Why do employees or vendors have all these sensitive records on their laptops? Does no one even contemplate an alternative?
http://seattlepi.nwsource.com/local/295769_boeing13.html
Boeing laptop stolen -- 382,000 IDs lost
Past and present employees at risk of being targeted
By AMY ROLPH P-I REPORTER Wednesday, December 13, 2006
A laptop with personal information on hundreds of thousands of Boeing Co. employees was stolen earlier this month, and the aerospace company will inform those potentially affected by the theft in a company e-mail today.
"In the first week of December, a laptop was stolen from an employee's car," Boeing spokeswoman Kelly Danaghy said. "That laptop had files that contained Social Security numbers for about 382,000 past and present employees, and in most cases it also included a home address, phone number and date of birth."
There was no reason to believe that any of the stolen information has been used illegally, she said.
It was unclear Tuesday whether the data was encrypted. [“We just don't know what our employees do...” Bob] No banking or credit card information was stored in those files, but the company will provide free three-year credit monitoring for employees whose personal information was compromised.
... This isn't the first time the theft of a laptop has compromised security for Boeing employees.
In April, the personal information of about 3,600 employees was compromised when a laptop was taken from a Boeing human resources employee at an airport. In November 2005, a similar theft put the personal data of about 161,000 employees in jeopardy.
... In reports about previous thefts, the company has said it has more than 75,000 laptops, and that about 250 were stolen last year. [Actually, pretty good. Bob]
... Even before the latest laptop theft, Boeing was planning to implement a policy that all company computers have encryption software installed on them, Danaghy said. The company also is looking at finding a way to identify employees other than by using their Social Security numbers.
http://www.daytondailynews.com/n/content/oh/story/news/local/2006/12/12/ddn121206aetnaweb.html
ID info of 130,000 Aetna customers at risk
By Anthony Gottschlich Staff Writer Tuesday, December 12, 2006
DAYTON — A lockbox holding personal information on approximately 130,000 Aetna health insurance members was stolen Oct. 26 when thieves broke into an office building occupied by an Aetna vendor, Aetna officials said Tuesday.
The lockbox, housed by Naperville, Ill.-based Concentra Preferred Systems, contained computer backup tapes of medical claim data for Aetna and several other Concentra health plan clients, Aetna spokeswoman Cynthia Michener said.
http://charlotte.bizjournals.com/dallas/stories/2006/12/11/daily16.html
Data of UT Dallas students, staff potentially stolen
Dallas Business Journal - 2:51 PM CST Tuesday by Jaime S. Jordan Web Editor
The University of Texas at Dallas discovered over the weekend that social security numbers and other sensitive information relating to 5,000 students, faculty members and staff may have been exposed by a computer network intrusion.
Phone numbers, e-mail addresses and home addresses also may have been exposed.
... Daniel said the university believes the hacker attack came from the outside using the Internet, but because the investigation is ongoing he declined to talk about the particulars.
... Daniel said anyone concerned about the potential release of their information can go to the university's Web site, www.utdallas.edu/datacompromise/form.html, and university officials will check their names against a master list and contact them. [That's a new approach... Bob]
... The UT Dallas breach is not the first breach of university data the University of Texas System has seen this year.
http://www.rfidjournal.com/article/articleview/2885/1/1/
DHS Privacy Committee Finalizes Report on RFID IDs
DHS Secretary Michael Chertoff will soon receive the 15-page advisory report, which the coauthors hope will impact the U.S. government's approach to incorporating RFID technology in identification documents.
By Mary Catherine O'Connor
Dec. 12, 2006—A revised version of a report from the Data Privacy and Integrity Advisory Committee, a subcommittee of the Privacy Office of the U.S. Department of Homeland Security (DHS), was cleared for publication at a Dec. 6 meeting of the committee in Miami Beach, Fla. The report, titled "The Use of RFID for Human Identification," will now be sent to DHS Secretary Michael Chertoff, as well as the DHS's chief privacy officer, Maureen Cooney.
... The original version of the report, written by the committee's Emerging Applications and Technology Subcommittee, was presented to the full Advisory Committee on June 7, 2006, at a public meeting in San Francisco (see DHS Meeting Draws Comments on RFID). At the time, it received a chilly reception by many representatives from companies selling RFID technology used in identification and credential applications, as well as from technology industry groups, because it came down hard on the use of RFID in identity documents. "We recommend that RFID be disfavored for identifying and tracking human beings," the draft report indicated, citing concerns over the skimming of personal data transmitted over a radio frequency signal, the cost of implementing RF technology and the existence of other authenticating technologies that could be used instead.
The final version of the report comes to a similar conclusion, according to coauthor Jim Harper, a director of information-policy studies for the Cato Institute, though its language has been softened. "I think a lot of the language was toned done, and a lot of assumptions that I feel strongly are true...were left out for the sake of congeniality," he says. One example he points to is the removal of most descriptions of RFID in identity documents as being "a tracking technology." Still, he says, there are no "recognizable substantive changes" to the latest version.
But in his reading of the latest report, Douglas Farry, a managing director and chair of the RFID practice at McKenna Long & Aldridge, a nationwide law firm focusing on the intersection of public policy and technology, sees a more pronounced change in the final draft. "It seems to be a better position than the initial draft, in that the initial draft concluded that the potential benefits [of using RFID in identity documents] were more than outweighed by the potential risks to personal privacy [that the technology presents]. But that's toned down. Now it says that if the DHS is going to use an RFID system, it should do so thoughtfully and carefully."
http://www.pogowasright.org/article.php?story=2006121214383030
Four million UK users hit by ID theft
Tuesday, December 12 2006 @ 02:38 PM CST - Contributed by: anonadmin - Non-U.S. News
Figures released by Sainsbury's Bank have shown that 4.1 million Britons have fallen victim to identity theft. The research, carried out by Taylor Nelson Sofres, polled over 1,000 UK residents and found that nine per cent claimed to have had their identity stolen at some point.
Source - vnunet.com, via fergie's tech blog
500,000 Brits are victims of cyberstalking
Wednesday, 13th December 2006, 07:35 Category: Crime and Punishment
More than half a million Britons have been victims of cyberstalkers and the problem will get worse because of internet dating and sites such as Myspace and Friends Reunited, it was claimed today.
... The survey of 2,353 adults showed that the most common forms of cyberstalking were abusive emails (49 per cent), defamation of character through websites and message boards (37 per cent), and online stalking leading to telephone harassment and even harassment in person (14 per cent).
... He said: "I think it's the same sort of harassment that people will do offline, but it becomes easier to do from behind a computer screen. [Ain't technology wonderful? Bob]
... However, 75 per cent of victims have never reported the crime because of uncertainty over whether it is actually a crime (30 per cent), fear that police would not take them seriously (24 per cent) or because they blame themselves for revealing their personal details online (25 per cent).
Careful! When I try to access this PDF, it crashes the Adobe Reader...
http://www.bespacific.com/mt/archives/013276.html
December 12, 2006
Hurricane Katrina OIG Audit of Defense Information Systems Agency Continuity of Operations
D-2007-031: The Effects of Hurricane Katrina on the Defense Information Systems Agency Continuity of Operations and Test Facility (12/12/2006)( D2005-D000AS-0310.000).
Just another reminder that you can't rely on ignorance – change the default passwords on your applications!
http://digg.com/security/Default_Password_List_3
Default Password List
cspaid submitted by cspaid 17 hours 40 minutes ago (via http://www.phenoelit.de/dpl/dpl.html )
Updated today :) Enjoy
This is interesting. Would this apply if I got all excited about a product or service of employer and raved about it online? How would my employer know?
http://www.washingtonpost.com/wp-dyn/content/article/2006/12/11/AR2006121101389.html
FTC Moves to Unmask Word-of-Mouth Marketing
Endorser Must Disclose Link to Seller
By Annys Shin Washington Post Staff Writer Tuesday, December 12, 2006; D01
The Federal Trade Commission yesterday said that companies engaging in word-of-mouth marketing, in which people are compensated to promote products to their peers, must disclose those relationships.
... Though no accurate figures exist on how much money advertisers spend on such marketing, it is quickly becoming a preferred method for reaching consumers who are skeptical of other forms of advertising.
Justice! (...and I suspect these may be “easy pickings” where the company has hopes of a good reputation.)
http://www.consumerist.com/consumer/complaints/florida-sues-aol-and-wins-221333.php
Florida Sues AOL And Wins
The Florida Attorney General successfully sued America Online for their abusive customer billing practices. The State's Attorney office received over 1,000 consumer complaints about cancellation requests being ignored, erroneous charges and unauthorized account reactivations.
All Floridians who filed a complaint with the AG's office are eligible to take part in the settlement. Visit Myfloridalegal.com for more info.
No comments:
Post a Comment