Affinity Health Plan, a New York managed care service, is notifying more than 400,000 current and former customers employees that their personal data might have been leaked through the loss of an unerased digital copier hard drive. The disclosure follows the airing of a CBS News report that called attention to the practice of recycling or resale of copiers whose hard drives have not been properly erased.
Check out the entire article – [Dark Reading]
CBS News broadcaster Armen Keteyian reports that the advanced technology added to the good, old-fashioned copy machine has opened a dangerous hole in data security.
If you are like many CIOs, a lot of your security budget is driven by compliance requirements, including PCI DSS. Although many merchants feel they are secure once they achieve PCI compliance, that is not necessarily true.
Read the rest of Walt Conway’s article – [StoreFrontBacktalk]
Even though the iPad is barely birthed, there is already a push to provide payment applications for the device. It’s time to pull the emergency brake on this trend. Are these applications PA-DSS certified? Do they have swipe devices with crypto hardware built-in? Has the Pin Entry Device been rigorously tested and meet all the PIN Transaction Security Guidelines?
Read the article – [CSO Online]
The PCI Security Standards Council is studying a number of emerging technologies and plans to issue a guidance document on end-to-end encryption when it releases the next version of the PCI Data Security Standards (PCI DSS), due out in October. Bob Russo, general manager of the PCI Council, said researchers are preparing documentation on what he calls the latest industry “big buzz word.” Other technologies being studied include the use of tokenization and chip and PIN technologies to protect credit card data and how virtualization affects data protection technologies. In this interview, conducted at the recent 2010 RSA Security Conference, Russo explains whether the next version of PCI DSS will have any major changes and why the Council takes a cautious approach to adding changes to the standard.
Here is the article from SearchSecurity or if you would rather watch the video here is the link.