Saturday, September 22, 2007

Who says CEOs aren't worth their pay? You have to admire their ability to minimize, trivialize and otherwise contain the potential damage. This will undoubtedly be an important case study for Public Relations.

I was hoping that more details would be revealed. Has there been enough time for a complete review of the available evidence, and if so was it factored into the settlement? Lots and Lots of unanswered questions here. NOTE: This is actually on the TJX web site ( but with no visible link. (Fortunately, it is trivial to capture the URL)

TJX says settles customer class action suits in security breach

By Sylvia Lee Wingfield Associated Press

The TJX Companies, Inc., a discount retailer, said Friday [Traditional “no one will notice” day... Bob] it settled customer class action lawsuits in the United States, Canada and Puerto Rico stemming from a massive security breach of customer data that affected at least 45 million credit and debit cards.

The announcement did not specify the settlement cost, but noted that its estimated costs were included in a $107 million reserve included in its second-quarter report for fiscal 2008 and its estimate of $21 million in costs expected in fiscal 2009. The $107 million figure also includes costs from other lawsuits not included in the customer class actions, the Framingham-based company said.

The settlement also includes Cincinnati-based Fifth Third Bancorp, [I couldn't find anything on their site... Bob] which processed some payment card transactions for TJX and was named in some of the customer lawsuits.

TJX said it denied the allegations in the customer lawsuits. It concluded that more legal action would be time-consuming and expensive.

"We deeply regret any inconvenience our customers may have experienced as a result of the criminal attack on our computer system," TJX President and CEO Carol Meyrowitz said in a statement.

TJX said a condition of the settlement is an evaluation of its computer security improvements by an independent security expert chosen by the plaintiffs. [and if they evaluate as “worthless?” Bob] It also is subject to court approval.

"We think it's good for the members of the class and appropriate for the members of the class and we also commend the company on the way they handled it," said Tony Merchant, attorney for the Canadian plaintiffs. "For society, it's appropriate that the company has agreed that they'll allow other views on how their systems work, so it's the act of a responsible company."

TJX said customers who returned merchandise without a receipt and were sent letters notifying them that their driver's license or other identification information may have been compromised will be offered three years of credit monitoring and identity theft insurance coverage. Some of those customers also will be reimbursed for the cost of replacing drivers' licenses. If their drivers' licenses or other ID numbers were the same as their Social Security number, they will also be reimbursed for certain losses from identity theft.

The company said it would offer vouchers to customers who show they shopped TJX stores, except Bob's Stores, in the U.S., Canada or Puerto Rico during the period affected by the breach and incurred certain costs related to the breach.

The company said it will hold a one-time, three-day customer appreciation event reducing prices 15 percent, expected sometime next year. [Oh look! They're using the settlement to advertise a sale! Bob]

... Independent organizations that track data thefts say the TJX case is believed to be the largest in the U.S. based on the number of customer records compromised.

[More: go to:

They also changed their FAQ and now admit the security breach dates from July 2005: They still don't admit the data was used, even though Florida has convicted someone who used their data to purchase gift cards at Walmart.

Is this a duplicate? No date in the articles, nothing on the college web site – are they learning from TJX?

Suspected security breach at CPCC

Friday, September 21 2007 @ 04:47 PM EDT Contributed by: PrivacyNews News Section: Breaches

A possible security breach at Central Piedmont Community College has officials there taking precautions, as a former employee of the college may have accessed private employee information like social security numbers, birth dates and addresses.

Thursday, an email was sent out to nearly 2,600 employees, warning them of the possible incident.

Source -

Interesting how they found this...

(updated) Citigroup Customer Data Leaked on LimeWire

Saturday, September 22 2007 @ 08:31 AM EDT Contributed by: PrivacyNews News Section: Breaches

Citgroup has confirmed that it's investigating a data breach involving the names, Social Security numbers and credit information of 5,208 customers leaked by an employee of its ABN Amro Mortgage Group unit onto the LimeWire peer-to-peer file-sharing network.

Tiversa, a company that monitors P2P networks on behalf of clients, told eWEEK that it found Excel spreadsheets from the desktop of a financial analyst ABN Amro Mortgage Group running LimeWire. Although Tiversa found over 10,000 files, deduplication revealed only 5,208 unique Social Security numbers, along with names and what type of mortgage each customer had: conventional, 30-year or conforming, for example.

Source - eWeek

Interesting where Pogo found this one...

(update) Gander Mountain Announces Recovery of Pennsylvania Store Computer; Confirms No Customer Data Was Compromised

Friday, September 21 2007 @ 07:34 PM EDT Contributed by: PrivacyNews News Section: Breaches

Gander Mountain Company (Nasdaq: GMTN - News) today announced the recovery of computer equipment containing certain customer transaction information relating to a single store in Greensburg, Pennsylvania. An independent security assessment firm has verified that no customer data was accessed or compromised.

Source - PRNewswire

Why? Because we can, you silly American.” Note: This sounds logical...

French Plan to Screen DNA of Visa-Seekers Draws Anger

Friday, September 21 2007 @ 11:13 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

The French National Assembly on Thursday approved a controversial proposal authorizing the use of DNA testing to determine whether foreigners applying for visas are actually related to family members they seek to join in France.

The plan, part of President Nicolas Sarkozy's efforts to make it tougher for foreigners from Middle Eastern and African countries to immigrate to France, prompted outrage from human rights groups, opposition politicians and some members of the president's cabinet.

Source - Washington Post

Why? Because we can, you silly American.”

Federal Agent Indicted For Using Homeland Security Database To Stalk Girlfriend

Friday, September 21 2007 @ 10:55 AM EDT Contributed by: PrivacyNews News Section: In the Courts

A special agent with the Department of Commerce has been charged with unlawfully accessing a database within the Department of Homeland Security to stalk his former girlfriend and her family.

Benjamin Robinson, 40, of Oakland, Calif., was indicted by a federal grand jury in San Jose Wednesday in connection with allegations that he accessed a government database known as the Treasury Enforcement Communications System (TECS) at least 163 times [See? They keep logs. Bob] to track a woman's travel patterns. He is being charged with making a false statement to a government agency, and unlawfully obtaining information from a protected computer.

Robinson faces a maximum of 10 years in prison and a fine of $500,000.

Source - InformationWeek

More like this! I doth implore

Other judges are such a bore

Writing opinions in boring prose

Whilst you use poesy to state your NOs!

Sep 21, 2007 9:21 am US/Eastern

N.H. Judge Rhymes Ruling To 'Green Eggs And Ham'

(AP) CONCORD, N.H. A New Hampshire prison inmate's file drove a federal judge to rhyme to express himself.

U.S. District Court Judge James Muirhead reached for Dr. Seuss' "Green Eggs and Ham" for inspiration when a prison inmate protesting his diet attached a hard-boiled egg to documents sent to court.

"I do not like eggs in the file.

I do not like them in any style.

I will not take them fried or boiled.

I will not take them poached or broiled.

I will not take them soft or scrambled

Despite an argument well-rambled,"

Muirhead wrote in his response to inmate Charles Wolffe.

He then ordered the egg destroyed: "No fan I am Of the egg at hand. Destroy that egg! Today! Today! Today I say! Without delay!"

Wolffe says he is an Orthodox Jew and has accused prison officials of refusing to feed him a kosher diet. He is seeking to the proper foods and $10 million from the state. His case has been scheduled for a trial. [“an argument well-rambled” does it every time. Bob]

This company clearly looks at the logs of system activity. Why can't companies that allow Data Spills do the same?

Fired For Using eBay At Work

from the did-they-at-least-buy-anything-good? dept

There have been a bunch of bogus stories over the years (usually placed by companies that sell internet filters) about the productivity losses of personal surfing at work. However, other studies have shown that personal surfing tends not to be a problem for most people. It helps ease the work-life balance that has all too often created a situation where "work" interrupts "life." Thus, it seems only fair for "life" to occasionally show up at "work." In fact, one study showed that people who do personal surfing at work tend to make it up either by being more productive or putting in extra work time from home. The key, really, is to look at whether or not the person is getting their job done. If they're able to get the job done, then does it really matter if they spend some excess time surfing?

Over in the UK, there's a story about nine office workers who were fired after it was discovered that they had spent up to two hours a day on eBay. That seems like quite a bit (though the "up to" part can be misleading). However, some questions aren't answered. For example, there's no indication as to whether or not it impacted their job performance. It's also not clear from the report if these workers were exclusively using eBay or just had the window open while doing other things. Right this second, I have about eight or nine browser windows open. Most are work related, but a few are not -- but if I leave the window with the latest baseball scores open all day, it doesn't mean I only was checking baseball scores all day. The employees apparently are represented by a union -- but rather than arguing the points I've mentioned here, they're actually arguing that it's (get this) the employer's fault for putting temptation in the way of these workers and not filtering out eBay. That seems ridiculous and hopefully doesn't get any support at all.

Pirate Bay may press the case just to amuse their users (who will probably gleefully contribute to the “counter-attack fund”)

The Pirate Bay To Sue Entertainment Companies For Attacks

from the could-get-interesting dept

Well, this could get interesting. Following the leak of MediaDefender's emails, the folks behind The Pirate Bay now believe they have enough evidence to sue many major entertainment firms for "infrastructural sabotage, denial of service attacks, hacking and spamming." Basically, there's evidence in the emails that a bunch of firms, including Universal, EMI, Sony, Paramount and others were using MediaDefender to try to mess with The Pirate Bay's system. Whether or not the lawsuit actually goes anywhere may depend on a lot of factors (including Swedish laws, which I am totally unfamiliar with). There may be some questions about how the emails in question were obtained. And, of course, the entertainment companies will likely counter that they were just trying to protect their own materials -- which could find a sympathetic ear in a courtroom. Either way it would be quite a lawsuit.

[Also see:

Dumb student? “Any sufficiently advanced technology is indistinguishable from magic.” Arthur C. Clarke The Tremendously Suspicious Agency doesn't like magic.

MIT Student Arrested For Wearing 'Tech Art' Shirt At Airport

Posted by Zonk on Friday September 21, @03:56PM from the don't-be-a-jerk-to-the-police,-they-have-guns dept. Education Security United States

SuperBanana writes "According to a report by the Boston Globe, MIT Student Star Simpson was nearly shot by Logan Airport police who thought she was armed with a bomb. She approached an airline employee wearing a prototyping board with electronic components, crudely attached to the front of her sweatshirt and holding 'putty' in her hand. She asked about an incoming flight, and did not respond when asked about the device. Armed police responded. 'Simpson was charged with possessing a hoax device and was arraigned today East Boston Municipal Court. She was held on $750 cash bail and ordered to return to court Oct. 29. "Thankfully because she followed our instructions, she ended up in our cell instead of a morgue," Pare said. "Again, this is a serious offense ... I'm shocked and appalled that somebody would wear this type of device to an airport."'"

This may have some potential. Imagine providing your own commentary on the political debates or annotating a demo video. - Create A Split Screen Video

Want to create a lively split screen video? Want to jam out with others? All you need is a web camera and you can visit Tjoon and create split screen videos. Register and start your video. Simply go to record your Tjoon connect your web camera and hit the red button to record. You can record 30 seconds of each screen or as many screens up to four. Collaborate with other Tjoon users, start a beat with your keyboard and ask them to elaborate with other instruments. Take a look at the most popular and most recent Tjoon lists to get an idea of what you can do or visit the blog to see what people are talking about. You think that a Tjoon is excellent, say so by leaving a comment or rating the video. Be creative and make cool split screen videos at

Friday, September 21, 2007

Not much data at all...

City: Stolen computers held personal information on 3,500 people

Friday, September 21 2007 @ 06:09 AM EDT Contributed by: PrivacyNews News Section: Older News Stories

The city of Columbus (Ohio) is offering identity-theft protection services to more than 3,000 people whose Social Security numbers were on three computers stolen from a warehouse.

The theft affected people who had signed up for the city's Mobile Tool Library, which lends power tools, lawn mowers and supplies.

Source - WTOL

Blame. It's a wonderful thing.,1759,2185992,00.asp?kc=EWRSS03119TX1K0000594

Suit: Employee Fired for Reporting Breach

September 20, 2007 By Deborah Perelman

For one of the biggest healthcare data breaches in history, the lawsuits haven't stopped yet.

In December 2005, thieves broke into the parked van of an IT systems analyst for Providence Home Services, a Washington state health care company, stealing a computer bag with ten unencrypted tapes and disks holding information on what would turn out to be more than 365,000 hospice and home health care patients—everything from Social Security numbers and birth and death dates to diagnoses, prescriptions and insurance numbers. Data on doctors, including their Medicare and Medicaid and state license numbers, names, addresses and phone numbers were also missing.

Executives waited three weeks before informing patients about the stolen data, in what turned out to be the biggest data breach ever reported in Oregon. The state investigation and class-action lawsuit that followed ended in a $95,000 settlement payment by the healthcare provider to the state of Oregon to cover the cost of the investigation.

Now, in a lawsuit filed Aug. 28 in Multnomah County Circuit Court, near Portland, former Providence Home Services IT systems analyst Steven Shields is seeking $1 million in damages from his former employer for allegedly violating Oregon's whistleblower law.

Steven Shields, the employee who left the records inside the van, alleges in the lawsuit that he was fired for reporting the December 2005 incident to police. Whistleblower laws prevent companies from firing employees who make a good-faith report of wrongdoing. If employees are worried about losing their jobs, the law reasons, they may not do the right thing when a dangerous situation occurs.

... A contractor has since been hired to transport and store all sensitive data, instead of allowing employees to take it home.

Another rant against Ohio

On stolen data with privacy-relevant information

September 20, 2007 - 10:43am — MacRonin

[Comments: On stolen data with privacy-relevant information: "

... Peter Murray Says: September 18th, 2007 at 10:55 pm

Oh, I think the story is much more interesting that you are letting on. It would appear that the theft of the backup tape was not a backup of the OAKS system [the State of Ohio’s ERP system] itself; instead, it was some intranet fileserver where various datasets were stored that were used by “database analysts who were running tests on large files containing sensitive data on the I: drive.” An extract from the Ohio inspector general’s report beginning at PDF page 16 (report page 10) is included below:

The Ohio data spill is full of interesting twists...

(update) Data company, being sued by state, blames security breach on 'human error'

Thursday, September 20 2007 @ 02:35 PM EDT Contributed by: PrivacyNews News Section: Breaches

Confidential data from Connecticut's computerized financial management network ended up on a backup tape stolen from a college intern's car in Ohio because of "human error," the company that implemented the problem-plagued system said Wednesday.

But an official in the union that represents state information technology employees said it believes the consulting company, Bermuda-based Accenture, transferred the Connecticut data to Ohio - where Accenture was the primary consultant on a similar system installed for the state government there - simply to save the firm time and money.

Moreover, she suggested that Accenture also might have used the Connecticut data to test similar projects elsewhere, because its consultants who worked on the state's $130 million CORE-CT project later were transferred not only to Ohio, but also "internationally."

Source -

Perhaps we could require them to wear striped shirts (in the school colors) with student ID numbers?

'Hey you': Profs can't use names of students

Friday, September 21 2007 @ 06:36 AM EDT Contributed by: PrivacyNews News Section: Minors & Students

These days, University of Iowa professors, whether they know it or not, are supposed to get permission before calling on a student by name in their class.

In a new regulation based on the Family Educational Rights and Privacy Act, or FERPA, that some are calling "bizarre," UI officials say using a student's name could be a violation of privacy.

Source - Iowa City Press-Citizen

So, why do we need all those cameras? (“It is better to look techie than to be techie” Hernando)

10,000 Cameras Ineffective At Deterring Crime

Posted by CowboyNeal on Thursday September 20, @09:31PM from the clearly-we-need-more-cameras dept. Privacy Security Politics

Mike writes "London has 10,000 crime-fighting CCTV cameras which cost £200 million but an analysis of the publicly funded spy network has cast serious doubt on its ability to help solve crime. In fact, four out of five of the boroughs with the most cameras have a record of solving crime that is below average. The study found that police are no more likely to catch offenders in areas with hundreds of cameras than in those with hardly any. Could this be an effective argument against the proliferation of cameras or will politicians simply ignore the facts and press ahead?"

Another reason to let your kids use those social web sites – you can sue people!

Family sues Virgin Mobile over teen's photo in ad

Thursday, September 20 2007 @ 03:54 PM EDT Contributed by: PrivacyNews News Section: In the Courts

A Dallas family charges that Australia's Virgin Mobile phone company caused their teenage daughter grief and humiliation by plastering her photo on billboards and Web site advertisements without consent.

The family of Alison Chang says Virgin Mobile grabbed the picture from Flickr, Yahoo Inc.'s popular photo-sharing Web site.

Chang's family filed a lawsuit late Wednesday in state district court in Dallas against Virgin Mobile USA LLC, its Australian counterpart, and Creative Commons Corp., a Massachusetts nonprofit that licenses sharing of Flickr photos.

Source - Associated Press

Related - From the “sue-everyone-and-hope-someone-settles” department… (Commentary, blog)

Writing Science Fiction is one was to avoid Guantanamo...

Cory Doctorow's Fiction About An Evil Google

Posted by CowboyNeal on Friday September 21, @12:23AM from the government-search-engines dept. Google Privacy

ahem writes "I saw a link on Valleywag to a story written by Cory Doctorow about what would happen if Google got in bed with the Dept. of Homeland Security. Chilling, well written, but the ending was a bit anti-climactic for my tastes."

A rather rare type of story... (More typical is the Dan Rather defense)

Daniel Lyons of Forbes Admits Being Snowed by SCO

Posted by Zonk on Thursday September 20, @06:01PM from the very-glad-this-is-over dept. Caldera The Courts The Media Linux

certain death writes "Daniel Lyons of Forbes Magazine has admitted to being snowed by SCO, regarding their lawsuit over Linux and SCO code. He specifically mentions Groklaw's role in the case, and regrets his early articles giving the company the benefit of the doubt. 'I still thought it would be foolish to predict how this lawsuit (or any lawsuit) would play out. I even wrote an article called "Revenge of the Nerds," which poked fun at the pack of amateur sleuths who were following the case on a Web site called Groklaw and who claimed to know for sure that SCO was going to lose. Turns out those amateur sleuths were right. Now some of them are writing to me asking how I'd like my crow cooked, and where I'd like it delivered. Others in that highly partisan crowd have suggested that I wanted SCO to win, and even that I was paid off by SCO or Microsoft. Of course that's not true. I've told these folks it's not true. Hasn't stopped them. The truth, as is often the case, is far less exciting than the conspiracy theorists would like to believe. It is simply this: I got it wrong. The nerds got it right.'" [and we'll never let you forget it! Bob]

This debate seems to be heating up...

Perhaps Up North 'Unlimited' Means Something Different Than It Does Here

from the haven't-we-been-through-this-before dept

There's absolutely nothing wrong with a connectivity provider limiting how people use their connectivity -- as long as it's clearly laid out in how they pitch the service. Unfortunately, too many of these services advertise "unlimited" service, but mean the exact opposite. In the US, Verizon Wireless used to do this. When confronted on it, they tried to doubletalk their way around the issue, claiming that it was "unlimited data for limited types of data" (read that phrase a few times). However, eventually, Verizon Wireless realized how ridiculous this was and started to back off the claims of unlimited data. Unfortunately, that sort of thinking hasn't reached the folks at Bell Canada, who are apparently advertising an unlimited service, while hiding an awful lot of "limits" within the terms of service. Again, there's nothing wrong with them deciding they need to limit the service -- but if they're going to do so, they shouldn't be advertising it as unlimited. It's amazing that no one's been charged with false advertising for these types of misleading ads. [Yet Bob]


Comcast speaks out on bandwidth caps, says they only affect 0.01% of users

By Eric Bangeman | Published: September 19, 2007 - 11:40PM CT

Over the past several days, there have been a number of rumors and lots of discussion about the issue of bandwidth caps and Comcast. There have been a number of reports of users having reached some sort of bandwidth limit—reportedly 90GB—and having their service cut off by America's largest cable ISP. Ars spoke to Comcast today in an attempt to find out what's going on.

Read this!

How to be a Customer

Published: September 20, 2007 Author: John Quelch

99 percent of marketing focuses on how to sell to customers. Very little attention is paid to why and how customers should sell themselves to marketers. As a customer, do you ever think about how you can get a leg up on your competition—the other customers competing for the attention and goodwill of the seller?

Attention SiFi fans!

Heinlein Archives Put Online

Posted by CowboyNeal on Friday September 21, @05:09AM from the plenty-to-read dept. Sci-Fi Entertainment

RaymondRuptime writes "Good news for fans of the late SF master Robert Heinlein, 2 months after his 100th birthday celebration. Per the San Jose Mercury News, 'The entire contents of the Robert A. and Virginia Heinlein Archive — housed in the UC-Santa Cruz Library's Special Collections since 1968 — have been scanned in an effort to preserve the contents digitally while making the collection easily available to both academics and the general public... The first collection released includes 106,000 pages, consisting of Heinlein's complete manuscripts — including files of all his published works, notes, research, early drafts and edits of manuscripts.' You can skip the brief article and go straight to the archives."

Haven't I been saying the same thing?

No One Ever Said Free Is The Business Model -- But It Absolutely Should Be A Part Of The Business Model

from the a-little-bit-of-confusion dept

Following Rupert Murdoch's latest hints that he's going to take down the paywall at the Wall Street Journal, a bit of a debate has developed about whether or not it's a good idea. Dow Jones executives are apparently against the idea (ironically, published in a "free" article on their site). However, the WSJ's Kara Swisher is all for it. Watching the debate unravel, however, I keep seeing people arguing against the idea, using similar logic to what I saw in the comments earlier this year when I wrote about how "free" is an essential part of many business models (if you know how to leverage it). It's typified by Mark Potts, who declares: "Free is Not a Business Model," in dismissing the commentary in support of a freeing both the NY Times and the WSJ. Unfortunately, it seems like Potts is blinded by the word free and forgets to look past it. No one is saying that "free" is the business model. They're simply saying that free is a component of the business model -- just as it's been a component of business models for ages ("the free trial," "buy one, get one free" "buy now and we'll throw in a free toaster"). Arguing that free isn't a business model is missing the point. The argument is actually over how you use free as a part of your overall business model. In fact, that's exactly what Swisher is doing in her piece, where she suggests a number of related business models that are all helped if the WSJ makes its core content free. It's the same thing that we're saying when we suggest that musicians are better off making their content free. It's not that free is the business model. It's that the free stuff helps promote other business models that can make more money.

Convergence: Never miss an episode of the Lone Ranger again! (Next: TV on demand – they've been promising for 20 years!) - On Demand Radio Thru Your Cell Phone

CelleCast enables its users to listen to their favorite radio shows and audio entertainment directly from their cell phones. Dial CelleCast’s direct line to access their audio catalog. Select the programs you want to hear and listen on your own time. Programs can be fast forwarded, paused and rewound for your listening convenience. Listeners can manage their playlists online for later listening. There’s also a TalkBack feature which enables users to record and deliver messages to their favorite talk show hosts. For an ad free experience listeners can subscribe for $9.95 a month or a discounted $14.80 for five months.

One radio show you should listen to...

NPR’s long, hard look at the RIAA

Bill Clinton's stress reliever? (Watch to the end...)

Thursday, September 20, 2007

Still want to let ISPs handle your security?

Web host breach may have exposed passwords for 6,000 clients

Names, addresses and phone numbers also at risk

By Dan Goodin in San Francisco Published Wednesday 19th September 2007 19:06 GMT

Layered Technologies has been targeted by malicious hackers who may have stolen passwords and other personal details on as many as 6,000 of its clients, the Texas-based web host provider warned. It is advising customers to change login credentials for all host details submitted in the past two years.

The Monday evening breach was executed by attacking an off-the-shelf application integrated into the company's support desk that manages help tickets submitted by customers, according to Layered Technologies President Todd Abrams. It remains unclear if the intruders actually took the information, but the attack had the potential to expose names, addresses, phone numbers, email addresses and server login details for five to 6,000 clients.

"Based on the log entries I'd say it's very unlikely they took a copy of the database," Abrams said. "It's not like a two-second download." He said the company wanted to err on the side of caution by asking all customers to change all passwords.

... The perpetrators accessed the database by attacking an application known as Cerberus. According to this page on Secunia, at least 11 vulnerabilities have been documented in various Cerberus tools, only one of which carried a "highly critical" severity rating. It was unclear what version of Cerberus Layered Technologies Layered Technologies uses.

Why was this data connected to the Internet?

'Coordinated' Hackers Steal Internet Retailer Customer Credit Cards

Wednesday, September 19 2007 @ 01:00 PM EDT Contributed by: PrivacyNews News Section: Breaches

Despite running what he thought was a well-secured network, the president of a publishing company has disclosed that a "coordinated and sophisticated" group of hackers broke in and stole customers' credit card information.

Vertical Web Media said its network was breached in August and hackers made off with customers' names, addresses, phone numbers and e-mail addresses, along with credit card numbers and expiration dates. Jack Love, president of the Chicago-based publisher of Internet Retailer magazine added that only a portion of the company's customers were compromised because the data was pulled offline as soon as the publisher was alerted by a customer that there was a problem. [I wonder if they know what was taken? NOTE: They didn't detect the hack, a customer did! Bob]

Source - InformationWeek

Another alert from an outsider, but they seem to have ignored it!

(update) Ameritrade leak looks to have started in late '05, much earlier than reported

Wednesday, September 19 2007 @ 06:55 PM EDT Contributed by: PrivacyNews News Section: Breaches

E-mails obtained by Network World show that Ameritrade received explicit and repeated warnings from an IT security expert starting Jan. 9, 2006 that its customer data had apparently been compromised, placing the start of the breach much earlier than previously reported and likely pushing it into 2005. Nevertheless, the company insisted for the next 20 months that a flood of stock-related spam being received by numerous clients was not indicative of a more serious problem.

Source - NetworkWorld

I wonder what their contracts say?

(update) Affiliated Computer Services loses or destroys data on 32,000 Kraft employees

Thursday, September 20 2007 @ 08:04 AM EDT Contributed by: PrivacyNews News Section: Breaches

In response to a request to Kraft to provide more details on a tape lost by Affiliated Computer Services (see original story), Elisabeth Wenner, Associate Director, Communications of Kraft Foods sent the following statement to

"I am following up on your inquiry to Kraft and wanted to provide you with some background. As you may know, in early August, Caremark, the company that administers Kraft’s prescription drug benefits program, let us know that a computer tape with the names and other personal information of approximately 32,000 current and former employees and a small number of fewer than 500 of their dependents, was missing. Kraft sent the tape to Affiliated Computer Services (ACS), a company that processes data for Caremark. No prescription records were included and the information can only be opened with special hardware.

We do not think anyone will access the information and believe the tape was accidentally destroyed. Even so, out of an abundance of caution, we notified employees and through Caremark have arranged for two years of free credit monitoring from Trans Union.

We want to emphasize that we do not believe that the information has been accessed. However, we take our obligation to safeguard the personal information of our employees very seriously and we have improved our processes and systems.

I hope this has been helpful and please do not hesitate to reach out again."

The deliberate Data Spill...

Edwards campaign says e-mail violated; aide resigns for messages

By Philip Elliott, Associated Press Writer | September 19, 2007

CONCORD, N.H. --John Edwards' presidential campaign is asking for a criminal investigation after an aide's internal e-mail messages were copied and mailed to some people he disparaged in them.

Matt Spence, Edwards' deputy New Hampshire political director, apologized and resigned after being confronted with the e-mails, campaign spokeswoman Kate Bedingfield said Wednesday.

... "We will not tolerate that kind of language on the Edwards campaign," Bedingfield said. "The campaign [“The campaign” is a person? Bob] has personally apologized to everyone referenced in the e-mails."

More Ohio related fallout

(update) CT: State to sue company linked to lost data

Wednesday, September 19 2007 @ 12:57 PM EDT Contributed by: PrivacyNews News Section: Breaches

State officials are planning to sue Accenture, the Bermuda-based company hired to implement Connecticut's controversial computerized financial accounting system, over its role in providing confidential state data to a similar system in Ohio.

The civil complaint is expected to charge Accenture with breach of contract and negligence, according to Attorney General Richard Blumenthal, who said it would be lodged after he confers with state Comptroller Nancy Wyman, who was to return to Connecticut this afternoon after spending several days in Florida handling the estate of her late mother.

Source - Journal Inquirer

Guideline for Data Spills?

Can't Run, Can't Hide: New Rules of Engagement for Crisis Management

Published: September 19, 2007 in Knowledge@Wharton

The corporate apologies are piling up. Mattel CEO Robert Eckert apologized before a Senate subcommittee on September 12 for lead paint found in millions of the company's toys. On September 14, TD Ameritrade CEO Joe Moglia apologized for a database breach that compromised customer addresses, phone numbers and email addresses. Apple CEO Steve Jobs apologized on September 6 for cutting the price of the high-end iPhone to $399 just weeks after die-hard customers waited in long lines to pay $599. Dell executives apologized in August on the company's corporate blog for delayed deliveries of certain laptop and desktop models. And in February, JetBlue apologized for canceling 250 flights during an ice storm and leaving some passengers on the tarmac for as long as 11 hours.

The common thread linking these apologies: Executives were moving quickly to stem damage to their companies' reputations. And while not all corporate crises are created equal, there is a playbook to handle these events, according to professors at Wharton. First, a corporate response should take hours, not days. It should include a well-thought out apology delivered through multiple mediums and it should feature some remediation so that the event won't happen again.

The government view?

Combating Identity Theft: Implementing a Coordinated Plan

Wednesday, September 19 2007 @ 09:11 AM EDT Contributed by: PrivacyNews News Section: Breaches

Prepared statement of the FTC before the Maryland Task Force to Study Identity Theft, Sept. 18th.

Source - Statement (pdf)

(Props, Realtime IT Compliance)

To be expected. Bureaucracies move slowly (news?)

Study says veterans' data are at risk

Wednesday, September 19 2007 @ 09:55 AM EDT Contributed by: PrivacyNews News Section: Breaches

Veterans' personal data and health information remain at risk of identity theft because the Veterans Affairs Department has yet to implement several safety measures, government investigators say. The report by the Government Accountability Office, released Wednesday, comes more than one year after the VA pledged renewed security efforts after the loss of personal information for 26.5 million veterans and active-duty personnel. It found that the VA had not yet fully secured access to its computer network and department facilities nor worked to ensure that only authorized changes and updates to VA computer programs were made.

Source - Associated Press

Who do you believe?

Think Tank Bashes Paper Trails For E-Voting

from the missing-the-point dept

A think tank has released a report bashing the idea of requiring paper trails for e-voting systems. The logic behind this uses some sleight of hand and some misdirection to make such a statement actually try to sound sensible. The key argument the group makes is that a paper trail would not increase security while increasing cost. That's actually true -- but that's not the point. People aren't asking for a paper trail to increase security. They're asking for a paper trail to make the machines auditable so the machine's ability to count accurately can be checked. In response to this, the think tank notes that the paper trail might not be perfect, so it's a waste. They point out that printers jam and the hand counts of paper trails may not be accurate either. That's nice, but again it's missing the point. Without those things, there's simply no way of knowing whether or not the computer count was accurate or whether the votes were tampered with. No one has suggested that a paper trail is the perfect solution to all of e-voting's problems. No one denies that paper trails potentially add other problems to the process. But the concern here is not in making e-voting cheaper -- but in making it better. Adding additional mechanisms to make the machines more reliable and more trustworthy seems like a reasonable step, though certainly not the only one that should be taken.


Report: E-voting woes could stall S.F. election tally

Posted by Anne Broache September 19, 2007 2:33 PM PDT

Glitches in touch-screen electronic voting machines without paper trails tend to rack up the most attention these days. But an irregularity over ballots marked by hand and scanned by a computer like standardized tests--known as the "optical-scan" approach--is poised to create a snafu in upcoming mayoral elections in San Francisco.

According to a San Francisco Chronicle report on Wednesday, there's concern among state officials that "less-sensitive" scanning machines at polling places across the California city won't be able to pick up ballots marked with anything other than a No. 2 pencil or a special pen provided by the voting machine manufacturer, Election Systems & Software (ES&S).

Soon at a cell phone company near you?

Massive Canadian Class-Action Cellphone Suit Is Approved

Posted by ScuttleMonkey on Wednesday September 19, @05:01PM from the war-on-big-business dept. Communications The Courts

BeanBunny writes "A Saskatchewan, Canada court has ruled that a $12 billion class-action suit can proceed. The suit alleges that 'system access fees' that the cellphone companies have charged ($7-9 per month) are unfair and constitute price gouging. 'It is described as the largest class-action in Canadian history, potentially affecting every cellphone user in the country. Currently, there are 7,500 complainants signed onto the suit.'"

How to gain competitive advantage?

TransUnion to Offer Credit Freezes Nationwide

Posted by samzenpus on Wednesday September 19, @09:50PM from the invisible-credit-score dept. Security

An anonymous reader writes "In a little-noticed press release issued Tuesday, credit reporting bureau TransUnion said it would begin offering credit freezes to all Americans, a change the belies the credit industry's oft-uttered claim that doing so would be too expensive and burdensome. The program takes effect Oct. 15, 2007, will cost $10 each to place and to remove, and request and must be filed by certified mail. As The Washington Post reports, the move comes as some 39 states and the District of Columbia have passed laws entitling their residents to credit freeze rights. The new right may have little benefit unless the other two major credit reporting bureaus follow suit, and both companies are staying mum about any plans to do so. In May, Slashdot examined a related story on the credit bureaus' traditional resistance to freeze laws."

Someone at Harvard needs an education.

Harvard Bookstore Claims Book Prices Are Copyrighted

from the you-can-claim-it,-doesn't-mean-it's-true dept

A few years ago, we had a story about a store that was kicking people out if they caught them comparison shopping via a mobile device. Obviously, a store can kick out anyone they want to, but perhaps a better approach is to actually focus on better serving the customer so that when they're done comparison shopping, they still want to buy from you (either because you have the best price, or you offer some additional convenience or service they can't get elsewhere). This issue seems to be coming up again, but with a new twist. alex writes in to let us know that the bookstore at Harvard is kicking people out for taking too many notes about pricing (via Boing Boing). When confronted about this, the store's president actually claimed that book prices were the store's "intellectual property." Of course, just because you say something is your intellectual property, it doesn't mean it is. Unfortunately for the bookstore, the law is pretty clear that you can't copyright facts -- and whether the bookstore likes it or not, prices are facts. The store certainly has the right to refuse service to anyone, but that doesn't mean that it's smart for business or that copying down prices infringes on any kind of intellectual property.

Gartner speaks, CIOs listen – do CEOs?,1759,2185384,00.asp?kc=EWRSS03119TX1K0000594

Commercial Software Will Include Open Source, Gartner Says

By Peter Galli September 19, 2007

IT organizations will have to manage open-source software along with commercial software, Gartner says.

LAS VEGAS—At least 80 percent of all commercial software products will include elements of open-source code by 2010, according to Mark Driver, vice president of research at Gartner.,1759,2185432,00.asp?kc=EWRSS03119TX1K0000594

Five Forces that Can Make Your Business Sink or Swim

September 19, 2007 By Clint Boulton

LAS VEGAS—Web 2.0, SAAS (software as a service), global class, consumerization and open source are facilitating disruptions in the high-tech market even as they are becoming vital forces that help businesses compete for new revenue opportunities.

Such was the position taken by three analysts in the opening keynote of the Gartner Web Innovations conference here Sept. 19.

This could be interesting... Now let's make an open source application for citations.

September 19, 2007

Transcripts of Federal Court Proceedings Nationwide To Be Available Online

U.S. Courts release: "The Judicial Conference of the United States today voted to make transcripts of federal district and bankruptcy court proceedings available online through the Judiciary's Public Access to Court Electronic Records (PACER) system. Under the new policy, transcripts created by court reporters or transcribers will be available for inspection and copying in a clerk of court’s office and for download from PACER 90 days after they are delivered to the clerk. Individuals will be able to view, download, or print a copy of a transcript from PACER for eight cents per page."

Why you should ed-u-ma-kate your children

12 Year Old Gets $6.5M for Gaming Company

Posted by samzenpus on Thursday September 20, @05:39AM from the that's-a-lot-of-candy dept. Businesses Games

Bayscribe writes "A Silicon Valley company co-founded by a 12-year-old has just raised $6.5 million in venture capital. PlaySpan, based in Santa Clara, Calif. says it offers game publishers a technology that lets users make payments and shop for other items. It calls itself the first "publisher-sponsored in-game commerce network." Arjun Mehta, a 6th grader, says on his Web site that he is passionate about software that can make the game experience more "rewarding," and that he started the company last year in his garage. He paid for it from earnings made from selling online game items he won."

Free is good – and IBM agrees!

Strategy Letter VI

This item ran on the Joel on Software homepage on Tuesday, September 18, 2007

IBM just released an open-source office suite called IBM Lotus Symphony. Sounds like Yet Another StarOffice distribution. But I suspect they’re probably trying to wipe out the memory of the original Lotus Symphony, which had been hyped as the Second Coming and which fell totally flat. It was the software equivalent of Gigli.

Does this seem right to you?

Mint: The easiest way to manage your personal finances

By Eric Eldon 09.18.07

[Update: Mint has won the TechCrunch 40 conference’s competition, which goes to the most impressive presenting company from among the 40 participants. Mint will receive a $50,000 cash award and other services and awards from corporate sponsors.]

Mint, a long-awaited online tool for managing your personal finances, has launched today.

For those who have used Quicken or other traditional personal accounting software to manage your checking, savings and credit card accounts, Mint will be a relief.

Once you sign up, you provide Mint with access to all of your accounts. Mint automatically categorizes each paycheck and each expenditure, then provides visual graphs and pie charts showing exactly how you’re spending your money. The entire process takes a matter of minutes.

I'm gonna start recording my classes... What kind of ads should I put on “College Algebra?” - Insert Ads Into Your Videos, Make Cash

PlugAdPlay is a video advertising site which gives any video producer the chance to earn money with video clips. Users can ad PlugAdPlay adverts to the beginning and end of their videos, or they can opt for a streaming banner. There are three different ways to actually earn money once the PlugAdPlay ads have been appended. First, you’ve got to upload your video on any site like Youtube, or Google Video; you’ll automatically earn up to a dollar for each video uploaded. Plug will pay you an extra bonus for each person watching your video wherever you’ve uploaded it. If your video becomes the most viewed on any video sharing site, you’ll reap in an extra extra bonus. PluAdPlay also pays for clicks and impressions generated by your video. Additionally, you can publish the site’s video player on your blog or website to generate even more money (each time someone watches, of course, means you’re making revenue). The potential profits are high (Plug estimates as much as $960 a month). To receive your money, you’ll need to have earned a minimum of $50.