SevOne Falls Victim to Spear-Phishing Data Breach

“SevOne fell victim to a cybersecurity attack that has put current and former employees at risk for identity fraud.

The tech company has confirmed it released W-2 wage and tax data to an unauthorized recipient outside the company. That information is believed to include Social Security numbers, home addresses, dates of birth and other personal information criminals can use to file false tax returns and commit other forms of identity theft.”

For the full story please visit the original source: http://www.delawareonline.com/story/money/business/2016/03/09/sevone-released-employee-data-online-scammers/81532396/

 

Categories: Data Privacy, Data Protection, hacking, Infection, Malware, Phishing, PII, SecureData, Security, Social Engineering, Spyware, Targeted Attack, Trojan, Uncategorized | Tags: Cybercrime, cyberdefense, cybersecurity, Data, Hacked, hacking, Malware, PII, SecureData, spear-phishing | Permalink.

‘Hack’ your city, win R5m

Johannesburg residents have been challenged to help solve the city’s problems using technology, and could win a share of R5m in prize money in the process to fund their own start-up businesses if their ideas are selected.

City of Johannesburg head of broadband Zolani Matebese says the initiative, called the #Hack.Jozi Challenge, will pay people for their ideas that will turn Jo’burg into a “city we all want to live in”.

The #Hack.Jozi Challenge is an initiative between the city government and the Johannesburg Centre for Software Engineering at Wits University.

Applications take the form of a YouTube video and online application form, with 6 March set as the deadline for ideas. Award winners will use IBM’s Bluemix, a platform for building applications, provided as a service in the “cloud”.

“No issue is too big or small. Issues that can be addressed include everything from access to healthcare to affordable education. If you have an idea about how you can use technology to help your community, we want to hear from you,” says Matebese.

“The #Hack.Jozi Challenge is a boot camp for start-up entrepreneurs and our aim is to contribute towards fostering skills, innovation and entrepreneurship in the broad area of digital technology.”

Anyone can enter, he says. Applicants can be individuals or teams, must live in the Johannesburg area and have a valid South African ID. Government employees are not eligible to enter.

Once the deadline for submission has passed, there will be a pre-screening process by a technical team. A committee will select the winners, who will undergo a month-long process of business training and technical “hackathons”. Winners will be required to demonstrate their ideas on a demo day as well.  — (c) 2015 NewsCentral Media

• See more at the #Hack.Jozi Challenge website
• Source: http://www.techcentral.co.za/hack-your-city-win-r5m/54724/

Categories: News, Technology | Tags: Data, SecureData, Technology | Permalink.

PoPI: Let’s get to work

The Protection of Personal Information (PoPI) Act was signed into law in 2013. It has been introduced to promote the protection of personal information and to finally provide South Africans rights over their data and who can access it.

One of my responsibilities at SecureData has been look into to implications of PoPI, what it’ll mean to our end users and how we might use the introduction of this act to drive the sales of technology through the channel.

Before seeing the act there was an assumption on my part that this was going to be a standard much like PCI that will dictate to business exactly how they should be protecting this sensitive data. Of course what we’ve got now is a piece of legislation which is far from that.

PoPI is largely about people and process. There is little or no direction provided as to the sort of technical controls that should be applied to protect personably identifiable information (PII). Certainly interpretation and implementation of the act will be different for every party and that is where we, as security thought leaders are aiming to add value to our resellers.

There’s still much we don’t know about how or even when PoPI will be enforced but for sure, every industry will be affected by PoPI so we need to be strongly emphasising that the time for actions is now.

The 1 year deadline is a giving business an excuse to delay implementing additional measures but we as trusted advisers, should be referring to the introduction of similar data protection laws in other regions. The UK Data Protection Act and the US HIPPA laws came with a three year lead in period for compliance and it is my opinion that the one year grace period provided by PoPI should not been seen as a reflection on its complexity to implement but rather as an urgency to bring all business in line with the rest of the world without further delay.

Rather than seeing it as a burden, we should be promoting and celebrating this piece of legislation. It finally provides South African’s a constitutional right to privacy and brings us in line with the data protection laws of the other developed nations and makes us a more appealing place for international companies to do business with.

The introduction of PoPI now simply provides an additional platform to address strong the Data Protection practices and systems that SecureData has already been promoting. Implementing such technical controls will not only transition businesses from a reactive security approach to a proactive risk management model but will also provide massive value to ensuring compliance with PoPI and the protection of PII.

Categories: Data Protection, Governance | Tags: Data, PII, PoPI | Permalink.