Big data theft and more evidence that I am not fluent in English...

http://www.pogowasright.org/article.php?story=20080529062022549

In: City BPO accused of data theft

Thursday, May 29 2008 @ 06:20 AM EDT Contributed by: PrivacyNews News Section: Breaches

It could well be one of the biggest data thefts in the country. An Ahmedabad-based BPO owner, Maulik Dave, has been accused of data theft from a Florida-based company and selling them to its rival companies in the US.

Dave stole data worth Rs 1 crore [10,000,000? Bob]from the company. With the help of his accomplice based in the US, Milan Dabhi, he sold the data to competitors of the company in the US.

The nondescript office of Business Bee Solutions along the SG Road, a BPO working in the IT sector, has been closed for three months soon after Florida-based Company Noble Ventures Inc. cancelled their contract with Dave.

He then shifted his operations to his home in Vejalpur. Dave had got a contract for two years for designing and maintenance of the website of Noble Ventures Inc. This company provides customer database of 1.25 crore [12.500,000? Bob] US citizens to various marketing companies in the US and also has a client-base in other international markets.

When his contract got cancelled, Dave tapped into the data bank of Noble Ventures Inc., and stole 85 lakh [8,500,000? Bob] records and sold it to the company's rivals in the US.

Source - The Times of India

How things go wrong?

http://www.pogowasright.org/article.php?story=20080529060537736

AU: Privacy Commissioner publishes case notes 1 - 7 for 2008

Thursday, May 29 2008 @ 06:05 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

The Privacy Commissioner, Karen Curtis, has today released seven new case notes:

• A v Private School [2008] PrivCmrA 1 - refusal to give access to personal information held by a private school.

• B v Hotel [2008] PrivCmrA 2 - Improper disclosure of personal information by an organisation.

• C v Health Service Provider [2008] PrivCmrA 3 - Disclosure of personal information by a health service provider.

• D v Health Service Provider [2008] PrivCmrA 4 - Unauthorised access to and security of personal information.

• E v Insurance Company [2008] PrivCmrA 5 - Improper disclosure of personal information.

• F v Australian Government Agency [2008] PrivCmrA 6 - Failure to keep personal information secure.

• G v Financial Institutions X and Y [2008] PrivCmrA 7 - Improper disclosure of personal information and accuracy of personal information.

The Privacy Commissioner publishes case notes of finalised complaints that are considered to be of interest to the general public.

Cases chosen involve interpretation of the Privacy Act or associated legislation in new circumstances, illustrate systemic issues or illustrate the application of the law to a particular industry or subject area. The case notes are intended to offer a synopsis only and not to be a comprehensive account.

It is a function of the Commissioner to endeavour to resolve complaints by conciliation where appropriate. As a result, the outcome in any particular case will be affected by a number of factors, including the applicable law, the facts of the matter and the approach to the conciliation process taken by both the complainant and respondent.

Please visit the Complaint Case Notes, Summaries and Determinations page for more details.

Source - Office of the Privacy Commissioner

How do you know that credit card information you stole/bought is any good?

http://www.pogowasright.org/article.php?story=20080529063520108

Credit thieves use campaign Web sites to test stolen cards’ validity

Thursday, May 29 2008 @ 06:35 AM EDT Contributed by: PrivacyNews News Section: Breaches

Charles Bridges isn't a supporter of Barack Obama.

So he was surprised to find a $103.90 donation to the Obama For America campaign on his American Express credit card statement last month.

What I found out from talking to folks at the Obama campaign was that there is a growing criminal enterprise in which stolen credit card numbers are used to make online donations to political campaigns and charities.

It's not that crooks are suddenly becoming activists or do-gooders. Instead, they have found that making online donations is an easy way to verify that the stolen credit card numbers they are buying or selling are valid.

Source - news-press.com

...so how do you tell a crook from a broker?

http://news.slashdot.org/article.pl?sid=08/05/28/1522250&from=rss

Stealing From Banks One Cent at a Time

Posted by CmdrTaco on Wednesday May 28, @11:42AM from the not-like-atm-fees-steal-from-you dept. The Almighty Buck Security

JRHelgeson writes

"In a story strangely reminiscent of Superman 3, a 'hacker' allegedly stole over $50,000 from PayPal, Google Checkout as well as several unnamed online brokerage firms. When opening an online brokering account it is common practice for companies such as E-trade and Schwab to send a tiny payment — ranging from only a few cents to a couple of dollars — to verify that the user has access to the bank account listed. According to the story, the attacker wrote a script that opened thousands of accounts at dozens of these providers. He was arrested not for taking the money, but for using false names in order to get it."

Perhaps we should include mandatory encryption language in our laws?

http://www.pogowasright.org/article.php?story=20080528202713367

M&S appeals against data protection ruling

Wednesday, May 28 2008 @ 08:27 PM EDT Contributed by: PrivacyNews News Section: Breaches

Marks and Spencer (M&S) is appealing against a ruling by the Information Commissioner’s Office (ICO) that the company breached the Data Protection Act (DPA), Computing has learned.

The case will set a precedent on whether or not companies need to encrypt laptops to comply with the DPA.

In January this year, the ICO issued an enforcement notice to the firm to encrypt its laptop hard drives, following the theft from a sub-contractor in April 2006 of a computer containing details of the pension arrangements of 26,000 M&S staff.

Source - computing

What (you ask) is the opposite of “Security through Obscurity?” No stunning examples in the comments, yet.

http://ask.slashdot.org/article.pl?sid=08/05/28/2029209&from=rss

What Examples of Security Theater Have You Encountered?

Posted by timothy on Wednesday May 28, @04:47PM from the kip-hawley-please-to-the-white-courtesy-phone dept. Security

swillden writes

"Everyone who pays any attention at all to security, both computer security and 'meatspace' security, has heard the phrase Security Theater. For years I've paid close attention to security setups that I come in contact with, and tried to evaluate their real effectiveness vs their theatrical aspects. In the process I've found many examples of pure theater, but even more cases where the security was really a cover for another motive." swillden would like to know what you've encountered along these lines; read on for the rest of his question below.

swillden continues: "Recently, a neighbor uncovered a good example. He and his wife attended a local semi-pro baseball game where security guards were checking all bags for weapons. Since his wife carries a small pistol in her purse, they were concerned that there would be a problem. They decided to try anyway, and see if her concealed weapon permit satisfied the policy. The guard looked at her gun, said nothing and passed them in, then stopped the man behind them because he had beer and snacks in his bag. Park rules prohibit outside food. It's clear what the 'security' check was really about: improving park food vending revenues.

So, what examples of pure security theater have you noticed? Even more interesting, what examples of security-as-excuse have you seen?"