maria Korolov | 01 Aug | Read more
We keep hearing about them in the news. The tallies are astounding: 145 million user accounts compromised here, 40 million credit cards stolen there. What isn't always as clear with the most high-profile data breaches is how they occurred in the first place and what you can do to prevent seeing your organization in a similar headline.
John Brandon | 13 Nov | Read more
The security breach discovered at a few dozen franchises of the UPS Store, a subsidiary of United Parcel Service, provides a number of lessons for other retailers.
Antone Gonsalves | 22 Aug | Read more
Chief information security officers (CISOs) continue to have a hard time gaining the respect of other C-suite executives despite the heightened focus overall on information security.
Jaikumar Vijayan | 01 Aug | Read more
Security SNAFUs? How bad is it so far this year? Well, let's start with Snapchat's 4.6 million user database SNAFU, followed by a parade of retail stores including Neiman Marcus and Sally Beauty Holdings, telling their customers how their payment card information had been hacked. The hacker group Syrian Electronic Army was also busy tormenting Microsoft, among many others. And there's plenty of other mischief, such as denial-of-service attacks and cyber-espionage to round out what's only the first half of the year.
Ellen Messmer | 15 Jul | Read more
A lot has changed since the early years, when enterprises first began embracing the CISO position. Back then, the CISO role was primarily a technical one: control user access, secure the databases, find and patch vulnerabilities, keep the malware out, and eventually to help build secure websites and eCommerce platforms. In those days, most of the highly proprietary data resided within the local area network, the data center, or within PCs and notebooks.
George V. Hulme | 02 Jun | Read more
Follow me, if you will, on a journey back in time to just one year ago. As 2013 turned into 2014, the information security industry was buzzing about the latest spate of breaches. Target had ushered in a new era of retail security breaches, with 40 million card numbers lost to the hackers. Little did we know at the time that this was just the beginning, and small potatoes in comparison to what was to come. One year ago, Neiman Marcus and Michaels had joined Target, and <a href="http://www.computerworld.com/article/2487265/security0/security-manager-s-journal--cyberattacks-just-got-personal.html">I wrote in response to the growing number of breach disclosures</a> that "in fact, I have to wonder which retailers have <em>not</em> suffered breaches. The word on the street is that at least a half-dozen other retailers were compromised in the past few months, without publicity." Sadly, this turned out to be true. I hate being right all the time.
By J.F. Rice | 12 Feb | Read more
The recent data breaches at Target and Neiman Marcus have once again shown that compliance with the Payment Card Industry Data Security Standard (PCI DSS) is no guarantee against an intrusion.
Jaikumar Vijayan | 24 Jan | Read more