PCI Training & Awareness Requirements - Part 1

PCI DSS v3.1 Training Requirements Definition: The following section presents an analysis and clarification on each PCI DSS Training requirement in relation to the target training group and how they are affected.

Mastercard rolls out Blockchain API

Mastercard opens up access to its blockchain API platform for developers. Mastercard Blockchain facilitates new commerce opportunities for the digital transfer of value by allowing businesses and financial institutions to transact on a distributed ledger. The technology can power multiple use cases and can help take time, cost and risk out of financial flows. Here are some examples from the Mastercard website:

ATMs may be affected by WannaCry

There is a serious malware cyber threat called “WannaCry” that is impacting many organizations worldwide. This type of threat is known as ransomware. It will encrypt the files on your end-points running Microsoft operating system software, rendering them inaccessible. ATMs are at risk of this attack. Additionally, this malware attempts to infect other end-points on the same network. Manufacturers have taken steps to respond to this threat.

Ten Charged In D.C. Area Identity Theft Ring

Ten individuals were charged in Alexandria for their alleged involvement in a large-scale identity theft ring operating in the Washington, D.C. metropolitan area since at least January 2012.

Bank customers hit by data theft slam "chicken feed" compensation

BARCLAYS Bank has come under fire after offering just £250 in compensation to customers whose confidential files were stolen and sold to rogue City traders. At least 2,000 of the bank’s customers were affected by the theft, which included details of their earnings, savings, health issues and insurance policies. It resulted in many customers being inundated with cold calls from unidentified brokers. Barclays says it has contacted all customers affected and provided compensation for “distress and inconvenience.” However, one customer described the compensation as “chicken feed”. According to national media, a number of customers have been given higher sums after complaining about the amount initially awarded. Are you one of the 2,000 Barclays customers affected by the data theft? Let us know by commenting on the story below.

Claims that Trustwave was responsible for monitoring Target’s network “baseless” – Trustwave

Yesterday, Trustwave issued a statement on its website about allegations made in lawsuits against Target naming it as a co-defendant. The letter, signed by Trustwave CEO Robert J. McCullen reads: March 29, 2014 - Dear Customers and Business Partners, As some of you may know, Trustwave was recently named as a defendant in lawsuits relating to the data security breach that affected Target stores in late 2013. In response to these legal filings, Trustwave would like to reassure our customers and business partners that these claims against Trustwave are without merit, and that we look forward to vigorously defending ourselves in court against these baseless allegations. Contrary to the misstated allegations in the plaintiffs’ complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target’s network, nor did Trustwave process cardholder data for Target. Our customers and business partners can continue to expect the quality and dedicated service Trustwave has provided them for almost 20 years.

SANRAL resets passwords but doesn’t confirm any breach

After a hacker revealed a vulnerability in the SANRAL website that exposed customer information in January, SANRAL denied it was hacked. Today, they’ve notified registered e-toll users of a password reset, but claim that they still have no evidence of a hack. According to BusinessTech:

KT sued over data leaking

The Citizens’ Coalition for Economic Justice (CCEJ) is filing a public interest lawsuit against the nation’s No

Kent Police fined £100,000 after interview tapes abandoned at former station

The Information Commissioner’s Office has served a monetary penalty of £100,000 on Kent Police after confidential information, including copies of police interview tapes, was left in the basement of a former police station

Citroen becomes the latest victim of Adobe ColdFusion hackers

A prolific hacker gang that has breached numerous companies by exploiting Adobe software has claimed another major hit in the form of car manufacturer Citroën, the Guardian has learned.

Notorious hacker caught in Bangkok

Infamous international hacker Farid Essebar was arrested on Tuesday following a joint operation between Thai and Swiss authorities who have been tracing the man for more than two years.Essebar, who is from Morocco and a Russian citizen, was detained by officials officials from the Department of Special Investigation (DSI), the Immigration Bureau, and the Office of the Attorney-General. ''We arrested the suspect at a condominium on Rama IV Road. Next Thailand will send him to Switzerland within 90 days in accordance with the extradition agreement,'' Pol Col Songsak Raksaksakul, chief of the International Cases and International Crime Division, said. Swiss police alerted Thai authorities to their hunt for the hacker through their embassy in Bangkok after receiving information that he and three other gang members had come to Thailand. They were known to be travelling in and out of Thailand to Hong Kong and neighbouring countries throughout the past three years, he added. DSI officials and police tracked Essebar for about two years until they were certain that he was the one on the wanted list by Switzerland. Essebar and his accomplices spent money in several tourist destinations around the country but never gambled or bought any assets in Thailand, Pol Col Songsak said. Essebar, also known as Diabl0, has a Wikipedia entry on his hacking exploits. He and another person spread the Zotob computer worm targeting Windows 2000 in 2005. The computer virus disrupted operations at CNN, ABC News, the New York Times, Caterpillar, United Parcel Service, Boeing, and the United States Department of Homeland Security. Essebar was arrested by the FBI and convicted of hacking. He spent one year in prison before being released, Pol Col Songsak said. After that, according to the Swiss warrants, he began cracking accounts in Swiss Banks.

Man Held Over Morrisons Payroll Data Breach

An employee of supermarket chain Morrisons has been arrested by police investigating the theft of payroll data of up to 100,000 employees.

Men from Ukraine and New York indicted in U.S. cybercrime case

Federal prosecutors on Monday announced the indictment of three men they accuse of being members of an international cybercrime ring that tried to steal at least $15 million by hacking into U.S. customer accounts at 14 financial institutions and the Department of Defense's payroll service.

West Midlands Police staff sacked for data breaches

Thirty staff at West Midlands Police have been investigated for a string of data protection breaches since 2009, new figures have revealed. Seven of those were dismissed without notice or resigned following the accusations, the force said. A further five were given final written warnings, while nine received management advice. It follows news last month of 2,000 data protection breaches at forces in England and Wales from 2009-13. Last week, former Thames Valley PC Sugra Hanif was jailed for three and a half years for selling information from almost 2,500 cases. A freedom of information request has revealed breaches by staff, including detectives, at West Midlands Police over the last five years. They include misuse of the police database and accessing confidential information. A victim support spokesman said it was "very worrying" that personal data of victims of crime might be being accessed and used inappropriately by people in a position of trust. Ch Insp Deb Doyle, from the force's professional standards department, said allegations against members of staff were taken very seriously and thoroughly investigated. "We expect the highest standards from all staff and where behaviour does not meet these expectations the appropriate action is taken, working closely with the Crown Prosecution Service and the Independent Police Complaints Commission where necessary," she said.

Police officers suspended in crackdown on illegal snooping

A total of 43 officers have been put on to restricted duties and another officer has been suspended, solely because of ­allegations of illegally accessing confidential information

BT E-Mail System Investigated by U.K. Regulator on Data Security

BT Group Plc (BT/A) is being investigated by a U.K

Morrisons supermarket suffers major payroll data breach (Updated)

British supermarket Morrisons has reportedly suffered a major data breach which saw the pay-roll data of a large but unspecified number of its 100,000 staff stolen and published on a website.

6000 students had personal information compromised

About 6,000 former high school students had personal information compromised after a staff member at the Avon Maitland District School Board transferred the files electronically

Asylum data breach: Immigration Department sends apology letter

The Department of Immigration is writing to asylum seekers detained across Australia to inform them their personal details were publicly disclosed in a massive data breach, with sources alleging the department is coercing them to sign for receipt of the letter. In February Guardian Australia revealed almost 10,000 asylum seekers had their personal details accidentally published online by the department in one of the biggest privacy breaches in Australian history. Dozens of asylum seekers are lodging court proceedings, claiming the breach, which disclosed information including full names, nationalities and dates of birth, would endanger their lives if they were returned. More than 30 of these cases are being lodged by asylum seekers in Villawood detention centre, in Sydney, with a directions hearing due in the federal circuit court later this month.

Vodafone blunders by publishing thousands of secret phone numbers

Phone firm Vodafone has admitted publishing the phone numbers and addresses of thousands of people who wanted to be ex-directory - by mistake.

Next Planned Sessions