The Payment Card Industry Data Security Standard (PCI DSS) is required for any organization that processes, stores, or handles transactional financial data. It was first released in 2004, and offers 12 requirements that companies must meet in order to claim PCI compliance. However, just because a company meets the PCI standards once doesn’t mean it’s permanently compliant. So if organizations claim PCI compliance, why is it so hard for them to maintain it? Well, the news is not all bad. …

When you create a list of who you’re thankful for, your auditor may not jump to the top of your list. After all, isn’t that who asks for all those mountains of documents and relentlessly asks those probing questions? Let’s face it: the relationship between a business and an auditor can be a contentious one. The high price of reports, resources spent compiling the information and remediating any issues can be more than enough to give any CXO heartburn and …

News of major retail data breaches are becoming commonplace – Home Depot being the latest in a long line – but consumers don’t appear to be changing their behaviors in response. A report by the Ponemon Institute on behalf of RSA was released Tuesday showing half of the 1,000 consumers surveyed had been the victim of a breach, but only 14 percent say a data breach would affect their shopping or banking behavior. The study suggests consumers have become desensitized …

Hold Security, a firm credited with uncovering significant data breaches – such as the one at Adobe Systems in October 2013 – has uncovered a record-breaking hack of 1.2 billion username and passwords from multiple websites. From the Hold Security website: After more than seven months of research, Hold Security identified a Russian cyber gang which is currently in possession of the largest cache of stolen data. While the gang did not have a name, we dubbed it “CyberVor” (“vor” …

There’s quite a brouhaha bubbling up Down Under. It all stems from a Sydney Morning Herald opinion piece written by the CEO of the Association of Data Driven Marketing and Advertising opposing the mandatory data breach reporting law introduced to the Australian Parliament by federal attorney general Mark Dreyfus. The CEO, Jodie Sangster, raised some eyebrows (and generated plenty of pro and con internet content) by referring to a mandatory data breach reporting law as “Luddite thinking” that would be …

Unauthorized activity on credit cards recently used at Jimmy John’s locations has led the sandwich chain to work with authorities on an investigation of a potential data breach. KrebsOnSecurity.com first reported on the issue Thursday, stating the chain “did not return calls seeking comment for two days” (not Freaky Fast) before issuing an email statement that it is “investigating the situation” and will provide an update “as soon as we have additional information.” Financial institutions contacted by KrebsOnSecurity.com witnessed “card-present” …

The National Consumer League released a study last week based on surveys from identity fraud victims across the United States. It claims that just 28 percent of victims think the government’s requirements for protecting healthcare and financial data are sufficient. “In this polarized political climate, it’s rare for Americans to express such agreement on any issue,” Al Pascual, a senior analyst at Javelin Strategy & Research, said in a press release. Javelin was a partner in the study. “But when …

After the recent rash of high-profile data breaches, the Internet is ripe with tips for handling a breach at your organization. The standard experts’ message: Notify consumers immediately and don’t downplay the impact. The Dallas Morning News has a keen interest in data breaches because some of the largest recent reports come from retailers headquartered in its home state of Texas: Nieman-Marcus (Dallas), Sally Beauty Holdings (Denton) and Michaels Stores (Irving). In a Sunday story, reporter Pamela Yip discussed proper …

As another large U.S. retailer – this time restaurant chain P.F. Changs – suffers the impact of a data breach, results of a survey released Thursday show that consumers are firmly holding retailers responsible at a rate nearly that of the cyber criminals themselves. According to reports, thousands of credit and debit cards used at P.F. Chang’s between March and May are now for sale on an underground store. The chain told KrebsOnSecurity.com that it has not confirmed a card …

Co-CEO Yan Ness has a saying that Online Tech is “in the business of helping our clients sleep at night.” Primarily, he’s speaking of organizations not losing sleep worrying about compliance and data security. But at the C-suite level, more and more, protecting data privacy also means protecting careers. On Monday, Target president and CEO Gregg Steinhafel resigned after 35 years with the company. According to a statement from the company’s board of directors, Steinhafel “held himself personally accountable” for …