Tuesday, June 12, 2007

I think we are seeing an indication that TJX's original strategy (deny everything) is starting to bite them in the ***

http://southflorida.bizjournals.com/southflorida/stories/2007/06/11/daily3.html

Retailer reports credit, debit card systems breeched by hackers

South Florida Business Journal - 11:13 AM EDT Monday, June 11, 2007

TJX Cos. is letting shoppers in its stores nationwide know that data was stolen from its computers late last year.

... When contacted by Florida Attorney General Bill McCollum's office, TJX subsequently agreed to display notices about the breach in its stores.

... Thirty-seven state attorneys general are participating in a multi-state attorneys general investigation, and TJX has received nearly identical civil investigative demands or subpoenas from 11 of these attorneys general, the company said.


http://tech.monstersandcritics.com/news/article_1316138.php/TJX-Costs_are_rising_due_to_data_theft

TJX-Costs are rising due to data theft

By Steve Ragan Jun 11, 2007, 15:07 GMT

... The filing lists several suits each seeking class-action status. Filed in April and May of this year five new suits filed in Ohio, Texas, Michigan, Illinois, and Missouri join those already in motion from states listed in the previous filing.

... Later in the filing, TJX lists some of the compensation that is being sought. “The complaints seek statutory damages of not less than $100 and not more than $1,000 for each violation.”

...At the time of the first report from TJX, it was believed that they were compromised in December 2006, and that a small number of people were affected by the breach. This was later proven false, when TJX said the breach happened earlier in the summer of 2006, around May. Later, evidence suggested it was more likely July 2005 that the criminals originally accessed the systems of TJX. In March, the company reported that information on at least forty-five million credit and debit cards had been stolen. However, The Wall Street Journal cited investigators claiming that as many as two-hundred million accounts may have been compromised.


http://www.ft.com/cms/s/e0b94fbc-17dc-11dc-b736-000b5df10621.html

TJX Companies has been subject of private equity interest in recent months, sources say

By Soma Biswas and Yana Morris in New York Published: June 11 2007 06:39 | Last updated: June 11 2007 06:39

TJX Companies, the listed discount apparel chain, had drawn the interest of private equity firms as recently as a month ago, according to sources. TJX owns TJ Maxx and other retailers. Any deal ideas may be on hold, however, due to concerns over potential liabilities related to a customer credit and debit card data theft investigation, the sources said.

High yield bond analysts have agreed that the company is a likely take-out target.

... Another investment banker said private equity firms had been exploring the possibility of an LBO of TJX for several months, up until two months ago. Private equity firms seem to have moved away from the idea lately, this source added, though he was unable to present a reason for the eroding interest.

A third banker who specializes in retailers also said private equity firms have been looking at TJX, but added that those firms are wary of doing a deal because it is hard to predict the potential legal damage that could be associated with the credit card security breach.

TJX is in the midst of investigating a theft of credit and debit card information, and the scope of the breach is not fully known, according to company announcements and an analyst.

... According to Forrester Research, the cost of the security breach to to TJX could be as much as USD 1bn over several years, including the costs of litigation, lost business, security upgrades, consultants and legal fees.

The security breach would only slow down a deal, and potentially give the company a reason to delay a transaction if it is reluctant to sell, the source said, adding that he had last heard of LBO interest in TJX in March.


Unrelated or an indication of the cultural of “Who cares? It's only a customer!”

http://seattlepi.nwsource.com/national/1120AP_Upskirt_Photos_Lawsuit.html?source=mypi

Woman: Store used me as 'upskirt' bait

THE ASSOCIATED PRESS Last updated June 8, 2007 8:05 p.m. PT

WATERTOWN, N.Y. -- A woman who claims she was used as unknowing bait to catch a man taking photographs up women's skirts is suing retailer T.J. Maxx. Svetlana Van Buren said store personnel surreptitiously videotaped a man taking photos up her skirt while she was shopping for coffee at the company's store in Watertown on June 14, 2006.

It was only after the man committed the crime that store personnel told her the photos had been taken and that the act was caught on tape, said Van Buren, a psychologist who was working at a state-run facility for youths at the time and now lives in Omaha, Neb.

... The lawsuit contends that the store and law enforcement officials knew the man "secretly stalked" female customers for the purpose of taking upskirt photos, but did nothing to prevent it from happening to Van Buren.

... She blames T.J. Maxx for, among other things, making her the victim of a crime without her consent and violating her privacy rights. She claims the store failed to provide her with a safe environment and failed to stop a crime from being committed against her when it could have.



Another “It's not our fault” approach, but the article isn't suying it.

http://www.pogowasright.org/article.php?story=20070611135811598

Pfizer screws up royally: 17,000 employee names and SS numbers copied by thieves

Monday, June 11 2007 @ 01:58 PM CDT Contributed by: PrivacyNews

According to Pfizer, "the breach occurred when the spouse of a Pfizer employee loaded unauthorized software onto the employee's Pfizer laptop computer. The software allowed outsiders access to a number of files, that included the names and social security numbers of the affected Pfizer employees."

Pfizer also writes that 15,700 employees "had their data accessed and copied" and 1,250 "may have had their data copied" by thieves.

Source - OpEd News

Related - Pfizer's letter to state attorney generals and employees



I wonder how many of these are lost or stolen but the organization didn't even know they existed?

http://www.pogowasright.org/article.php?story=20070611212825100

Flash drive containing students' SSNs stolen from GVSU

Monday, June 11 2007 @ 09:28 PM CDT Contributed by: PrivacyNews

ALLENDALE -- A flash drive containing some confidential information was stolen from Lake Huron Hall on Grand Valley State University's Allendale Campus on May 24.

About 3,000 social security numbers of current and former students were on the flash drive, stolen from the English department. [..and everyone knows how i,portant is is for Professors of English to have SSNs! Bob]

Source - WoodTV



Mea Culpa?

http://www.pogowasright.org/article.php?story=2007061120045258

ChoicePoint Details Data Breach Lessons

Monday, June 11 2007 @ 08:04 PM CDT Contributed by: PrivacyNews

Few companies know as well as ChoicePoint the consequences of failing to secure the personal information of consumers.

A provider of information used in background checks, ChoicePoint was involved in a data breach more than two years ago that compromised the records of 163,000 people -- but has since transformed itself into what one analyst called a "role model" in data security and privacy. On Monday, the organization's CIO explained how it recovered and offered lessons other enterprises that handle sensitive data can learn from ChoicePoint at the IDC IT Forum & Expo in Boston.

Source - PC World



Summary

http://www.pogowasright.org/blogs/dissent/?p=452

Data “Dysprotection:” breaches reported last week

Monday June 11th 2007, 8:58 am



Very interesting. Dem Judges is smart guys!

http://ralphlosey.wordpress.com/2007/06/10/keyword-searches-v-concept-searches/

Keyword Searches v. Concept Searches

An opinion this month by Judge Facciola distinguishes between keyword searching and concept searching. Disability Rights Council of Greater Wash. v. Wash. Metro. Area Transit Auth., 2007 WL 1585452 (D.D.C. June 1, 2007). The plaintiff had proposed simple keyword searching of email by people’s names, but Judge Facciola suggested the parties instead consider concept searching. This is the first opinion to recognize the distinction between the two types of searches according to Jason R. Baron, Director of Litigation of the National Archives and Records Administration. He who wrote to me earlier today to bring this to my attention. Jason should know as he is an expert and strong proponent of concept searching. Indeed, Judge Faccio cites to his article in the opinion. Here is the operative language from Disability Rights Council at *9:

...See George L. Paul & Jason R. Baron, Information Inflation: Can the Legal System Adapt? 13 Rich. J.L. & Tech. 10 (2007).



Maybe I don't understand...

http://www.mondaq.com/i_article.asp_Q_articleid_E_49254_A_rss_E_16

United States: Who’s Liable When Private Data Is Improperly Disclosed?

11 June 2007 Article by Carol J. Gerner and Fred A. Smith

Improper disclosure of a patient's personal and/or medical information can occur in unique situations. Two recent cases, neither involving improper computer disclosure, are instructive on how courts are being asked to expand legal duties beyond traditional boundaries.

In Suzanne Bagent v. Blessing Care Corp., d/b/a Illini Community Hospital, et al., __ N.E. 2d ___, 2007 WL 121319 (Ill 2007) (not yet released for publication), the Illinois Supreme Court found that a hospital employee's improper disclosure of confidential information about a patient did not expose the hospital to liability under a theory of respondeat superior....



For those of us old enough to know who Paul McCartnet is...

http://yro.slashdot.org/article.pl?sid=07/06/12/013257&from=rss

Paul McCartney On Music In the Digital World

Posted by kdawson on Tuesday June 12, @04:58AM from the all-you-need-is-MP3 dept. Music

Rachhpal writes "Former Beatle Sir Paul McCartney will release his new album today — it's called 'Memory Almost Full.' In an interview with the L.A. Times, he talked about ending his long-time relationship with EMI and making the new album fully downloadable through his new relationship with Starbucks' Hear Music label. Some of his comments on the music industry: 'I was bored with the old record company's jaded view,' McCartney says... 'They're very confused, and they will admit it themselves: that this is a new world, and they're a little bit at a loss as to what to do. So they've got millions of dollars and X budget... for them to come up with boring ways — because they've been at it for so long — to what they call "market" it. And I find that all a bit disturbing.'"



Security Warning!!! My DVD trumps all your security software!

http://www.f-secure.com/weblog/#00001209

Vista Recovery Command Prompt

Tuesday, June 12, 2007 Posted by Sean @ 10:27 GMT

Did you know that the Command Prompt tool found in Vista's System Recovery Options doesn't require a User Name or Password? And that the Command Prompt provides Administrator level access to the hard drive? For multiple versions of Windows? All you need is a Vista Install DVD and you're all set to go.

Just boot from the DVD and select the Repair option:

Then select the Command Prompt:

And you'll end up with an Administrator priviledged Command Prompt:

Interesting. You can find more details from Mr. Kimmo Rousku.

This kind of reminds us of a Windows XP Home feature. The Administrator account password for XP Home is blank by default and is hidden in Normal Mode. But if you select F8 during boot for Safe Mode, you can access the Administrator account and have complete access to the computer.

Physical security of your computer is paramount.



Unequal under the law?

http://www.bespacific.com/mt/archives/015082.html

June 11, 2007

CSI Working Group on Web Security Research Law

Press release: "Software security researchers can disclose vulnerabilities almost to their hearts' content. Web security researchers, on the other hand, can go to jail for merely looking for a vulnerability, much less disclosing one publicly. The inaugural report of CSI's new working group explains why, and whether the legal climate is bad for the Internet."



Home boyz

http://www.readwriteweb.com/archives/medium_collaborative_browsing.php

Me.dium Secures $15M Series B - The Dawn of Collaborative Browsing?

Written by Alex Iskold / June 11, 2007 / 10 comments

Colorado-based Me.dium is announcing today a $15M Series B round led by Commonwealth Venture Partners. Me.dium is developing a next-generation collaborative browsing technology that dynamically combines visualization and chat. We covered Me.dium during its February launch at DEMO. We noted at the time that me.dium appeared quite intrusive on users - both from privacy and activity point of view. So how has it developed since then?



Perhaps the future of legal services? (and it starts in South Africa?)

http://www.networktimes.co.za/news.aspx?pklNewsId=25083&pklIssueId=639&pklCategoryID=295

Customise your legal documents online, for the first time

June 2007

DocumentX has launched the first service in South Africa to offer customised legal documents online. The service is secure, affordable and empowers users to create their own legal documents. The website also explains legal jargon specific to each document and provides a free, safe storage area where users can keep their documents online.

... With DocumentX, users have the power to customise documents by simply selecting from specific options. The document is then generated and stored online where it can easily be accessed, modified if necessary, and printed.

The website was developed using the open source content management system, Drupal, along with custom modules developed by Obsidian.

... DocumentX is already up and running at www.documentx.co.za. Any South African citizen over the age of 21 is able to open a free account and create documents immediately, with the first document being free.

No comments: