These days, it’s not hard to find news stories about personal, private and / or sensitive data being leaked or exposed in massive data breaches. An attacker found a way to get from an untrusted network into the POS system (Target, Home Depot). An attacker found a vulnerability in a website and downloaded a treasure […]
If your business accepts credit cards, you’ve probably heard the term PCI or PCI DSS and whoever does the credit card processing for you (your merchant provider) probably has you fill out a form regularly to verify your compliance with PCI DSS. So, what is PCI DSS Compliance? What is the SAQ (Self Assessment Questionnaire) […]
Executive Summary Financial, healthcare and other personal / private information is a treasure trove for criminals and the proliferation of online records (payment, healthcare, etc.) and data sharing between entities (e.g., web portals for accessing healthcare records, payment portals for both B2B and B2C payment processing, etc.) gives these criminals countless opportunities to find data […]
What is PCI DSS? PCI DSS is the Payment Card Industry Data Security Standard. It is used to establish a security baseline for merchants who process, store or transmit payment card data. If you accept credit cards, PCI DSS applies to you. Are there consequences for failing to maintain PCI Compliance? The short answer is […]
According to articles from ThreatPost and DataBreachToday, InterContinental Hotels has confirmed a breach in systems used at 12 of it’s properties and notes that the systems were infected between August and December of 2016. According to both reports, cards used at the front desk of the properties were not affected but that the malware searched […]
According to this article, American Express cardholder data may have been accessed as the result of a breach of a third party network. American Expreds stressed that their systems were not accessed but encouraged card members to watch for fraudulent activity on their statement. The article points out that, similar to other recent large breaches […]
According to this article from Ars and this article by Krebs, Staminus Communications, a web hosting provider that specializes in security and DDoS mitigation company was breached, it’s customer data taken and the network taken offline sometime on Wednesday (the Krebs article notes that they were offline for 20 hours until Thursday evening). Staminus has […]