Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Daily Archives: November 11, 2014

Home Depot Reports Findings in Payment Data Breach Investigation

News release: “The Home Depot®, the world’s largest home improvement retailer, today disclosed additional findings related to the recent breach of its payment data systems. The findings are the result of weeks of investigation by The Home Depot, in cooperation with law enforcement and the company’s third-party IT security experts. Additional Investigation Details Disclosed – In addition to details previously released, the investigation to date has determined the following: Criminals used a third-party vendor’s user name and password to enter the perimeter of Home Depot’s network. These stolen credentials alone did not provide direct access to the company’s point-of-sale devices.  The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada.  In addition to the previously disclosed payment card data, separate files containing approximately 53 million email addresses were also taken during the breach [emphasis added]. These files did not contain passwords, payment card information or other sensitive personal information. The company is notifying affected customers in the U.S. and Canada. Customers should be on guard against phishing scams, which are designed to trick customers into providing personal information in response to phony emails. Information about how to avoid phishing and other email scams is available by typing https://www.onguardonline.gov/articles/0003-phishing into your web browser. As previously disclosed, the malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot’s security partners. As the company announced on September 18, the hackers’ method of entry has been closed off and the malware has been eliminated from the company’s systems. The Home Depot’s investigation, cooperation with law enforcement and efforts to further enhance its security measures are ongoing. The company does not anticipate further updates on the breach outside of its quarterly financial disclosures. The Home Depot continues to offer free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on. Customers who wish to take advantage of these services can learn more at www.homedepot.com or by calling 1-800-HOMEDEPOT (800-466-3337). Customers in Canada can call 800-668-2266.”

Identifying User Behavior from Residual Data in Cloud-based Synchronized Apps

2014 Proceedings of the Conference for Information Systems Applied Research ISSN: 2167-1508. Baltimore, Maryland USA v7 n3310. G. Grispos, W.B. Glisson, J.H. Pardue and M. Dickson (2014). “As the distinction between personal and organizational device usage continues to blur, the combination of applications that interact increases the need to investigate potential security issues. Although security and forensic… Continue Reading

Recent Trends in Employer-Sponsored Insurance

Kaiser Family Foundation – “This Visualizing Health Policy infographic takes a look at recent trends in employer-sponsored insurance, including average premium increases for workers with family coverage, the average yearly cost of premiums for single and family coverage and how those costs have increased in the past decade, along with the prevalence of health promotion programs… Continue Reading

New on LLRX – NY bar on ethics of cloud computing – again

Via LLRX.com – NY bar on ethics of cloud computing – again – Nicole Black lauds the the leading edge role taken by the New York State Bar in determining issues related to lawyer use of cloud computing and client confidential data. In two different opinions handed down in the latter half of this year, the New York… Continue Reading

New on LLRX – Criminal, privacy implications of drones

Via LLRX.com – Criminal, privacy implications of drones – Nicole Black discusses a recent NJ case that raises significant questions about the future of privacy and the use of drones for surveillance purposes by both private individuals and governmental entities. Cases such as this one involving the discharge of a weapon to destroy a privately owned drone used… Continue Reading

Cyber resilience in financial market infrastructures

Bank for International Settlements: “Given the critical role that financial market infrastructures (FMIs) play in promoting the stability of the financial system, the Committee on Payments and Market Infrastructures (CPMI) has sought to understand the current cyber risks faced by FMIs and their level of readiness to effectively deal with worst case scenarios. The report… Continue Reading

Getting Things Done: The Science behind Stress-Free Productivity

Getting Things Done: The Science behind Stress-Free Productivity. Francis Heylighen and Clément Vidal. ECCO – Evolution, Complexity and Cognition research group Vrije Universiteit Brussel (Free University of Brussels) “Allen (2001) proposed the “Getting Things Done” (GTD) method for personal productivity enhancement, and reduction of the stress caused by information overload. This paper argues that recent insights in psychology and cognitive… Continue Reading