Rippleshot Blog

On February 12th, a day before the White House held a cybersecurity summit at Stanford University, President Obama signed an Executive Order to “encourage and promote sharing of cybersecurity threat information within the private sector and between the private sector and government.”

In this week's issue: a recent Kaspersky Lab report indicates that a group of hackers may have stolen upwards of $1 billion from banks across the globe, the costs of fraud have spiked costing retailers $32 billion in 2014, Samsung is poised to introduce its new Apple Pay competitor, and in the latest Rippleshot blog post we take a look at 10 data breach statistics that you need to know.

While 2014 was aptly named "The Year of the Data Breach," 2015 has unfortunately started off in a similar trajectory, with breaches at several parking services and Anthem suffering the largest healthcare breach in history. On their own, these incidents paint a pretty bleak picture for data security, but in aggregate, they're even more alarming.

A couple weeks ago, we covered the initial hearing held by the House Subcommittee on Commerce, Manufacturing, and Trade entitled “What are the Elements of Sound Data Breach Legislation?” The Senate is pursuing a similar path and plan to propose their own version of data breach notification legislation, which started with a hearing on February 5th initiated by the Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security.

In this week's issue: the first lawsuits have been filed following the Anthem data breach, a new study indicates that more than 30 percent of big merchants are not PCI compliant, the year of 2014 saw over 1 billion records compromised by data breaches, retailers rank payment security as a top concern in 2015 and in the most recent Rippleshot blog post, we take a look at the most common data security misconceptions plaguing the payments industry.

We’re in the midst of a dark time for the payments industry. In 2013, Target lost 40 million payment cards, which started a snowball effect of large scale data breaches that have affected The Home Depot, P.F. Chang’s and Sony Pictures. And sadly, we here at Rippleshot are beginning to see the subtle indicators of more massive data breaches that have yet to be discovered and publicly announced. And there are hundreds of smaller data breaches that will go undetected for months, even years.

In this week's issue: a massive healthcare data breach could affect as many as 80 million Americans, the same hackers that attacked Target breach another parking service provider, Target announces its new CIO to lead the company, the recent Sony hack will cost the company over $35 million in IT costs alone and the Rippleshot team takes a look at the current lawsuits against Target following their 2013 data breach.

Bizrate recently released the results of their second Payment Security Study, and the results for retailers are grim. While it's been several months since a massive data breach the likes of Target or Home Depot, the residual impact of these incidents on consumer spending habits is holding strong.

At last count, 140 lawsuits were filed against Target in the wake of the massive data breach that exposed credit and debit card payment information for tens of millions of consumers in late 2013. If your head is spinning at the thought of how this will all be handled and what it means for payment security, you’re not alone. Follow along as we take a deep dive.

In this week's issue: a U.S. District Court ruled in favor of breached merchant Schnucks, Samsung is set to debut their mobile payment platform, an exploit found in the Mariott hotel's app may have exposed the personal data of its customers, an Albany-based Health System is notifying over 5,000 patients of a data breach, and Rippleshot summarizes Tuesday's U.S. House Subcommittee hearing on data breach legislation.

In the first step toward federal data breach legislation, the House Subcommittee on Commerce, Manufacturing, and Trade held a hearing on Tuesday entitled “What are the Elements of Sound Data Breach Legislation?” Testimony was heard by CompTIA, Acxiom, The Retail Industry Leaders Association and the Cumberland School of Law in the first of what we can assume will be many steps to drive toward a single national breach notification requirement.

In this week's issue: a data breach has occured affecting an online pet supplies store, the U.S. Supreme Court rejects a merchant-backed petition on debit card transaction fees, four Wingstop locations were found to have malware installed on POS systems, and in the latest Rippleshot blog post, we recap Tripwire Inc.'s Retail Cyberthreat Summit webcast featuring Rippleshot Chief Scientist & Co-Founder, Randal Cox.

With a growing problem of retail data breaches over the past year, our friends over at Tripwire Inc. put together a webcast bringing together five security experts to discuss the different phases in a retail data breach lifecycle. This group of experts includes: Sam Heiney, Product Solutions Director for Netop, Ken Westin, Security Analyst at Tripwire Inc., Randal Cox, Chief Scientist & Co-Founder at Rippleshot, Scott Waddell, CTO at iovation and Jeremy Henley, Director of Breach Services at ID Experts.

In this week's issue: the director of the FBI shares new information on the Sony Pictures hack, data breaches appear to be hitting credit unions harder than big banks, automotive parts seller ID Parts suffers a data breach compromising roughly 12,000 customers and Rippleshot takes a look into President Obama's new initiative on data breach legislation.

During a speech at the Federal Trade Commission on Monday, President Obama outlined his plans on attacking several cybersecurity issues, including a legislative proposal to help protect the millions of Americans whose personal information has been compromised as a result of a data breach.