Data Breach Could Test Massachusetts Law 73
Gunkerty Jeb writes "The Massachusetts Attorney General has been notified that financial data on 1,800 residents was exposed in a database breach linked to the CitySights NY sightseeing firm. Could this be the test case for enforcement of the State's nine month-old data privacy law? The leak of financial information on more than 100,000 customers of the CitySights sightseeing tour company could prove to be an early test of the nation's strongest data privacy law."
Violation of Payment Card Industry regulations? (Score:4, Interesting)
Related story: Sightseeing Firm Overlooks Security, 110k Credit Card Numbers Stolen [threatpost.com] (emphasis added)
The database contained a variety of customer financial data, including the customer's name, address, e-mail address, credit card number, as well as the expiration date and card verification value (CVV2) data. If true, that would mean that Twin America was in violation of Payment Card Industry (PCI) regulations on data retention, which prohibit retailers from permanently storing the CVV2 data along with other card data, because it makes it far easier to generate fraudulent transactions when combined with the card data.
Twin America said it has filed a complaint with the FBI's Internet Crime Complaint Center and hired Kroll, Inc. to investigate the incident. It has also notified individuals affected by the breach and patch discovered vulnerabilities on its Web server, deployed an application layer firewall, limited access to its Web based administrative panel and changed and hardened administrative passwords throughout its organization.
Re:Violation of Payment Card Industry regulations? (Score:1, Interesting)
Re:Test the Law (Score:2, Interesting)
The Law is a joke. The rules are so vague that no matter what precautions are taken you could be found in violation. Who defines "reasonable?" What is adequate "encryption?"
This law is just another example of rushed "Think of the children" (for children read anyone) laws that get passed these days.