Friday, June 08, 2007

Perhaps a Wiki to keep track of the lawsuits and other fallout?

http://www.telegram.com/apps/pbcs.dll/article?AID=/20070607/APF/706072095

Lawsuits mounting over massive data breach at TJX Cos.

By MARK JEWELL AP Business Writer Jun 7, 2007

BOSTON— TJX Cos. faces federal lawsuits in five additional states over a data theft that exposed at least 45 million credit and debit cards to potential fraud, according to a regulatory filing Thursday by the owner of stores including T.J. Maxx and Marshalls.

A quarterly filing said TJX was named in nine new lawsuits filed since the company's March 28 update on a theft believed to be the largest in the U.S. based on the number of customer records compromised.

Thursday's filing with the Securities and Exchange Commission [http://ir.10kwizard.com/contents.php?ipage=4985326&repo=tenk&source=487 ] says complaints seeking class-action designation on behalf of customers were filed in April and May in the federal courts of five additional states: Illinois, Michigan, Missouri, Ohio and Texas.

Three new lawsuits were filed over the past two months in Massachusetts, where cases had previously been brought earlier in the year. The March 28 filing had listed more than a dozen lawsuits in Alabama, California, Massachusetts, Puerto Rico and six Canadian provinces. The Massachusetts cases against Framingham-based TJX have been consolidated.

In addition to listing TJX as a defendant, some of the lawsuits also name Cincinnati-based Fifth Third Bancorp, which processed some payment card transactions for TJX.

TJX said in Thursday's filing that it "intends to defend all of these actions vigorously," and Fifth Third has said it believes there are "substantial defenses" against the claims it faces.

Most of the complaints have been filed by TJX customers whose personal data was stolen. But some have been brought by financial institutions saddled with costs to replace cards and cover fraudulent charges tied to the theft. In April, bank associations in Massachusetts, Connecticut and Maine sued TJX, the owner of nearly 2,500 discount stores.

TJX disclosed the breach on Jan. 17, and said March 28 that one or more intruders unearthed data from at least 45.7 million credit and debit cards from transactions as long ago as early 2003. Independent organizations that track data thefts say the TJX case is believed to be the largest in the U.S. based on the number of customer records compromised.

TJX says about three-quarters of the 45.7 million cards had either expired by the time of the theft, or the stolen information didn't include security code data from the cards' magnetic stripes. However, TJX also has said the intruders could have tapped the unencrypted flow of information to card issuers as customers checked out with their credit cards.

The only arrests so far have come in Florida, where 10 people who aren't believed to be the TJX hackers are accused of using stolen TJX customer data to buy Wal-Mart gift cards.

Last month, TJX said its first-quarter profit dipped 1 percent, in part due to a $12 million after-tax charge from costs related to the theft. Nevertheless, TJX reported a 6 percent increase in revenue as customer traffic remained strong despite negative publicity about the theft.



Who says these consequences were unintended? Weren't they requested by Management? designed by “IT Professionals?” and approved by the CPO?

http://www.brandonsun.com/story.php?story_id=57256

Wireless transmission from health clinics risky, privacy commissioner says

Canadian Press Thursday, June 7th, 2007

TORONTO (CP) - Ontario's privacy commissioner says the wireless transmission of internal health clinic video is a security and privacy risk.

Ann Cavoukian issued an order Thursday urging all health-related institutions, including clinics and hospitals, to review the video surveillance systems they use.

The call comes after the commissioner's office was contacted by someone who informed them it was possible to intercept video images of the inside of a women's toilet stall at a methadone clinic in Sudbury.

Cavoukian says her office was told it was possible to pick up the signal through an in-vehicle camera some new cars are equipped with for backing up. [So, the feed from these cameras should also be interceptable... Bob]

She says the clinic was immediately asked to turn off the camera and to replace the wireless system with a hardwired system.

The commissioner recommends those with access to personal health information ensure signals cannot be intercepted, that signs be clearly posted informing patients of cameras and that access to the video only be available to a small number of staff.



Perhaps we should sue Al Gore?

http://yro.slashdot.org/article.pl?sid=07/06/07/122224&from=rss

'Dangers of the Internet' Resolution Passed By Senate

Posted by Zonk on Thursday June 07, @08:49AM from the only-creepy-if-you-don't-look-then-leap dept. Censorship The Internet Politics

destinyland writes "Apparently June is national 'Internet is Dangerous' month. The U.S. Senate unanimously passed a resolution urging Americans to 'learn more about the dangers of the Internet.' And what counts as a danger? Disabling censorware, or making friends online if you ever plan to meet them in real life. Its extreme negativity is disappointing. But remember — it passed unanimously. From the tech blorge article: 'It's not just a resolution. A few corporations are actually trying to cash in on this misguided disinformation campaign, including BSafe Online, a Tennessee company which markets a PC filtering software. (I wonder if it's one of the ones that can be disabled by 31% of America's teenagers...) Their CEO has an encouraging message for parents about safety on the internet. "This is a battle they must fight everyday with their children in order to keep pornographers, sexual predators and cyber-bullies at bay." And keeping those pornographers and sexual predators away will cost you a mere $70 a year...'"


Here is one danger.

http://www.bespacific.com/mt/archives/015044.html

June 07, 2007

GAO Report Examines Challenges to Implementing a Mandatory Electronic Verification System

Employment Verification: Challenges Exist in Implementing a Mandatory Electronic Verification System, GAO-07-924T, June 7, 2007: "The opportunity for employment is one of the most powerful magnets attracting illegal immigration to the United States. The Immigration Reform and Control Act of 1986 established an employment eligibility verification process, but immigration experts state that a more reliable verification system is needed. In 1996, the former U.S. Immigration and Naturalization Service, now within the Department of Homeland Security (DHS), and the Social Security Administration (SSA) began operating a voluntary pilot program, called the Employment Eligibility Verification (EEV) program, to provide participating employers with a means for electronically verifying employees' work eligibility. Congress is considering various immigration reform proposals, some of which would require all employers to electronically verify the work authorization status of their employees at the time of hire."



Still wondering what Apple has in mind. (Still waiting for the lawsuits, too.)

http://uchicagolaw.typepad.com/faculty/2007/06/itunes_and_iden.html

June 06, 2007

iTunes and Identity-Based Digital Rights Management

Over the last week, it has been become clear that Apple is embedding some identifying information in songs purchased from iTunes, including the name of the customer and his or her e-mail address. This has raised the ire of consumer advocates, including the Electronic Frontier Foundation which addressed this again yesterday.

Last year, I published a paper entitled Mistrust-Based Digital Rights Management (online preprint available here). In that paper, I argued that as we switched from content products such as CDs and DVDs to content services such as iTunes, Google Video and YouTube, we would embrace identity-based digital rights management. This is exactly what we are seeing from iTunes. How should we assess identity-based DRM?

[Interesting comment: I hereby coin: Digital Rights Metadata as a rebranding of DRM. Bob]



Legal research from the “Duh! College of Law”

http://techdirt.com/articles/20070606/182916.shtml

Just Using Google Not Enough In County Search For Man Who Owed Taxes

from the don't-forget-the-other-ways dept

Two years ago we wrote about a case where a judge ruled that someone who was required to do a full search to reach someone should have known to try a Google search. In that case, the original person hadn't bothered to look online, and concluded that the other person was unfindable -- while a simple Google search proved that to be untrue. A new case, however, presents a slightly different situation: what if you only did a Google search? That's what folks from Northampton County did in trying to track down a guy who owed back taxes. They were unable to find him via Google, even though a phone book lookup would have found his correct phone number. A court has now ruled that just using Google isn't sufficient. [No doubt Google will appeal! Bob] So, for those of you keeping score (or being required by law to track down some missing people), this means that (a) you should use Google in your search, but (b) you shouldn't rely on only Google.



There is a certain value to education...

http://techdirt.com/articles/20070607/182345.shtml

Who Knew That Fishermen Don't Know Old Undersea Copper Cables From Important Undersea Fiber Optic Cables?

from the shocking dept

We've talked about the high price of copper is leading to crime around the world as people are looking to steal anything copper and sell it. Due to this, the Vietnamese government thought it would make sense to allow local fisherman to grab old Vietnam War-era undersea cable lines and resell it for profit. What they didn't count on was that (would you believe it?) these local Vietnamese fishermen don't know the difference between old unused war-era undersea copper... and new, important internet- and television- connecting fiber-optic lines. Yes, it seems those fisherman are digging up whatever cables they can find and shockingly, aren't bothering to make sure that it's the copper lines they're taking, rather than the vastly more important fiber ones. 27 miles of fiber optics have gone missing, [Doesn't this suggest the response from the government wasn't “instantaneous?” Bob] and it's going to cost many millions to replace. While the allowance to fish up copper lines has now been rescinded, did anyone actually believe that local fishermen would either know the difference or care enough to make sure they were only digging up the proper cable lines?



Why didn't I think of this?

http://yro.slashdot.org/article.pl?sid=07/06/08/1211203&from=rss

Company Aims To Patent Security Patches

Posted by kdawson on Friday June 08, @08:15AM from the winner-of-the-race-to-the-bottom dept. Patents Security The Almighty Buck IT

Jonas Maebe writes "Someone thought up another way to profiteer from the software patent system: when a security hole is discovered, they'll try to patent the fix in order to collect money when the affected vendors close the hole in their product. The company in question is not shy about its intentions: Intellectual Weapons will only consider vulnerabilities in high-profile products from vendors with deep pockets. Let's be thankful for yet another way software patents are used to promote science and the useful arts."



Looking for someplace to invest those idle Billions? (I'm going to share this with my Business Plan class...)

http://www.webware.com/8301-1_109-9726877-2.html

Vator.tv launching tonight: YouTube for start-ups

By Rafe Needleman – June 6, 2007, 6:00 PM PDT

Bambi Francisco, formerly of MarketWatch, is taking the wraps off her own business tonight: Vator.tv. It's a YouTube for entrepreneurs, a place where people looking for funding or partners for their business ideas can display their "elevator pitch," and connect with those who can help them out. Other people in the entrepreneurial ecosystem can also post pitches. There are venture capitalists explaining what they want to invest in, for example, as well as service providers pitching their services.

[A couple examples... http://canyonwinelogistics.com/ http://quizlet.com/ http://www.geni.com/tree/start Bob]


It never rains but it pours...

http://www.techcrunch.com/2007/06/06/incuby-social-networking-for-inventions/

Incuby: Social Networking For Inventions

Duncan Riley June 6 2007

San Antonio, Texas based Incuby is aiming to build a community where inventors can display their inventions to the general public, entrepreneurs and investors.

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)