Tuesday, September 16, 2008

Someone should suggest that they stop sending unencrypted CDs in the mail...

http://www.pogowasright.org/article.php?story=20080915133512918

UK: Details of 18,000 NHS staff missing

Monday, September 15 2008 @ 01:35 PM EDT Contributed by: PrivacyNews

The personal details of nearly 18,000 NHS staff in London have gone missing in the post.

Four computer discs containing the details of 17,990 current and former staff were lost in July when they were sent between Whittington Hospital NHS Trust and McKesson, a firm providing payroll IT services.

The discs contained the name, date of birth, national insurance number, start date and pay details of all staff and the addresses of some staff. They did not contain personal bank account details, according to the trust.

Source - The Press Association

[From the article:

Whittington Hospital NHS Trust said the discs had a "separate alpha-numeric password on them which unless found by expert hackers are very difficult to break." [Delusion Bob]

The trust said the discs went missing when an envelope they were in was placed in a post tray marked recorded delivery on July 22. [I need more “English as a foreign language” classes to decypher that sentence Bob] But there was no record of the discs being sent.

... It was the first time information had been sent through the post, he added.



Double Secret Probation ends? It looks like the FBI is sharing some information with victims. I don't see why it took so long to tell the companies and why is it taking so long to notify individuals? Perhaps the disclosure laws need a tweek?

http://www.pogowasright.org/article.php?story=20080915162807693

Forever 21 Provides Notice to Customers Regarding Security Breach Incident (follow-up)

Monday, September 15 2008 @ 04:28 PM EDT Contributed by: PrivacyNews

Law enforcement recently informed us that our systems may have been illegally accessed to obtain customer payment card information. We have determined that this incident may have affected a subset of our customers who shopped at our stores on the following nine dates: March 25, 2004; March 26, 2004; June 23, 2004; July 2, 2004; July 3, 2004; August 4, 2007; August 5, 2007; August 13, 2007; and August 14, 2007. In addition, the incident may have affected customers who shopped at our Fresno, California store located at 567 E. Shaw Ave. between November 26, 2003 and October 24, 2005.

On August 5, 2008, the U.S. Department of Justice in Boston filed indictments against 3 individuals alleged to have committed crimes involving credit card fraud against 12 retailers. That morning, Forever 21 was contacted by the U.S. Secret Service and was advised that our company was identified in the indictment as one of the retail victims. We subsequently received from the Secret Service a disk of potentially compromised file data. We promptly retained forensic consultants to help us examine the file data and our systems. Based on that investigation, we believe that the unauthorized persons accessed older credit and debit card transaction data for approximately 98,930 credit and debit card numbers. Approximately 20,500 of these numbers were obtained from the Fresno store transaction data. The data included credit and debit card numbers and in some instances expiration dates and other card data, but did not include customer name and address. More than half of the affected payment card numbers are no longer active or have expired expiration dates.

We have been working with our acquiring bank and payment card networks to resolve the situation. Your card issuing institution may send you a written notice mailed to the address related to the account number about this incident. We have also contacted the three principal credit reporting bureaus, Equifax, Experian and TransUnion, to advise them of the situation. Since 2007 when the Payment Card Industry Data Security Standards (the "PCI Standards") were imposed, our systems have been certified to be in compliance with the PCI Standards, including the data encryption standards. After we were informed of this incident, we adopted additional proactive security measures and continue to regularly monitor our systems for intrusions.

Source - Forever21

Props, The Consumerist blog

Comment: so it appears that our government left Forever21 in the dark until they were ready to announce the indictment. Why Forever21 never detected the breach itself on its own is a discussion for another time, but that our government delayed in notifying the company so that consumers could be notified is just... well, outrageous. -- Dissent

[From the blog:

Forever 21 also announced the problem to its customers via a small link on its site labeled "Important Customer Info Notice" that no one will ever click on. [See if you can find it... Bob]



Another “slow release” breach disclosure. Keeps them in the news (in a negative way) and must make other clients wonder...

http://www.pogowasright.org/article.php?story=20080915080929430

EXCLUSIVE: Intuit notifies 22,000 of stolen computer

Monday, September 15 2008 @ 08:09 AM EDT Contributed by: PrivacyNews

The burglary at Colt Express Outsourcing over the Memorial Day weekend affected employees of over 20 firms that were using or had used Colt to administer benefits programs for employees.

Now software company Intuit has confirmed that some employees and their dependents also had data on the stolen computer.

In a statement to PogoWasRight.org, a spokesperson for Intuit reports that they notified 22,000 people, including employees, former employees and their dependents who were enrolled in the company's health benefits plans between August 1997 and January 2002. The unencrypted personal data involved names, addresses, Social Security numbers and birthdates.

In response to a query from this site as to why the delay in notifying its employees, who just received letters this past week, Intuit reports that when they were notified of the breach, they began their own investigation. According to their spokesperson, when they recognized the scope of the problem, they hired a firm to help them with the notification process to ensure that everyone got notified.

Intuit also retained Kroll to assist those affected and to provide them with free credit monitoring and identity theft restoration services, if required.

Intuit's report brings the total known number of affected to approximately 75,000 for the 10 firms that provided information on the number of employees and dependents affected. At least one other company has also been affected, but this site is awaiting confirmation before listing them as being affected. How many other clients or former clients of Colt's may have been affected is unknown, as Colt has not revealed that information.

hat-tip, a reader of the Breach Blog who mentioned receiving a notification letter.



For your Security Manager

http://www.infoworld.com/article/08/09/15/Microsoft_issues_wrong_update_for_Exchange_2007_1.html?source=rss&url=http://www.infoworld.com/article/08/09/15/Microsoft_issues_wrong_update_for_Exchange_2007_1.html

Microsoft issues wrong update for Exchange 2007

After discovering its error, company pulled Update Rollup 4 on September 9, but warned those who had downloaded it to beware of problems

By Gregg Keizer, Computerworld September 15, 2008

Microsoft last week confirmed that it inadvertently released a pre-release version of an Exchange Server 2007 update that could push servers into an endless series of crashes.



Gee Mom, all the kids are doing it!

http://www.pogowasright.org/article.php?story=20080915203811990

CO: AG: Social Security Numbers On Public Web Sites

Monday, September 15 2008 @ 08:38 PM EDT Contributed by: PrivacyNews

Colorado's attorney general said Monday that several counties are potentially opening citizens up to identity theft by hosting documents with Social Security numbers on public Web sites.

These documents include federal tax liens, financing statements and other sensitive information.

Source - The Denver Channel

[From the article:

Colorado law prohibits the posting of Social Security numbers online, but it does not apply that same ban to government entities.



Logic.gov: Let's write a document to alert business travelers to the risks of using electronic devices, and then classify it so they never see it!

http://www.pogowasright.org/article.php?story=20080915133748420

Leaked Homeland Security doc warns of data threats

Monday, September 15 2008 @ 01:37 PM EDT Contributed by: PrivacyNews

A document emphasising mobile-data security threats has appeared online after being leaked from the US Department of Homeland Security.

The document, entitled Foreign Travel Threat Assessment: Electronic Communications Vulnerabilities was posted to the whistleblower website WikiLeaks on Friday. It gives advice to corporate and government travellers on how to stop data falling into criminal or foreign-government hands.

Source - ZDnet



“Full Time Confusion” strikes again?

http://www.pogowasright.org/article.php?story=20080915085848665

FTC requires towns to add identity theft programs

Monday, September 15 2008 @ 08:58 AM EDT
Contributed by: PrivacyNews

The Federal Trade Commission (FTC) has issued new requirements for municipalities on the adoption of identity theft programs.

A release was distributed to all municipalities by the North Carolina League of Municipalities (NCLM) on Sept. 4, asking all managers, administrators, clerks, attorneys and finance officers to have written procedures in place to help protect consumer identity and fight theft of customer account information.

Source - The Stanley News and Press

[From the article:

The release stated that all municipalities with utility accounts must participate. According to the Tennessee Valley Public Power Association (TVPPA), utilities rank No. 3 as a place for identity thieves to gain information.

... The TVPPA News said there may be significant consequences for noncompliance which could include civil penalties, damages and attorneys’ fees.

They also reported that the FTC is likely to randomly demand copies of programs from utilities immediately after the Nov. 1 deadline.



Something for my DU Law friends...

http://ralphlosey.wordpress.com/2008/09/14/trial-lawyers-turn-a-blind-eye-to-the-true-cause-of-the-e-discovery-morass/

Trial Lawyers Turn a Blind Eye to the True Cause of the e-Discovery Morass

A distinguished group of trial lawyers recently completed a study on litigation which concluded that the main problem with the U.S. legal system today is e-discovery. Interim Report & 2008 Litigation Survey.

... This interim report, aside from its competency shadow-blindness, is excellent and well written. It is a joint project of the American College of Trial Lawyers task force on discovery and the Institute for the Advancement of the American Legal System, a group based out of the University of Denver. I applaud these groups for recognizing the problem and trying to do something about it. There insights go well beyond e-discovery and I recommend a full reading.



Seems like a good idea to me – whay so slow? Oh, Wait... Lawyers.

http://yro.slashdot.org/article.pl?sid=08/09/16/0157220&from=rss

Tapping the Web's Collective Wisdom For Patents

Posted by kdawson on Tuesday September 16, @04:46AM from the crowdsourcing-prior-art dept.

BountyX sends in a CNN story offering an update on the US patent office's experiment in crowdsourcing, called Peer-to-Patent. (We've discussed this initiative a few times in the last couple of years.) In its first year the program has dealt with a minuscule fraction of patent applications, which numbered over 467,000 in 2007, up over 97% from a decade earlier. "

The Patent Office reports that it has issued preliminary decisions on 40 of the 74 applications that have come through the program so far. Of those, six cited prior art submitted only through Peer-to-Patent, while another eight cited art found by both the examiner and peer reviewers... [I]n its second year, Peer-to-Patent is being expanded to include claims covering electronic commerce and so-called 'business methods'..."



One to sic my library on...

http://books.slashdot.org/article.pl?sid=08/09/15/1459219&from=rss

Intellectual Property and Open Source

Posted by samzenpus on Monday September 15, @02:49PM from the read-all-about-it dept. stoolpigeon writes

"There isn't a person writing code in this country who is not impacted by US intellectual property laws. I think that it is safe to say, that not all coders have a strong understanding of just what those laws are, let alone what they mean. Stepping into this gap is programmer become lawyer Van Lindberg with his new book Intellectual Property and Open Source. Lindberg has really done something special with this volume. I don't think I've ever read a tech oriented work where I've felt so convinced that I was reading something that would become a standard by which others would come to be judged."

Read below for the rest of JR's review.

... Let me quickly state what this book is not. It is not comprehensive.

... So what is this book? To me it felt very much like sitting down with a lawyer who can speak my language, understands my concerns, uses open source software, cares about freedom and has a gift for building metaphors and illustrations that make sense.



Do you need another excuse to use your cellphone?

http://www.killerstartups.com/Mobile/rocketron-com-the-news-on-your-phone

Rocketron.com - The News On Your Phone

With Rocketron.com, you’ll be able to choose the news you want to know, and then hear them through your cellular phone. Just call the number and choose what you want to know about. It will then let you listen to the news you want, skip those that you don’t find interesting, and other things that make this a very useful service.

http://www.rocketron.com/



I don't think this is a joke. Cities everywhere will be adding a Department of Poop Analysis.

http://www.reuters.com/article/technologyNews/idUSLG37942520080916?feedType=RSS&feedName=technologyNews

Israeli city uses DNA to fight dog poop

Tue Sep 16, 2008 8:25am EDT By Avida Landau

PETAH TIKVA, Israel (Reuters) - An Israeli city is using DNA analysis of dog droppings to reward and punish pet owners.



How could we allow this to happen!

http://www.reuters.com/article/technologyNews/idUSSP31943720080916?feedType=RSS&feedName=technologyNews

Porn passed over as Web users become social: author

Tue Sep 16, 2008 8:39am EDT By Belinda Goldsmith

No comments: