Monthly Archives: November, 2008

UK: Gov’t rules out data-breach notification law…

The UK government has announced that it will not be implementing a data-breach notification law.

Following a recommendation by information commissioner Richard Thomas in July, the government announced in a report on Tuesday that it will not introduce a compulsory data-breach notification law for private-sector organisations.

“After considering the analysis of the experience of the US in the area of data-breach notification legislation, the government is not intending to implement similar legislation to that in operation in the US,” states the Response to the Data Sharing Review Report.

It is already mandatory for public-sector organisations to report any significant actual or potential losses of data to the Information Commissioner’s Office (ICO). Private-sector organisations should report data breaches “as a matter of good practice”, states the report, and the ICO should take into account of any lack of reporting by a private-sector organisation in its enforcement action.

Fines for companies that are found in breach of data-protection laws are to be raised, states the report. The Ministry of Justice is working with the ICO to determine the level of the maximum fine.

Posted by Lyger

Virtual Heist Nets 500,000+ Bank, Credit Accounts

Courtesy [Infowarrior] – Richard Forno

Sat, 01 Nov 2008 08:08:47 -0700…

A single cyber crime group has stolen more than a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in existence, according to research to be published today. The discovery is among the largest stolen data caches ever recovered.

Researchers at RSA’s FraudAction Research Lab unearthed the massive trove of purloined data while tracking the activities of a family of spyware known as the “Sinowal” Trojan, designed to steal data from Microsoft Windows PCs.

RSA investigators found more than 270,000 online banking account credentials, as well as roughly 240,000 credit and debit account numbers and associated personal information on Web servers the Sinowal authors were using to set up their attacks. The company says the cache was the bounty collected from computers infected with Sinowal going back to February 2006.

“Almost three years is a very, very long time for just one online gang to maintain the lifecycle and operations in order to utilize just one Trojan,” said Sean Brady, manager of identity protection for RSA, the security division of EMC. “Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006.”

To subscribe OSF’s Data Loss Mail List, send a mail to:

Posted by Lyger