Massachusetts Executive Office of Labor and Workforce Development Breached

Client names, social security numbers, email addresses and residential addresses and bank account detail of users of the Massachusetts Executive Office of Labor and Workforce Development claim system. The 1,200 system users were warned that their personal details may have been accessed by a data-stealing worm named W32.QAKBOT.

Symantec defined the W32.QAKBOT as a worm that is capable of keylogging, collecting cookie data, DNS, operating system, private keys from system certificates and URLs. The virus can spread through a computer network, open a back door on a compromised computer that would allow someone to control the machine and keep itself hidden.

Although the problem has been fixed, Executive Office of Labor and Workforce Development is hoping people continue to use the system. It has been communicated that all possible steps are being taken to avoid future recurrence.

Sony CEO Apologizes for Data Breach

Last week, Sony announced that 24.6 million names, addresses, e-mails, birth dates, phone numbers, potentially credit cards and other private information from Sony Online Entertainment accounts could have been taken from company servers or from an old database.

Last month,  a hacker attack on the PlayStation Network may have caused the stealing of data from 77 million user accounts.

This totals over 100 million accounts that were potentially compromised.  Each potentially affected customer will get $1 million in identity theft insurance. 

Sony CEO, Howard Stringer, apologized for “inconvenience” and “concern” the data breach has caused. The company is working on restoring full and safe service as soon as possible. Stringer has a lot of brand mending to do as this breach is being referred to as one of the largest Internet security break-ins in history. 

Epsilon Breach Estimated to Cost $4B

The highly publicized data breach of email service provider Epsilon could cost the organization upwards of four billion dollars. This estimate comes from a report done by cyber risk advisory firm CyberFactors, and is dependent on what is done with the data.

               

According to CSO.com

"That figure [$4 billion] could be reached if criminals get hold of the email addresses and successfully exploit them to gather more personal information and carry out a spear-phishing blitz, according to the report. 'However, until such an event takes place and can be directly linked back to this specific breach, the estimate remains theoretical, but certainly possible given the multitude of sites that use email addresses as user IDs,' the report says."

The report goes on further to estimate that the Costs to Epsilon's customers could be $5.5 million each for notification of their customers about the theft, settlements to those customers, legal defense, compliance adjustments and loss of business.

In contrast to this report CEO of Alliance Data Systems, Epsilon's parent company, Ed Heffernan says he sees no meaningful cost or liability stemming from the incident and that they will not see the customer churn that often follows a breach. 

Although Heffernan believes he will not see significant costs as a result of the breach, the widely known act could hold weighty impacts to Epsilon and even Alliance Data’s brand. If Epsilon is lucky, the company has the potential to escape any non-compliance fines, but this does not mean they will be free of detrimental brand impact. Brand losses are approximately 49% of the cost of a data breach and Heffernan may not be taking this into account when he states that the cost will not be meaningful.

If you were a company who needed third party email services, would you want to do business with a company that had more than a million customer records at risk? Probably not.  A tactical data loss prevention strategy may have saved this company, and those customers affected by the breach the trouble this breach has presented.