Your greatest risk is your employees, also known as “insiders” or “authorized users”

http://www.pogowasright.org/article.php?story=20080323164251418

Insider theft of Compass Bank database affected over 1 million customers but missed mainstream media attention

Sunday, March 23 2008 @ 04:42 PM EDT Contributed by: PrivacyNews News Section: Breaches

With the exception of the Birmingham News, what may be the largest bank breach involving insider theft of data seems to have flown under the mainstream media radar.

In July 2007, James Kevin Real, a computer programmer for Compass Bank, was indicted on six counts of financial institution fraud, four counts of access device fraud, two counts of aggravated identity theft, and one count of fraudulent possession of access device making equipment. He was accused of collaborating with Laray Byrd to produce and use counterfeit debit cards based on the customer information he had stolen.

At the time of his indictment, the Department of Justice issued a press release about the case, but no mainstream media sources seem to have covered the story back then, and sites such as PogoWasRight.org, the Privacy Rights Clearinghouse and other sites that rely on media reports all missed the breach.

In light of the details now available, the breach appears to be the largest bank breach involving insider theft of data in terms of number of customers whose data were stolen. The largest incident to date for insider theft from a financial institution involved the theft of data on 8.5 million customers from Fidelity National Information Services by a subsidiary's employee.

It is not clear at the time of this writing whether Compass Bank ever notified the more than 1 million customers that their data had been stolen or how it handled disclosure and notification. A request for additional information from Compass Bank was not immediately answered.

At first glance, I dismissed this as yet another British screwup. No such luck.

http://www.pogowasright.org/article.php?story=20080324060950630

Stolen government laptop held patient data

Monday, March 24 2008 @ 06:21 AM EDT Contributed by: PrivacyNews News Section: Breaches

A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years’ worth of clinical trial data, including names, medical diagnoses and details of the patients’ heart scans. The information was not encrypted, in violation of the government’s data-security policy.

NIH officials made no public comment about the theft and did not send letters notifying the affected patients of the breach until last Thursday — almost a month later. They said they hesitated because of concerns that they would provoke undue alarm.

[…] Elizabeth G. Nabel, director of the National Heart, Lung and Blood Institute (NHLBI), said in a statement issued late Friday that “when volunteers enroll in a clinical study, they place great trust in the researchers and study staff, expecting them to act both responsibly and ethically.” She said that “we deeply regret that this incident may cause those who have participated in one of our studies to feel that we have violated that trust.” [“But we don't regret it enough to actually, like, ya know, do anything about it...” Bob]

NIH officials said the laptop was taken Feb. 23 from the locked trunk of a car driven by an NHLBI laboratory chief named Andrew Arai, who had taken his daughter to a swim meet in Montgomery County.

Source - Washington Post

I wonder if the Computer Crime Cops have any say in the security of the web site?

http://www.pogowasright.org/article.php?story=20080324060756255

UK: Police ID fear after Met website is hacked

Monday, March 24 2008 @ 06:22 AM EDT Contributed by: PrivacyNews News Section: Breaches

Cops fear hackers may have stolen the personal details of hundreds of officers.

At first Scotland Yard thought it was just a prank when a picture of Brobee, from children's TV show Yo Gabba Gabb, was posted by hackers on the recruitment website www.metcareers.com last month.

But a security review found the site was linked to two Met databases containing job applications and personal details.

Source - Mirror.co.uk

[From the article:

A source said: "This information would be very useful for identity fraudsters and almost priceless to criminals."

...because...

http://www.pogowasright.org/article.php?story=20080324060650261

Data “Dysprotection:” breaches reported last week

Monday, March 24 2008 @ 06:19 AM EDT
Contributed by: PrivacyNews
News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Tools for ubiquitous surveillance: cellular video cameras

http://www.latimes.com/entertainment/news/interactive/la-ca-webscout23mar23,1,336119.story

Reporting live from a cellphone near you ...

The startup allows video from cellphones to be streamed live on the Web. In the future, will any bad behavior may go unnoticed?

By David Sarno, Los Angeles Times Staff Writer March 23, 2008

... You don't have to be a starry-eyed technophile or a surly dystopian to see what this is going to look like. Just go to Qik.com. The Silicon Valley Web startup has created a system that lets users send live video directly from their Nokia phones to the Web. When the broadcast is over, the clip is auto-saved for repeat (public) viewings.

Forecast of doom?

http://www.desktoplinux.com/news/NS8541837412.html

Windows is caught between Mac and Linux

Mar. 21, 2008

For the first time in ages, the sale of new PCs with Windows as a percentage of the PC market is declining sharply. The new winner is the Mac, but, while no one does a good job of tracking the still-new, pre-installed Linux desktop market, it's also clear that Linux is finally making impressive inroads into Windows' once unchallenged market share.

The Mac numbers are especially revealing. NPD, a global market research company, has revealed that Apple's share of the U.S. computer market jumped to 14 percent in February 2008. This was up from 9 percent in February 2007.

In comparison to the overall market, U.S. PC retail shipments only grew 9 percent in units shipped and a mere 5 percent in revenue in the last year. Macs, in the meantime, saw a 60 percent growth in unit sales with an even more impressive 67 percent gain in revenue growth over the same period.

... I see two strong trends here. On the high end, people are buying Macs instead of Windows PC. On the low end, Linux is eating Windows alive.

... How Microsoft deals, or fails to deal, with this new challenge will determine if Windows continues to be the dominant desktop operating system. Distracted by its Yahoo buyout plans, its courtroom failures and its leadership changes, Microsoft is in trouble, and that means the other desktop operating systems have their best chance ever to knock Windows off the top of the desktop hill.

Interesting from a strategic perspective... (I summarize the points)

http://blogs.zdnet.com/projectfailures/?p=666

Is IT becoming extinct?

Posted by Michael Krigsman @ 5:57 pm March 23rd, 2008

Since the days of punch cards, IT has believed itself to be guardian of precious computing resources against attacks from non-technical barbarians known as “users.”

While ITs demise won’t happen overnight, the trend is clear. Here’s why:

IT services have become a commodity.

Social media empowers users at the expense of IT.

Software as a service (SaaS) providers are replacing in-house IT infrastructures.

IT leadership is alienated from senior management.

Corporate leadership doesn’t understand the implications of IT decisions on business strategy.

Volume purchasing arrangements contribute to IT stagnation.

The IT-killing external ecosystem is well funded.