It seems J.C.Penny wasn't to blame. Strange how this one is leaking a bit at a time. Stories report either 600,000 or 650,000, all J.C.Penny or 100 retailers or 230 retailers. Should be interesting to see how GE handles this.
(update) 230 retailers affected by data breach after tape lost
A backup tape containing credit-card information from hundreds of U.S. retailers is missing, forcing the company responsible for the data to warn customers that they may become the targets of data fraud.
GE Money, which manages in-store credit-card programs for the majority of U.S. retailers, first realized that the tape was missing from an Iron Mountain secure storage facility in October, said Richard Jones, a company spokesman.
... The tape contained in-store credit-card information on 650,000 retail customers, including those of J.C. Penney, he said. GE Money employees are also affected by the breach.
The missing backup tape was unencrypted.
Although J.C. Penney was the only company that Jones would confirm as affected by the missing tape, that retailer accounts for just a small percentage of all accounts that were compromised. In total, 230 retailers are affected by the breach. "Clearly that number includes many of the national retail organizations," he said.
The tape also contained Social Security numbers of 150,000 customers. When matched with name and address information, Social Security numbers can be used to set up fraudulent credit-card accounts, a common form of identity theft.
Source - InfoWorld
Say something “techie” and cover your ass?
KY: Laptops Stolen From Corbin Social Services Office
Corbin Police are looking for someone who stole nine thousand dollars worth of laptop computers from the Corbin Social Services Office early Tuesday morning.
Police say the computers do contain personal information, but are password protected [worthless! Bob] and encrypted into programs. [Not sure what they are saying. The article suggests that only the password is needed. Bob]
Source - WYMTNews.com
None of these organizations seem able to keep track of their assets. Perhaps they could learn from the next articles?
(follow-up) KC faulted after probe of IRS tapes missing from City Hall
A federal investigation of missing Internal Revenue Service tapes from City Hall in Kansas City has concluded that the city failed to follow “proper safeguards for protecting federal tax return information.” [Wow! What an insight! Bob]
That conclusion is contained in a heavily redacted report obtained recently by The Kansas City Star under a Freedom of Information Act request to the Treasury Department’s inspector general for tax administration.
The inspector general’s investigation stemmed from the disappearance of 26 IRS computer tapes containing taxpayer information.
Source - Kansas City Star
[From the article:
Nearly all other information in the 42 pages supplied to The Star is redacted. The agency said it was withholding an additional 105 pages because their disclosure “could impede its law enforcement activities.” [Huh? Bob]
... The report says a copy was given to the IRS but not to the U.S. attorney’s office.
... The IRS has never said what information was on the tapes, how many taxpayers were affected, or whether those taxpayers would ever be notified about the missing information.
City officials said they didn’t know how many taxpayers were affected.
NKC School District to use electronic card system to track students riding buses
The North Kansas City School District this fall will begin using a radio-frequency identification card system to help officials keep track of students who ride district buses.
Hundreds of elementary school pupils will receive small cards and carry them in their backpacks or pockets [Want to bet? Bob] to automatically record them getting on and off buses. It will give officials instant confirmation that youngsters are on the right buses and were dropped off at the right stops. [What will happen when the system reports the card didn't get on the bus? Calls to parents? Panic? Bob]
Source - The Kansas City Star
Ditto? How did they do this before Facebook? Will they also monitor the pages of the athletes friends and relatives? It would be easier to keep them in a cage. As for non-athletes, the hell with them?
Software lets officials track student athletes
A new software program released last week gives coaches and athletic departments the ability to monitor the Facebook pages of their student athletes.
The software, called YOUDiligence and developed by GlobalNI, is advertised as a tool to help institutions supervise their student-athletes' social networking pages.
Source - The Daily Tar Heel
[From the article:
GlobalNI CEO Bryan Rich stated in an e-mail that student athletes, who are subject to high media exposure, could unknowingly be associating themselves with information that could damage their careers.
"It's important that it's not characterized as an invasive technology," [Oops! Too late. Bob] he said in an interview, stressing that the program was meant to be a safeguard for users. [but remember, the students are not the users. Bob]
Much as we thought... (Takeaway 6: If you are the biggest screw-up, you remain the one every article points to.)
One year later: Five takeaways from the TJX breach
One year ago today, The TJX Companies Inc. disclosed what has turned out to be the largest information security breach involving credit and debit card data -- thus far, at least.
The data compromise at the Framingham, Mass.-based retailer began in mid-2005, with system intrusions at two Marshalls stores in Miami via poorly protected wireless LANs. The intruders who broke into TJX's payment systems remained undetected for 18 months, during which time they downloaded a total of 80GB of cardholder data.
... Here, on the one-year anniversary of the breach becoming known, are five takeways for security managers:
Source - Computerworld
Stupid is as stupid does.
Official: Video destroyed in shock case
Investigator: School Destroyed Video It Was Ordered to Preserve of Students Being Shocked
Staff AP News Jan 18, 2008 10:30 EST
A special education school destroyed videotape showing two of its students being wrongly given electric shock treatments despite being ordered to preserve the tape, according to an investigator's report.
One student was shocked 77 times and the other 29 times after a prank caller posing as a supervisor ordered the treatments at a Judge Rotenberg Educational Center group home in August. The boys are 16 and 19 years old and one was treated for first-degree burns.
... An investigator with the commission, which examines abuse allegations and can refer cases for criminal prosecution, viewed the tapes and asked for a copy, according to the commission's report obtained by The Boston Globe.
But school officials declined, saying they "did not want any possibility of the images getting into the media." The investigator told the school to preserve a copy so state police could use it in their criminal investigation. A trooper later told the investigator the tapes had been destroyed.
Redundant advice, but one interesting statement...
Laptop Security in the Workplace: How to Protect Your Mobile Assets
By John Livingston, CEO, Absolute Software 2008-01-18
As laptop computers become more prevalent in the workplace, Absolute Software's CEO John Livingston says that IT professionals face the new security challenge of protecting hardware and company information that is increasingly mobile. In this environment, the loss of even a single laptop can result in a business-jeopardizing data breach.
In 2008, one of every two computers in the world will be a laptop.
Now this is scary... If it isn't just bad reporting, lots of Security managers could be at risk!
Anti-Spammer Fined For DNS Lookup Of Spammer
from the ouch dept
Anti-spam activists often need to do quite a bit of hunting to track down the real identity of various spammers. Over the years, spammers have become increasingly adept at hiding from those trying to shine light on their activities. However, when one well-known anti-spammer used some standard whois and DNS lookup tools (the same kind many of us use every day) to find out the identity of a spammer, the spammer sued him... and won! The anti-spammer has to pay over $60,000 in fines, and possibly much more once lawyers' fees are added up. The judge ruled that some rather basic tools suddenly constituted "hacking" even though the details don't suggest any actual hacking. The anti-spammer simply used the tools available to get the information necessary. He didn't need to break through any security or do anything malicious to get the info. If you read the ruling, it sounds like a judge could define plenty of perfectly normal online activities as "hacking." Update: There's a good discussion in the comments, suggesting that there's a lot more going on here than is clear from the article itself. The judge's finding of facts suggest that the anti-spammer did some questionable things, including lying and ignoring an injunction -- which certainly hurt his case. However, others are suggesting that the judge's finding of facts are incorrect and there's much more to this story that will come out on appeal.
[From the article:
Not in the US and only one instance. Why are they releasing this information at all? Must want a budget increase.... Still, something for my Disaster Recovery class.
CIA Claims Cyberattacks At Fault In Blackouts
from the now-they-tell-us dept
A few years back, after a major blackout hit the northeast, many people immediately assumed that it had something to do with a terrorist attack on the electricity system or perhaps a computer worm/cyber attack. It turned out to be neither, but it wasn't that surprising that people jumped to that conclusion. However, afterwards, people began discussing how likely it was that a cyberattack really could take out the power grid for a city, and some people felt that it was fairly unlikely to occur. The CIA, apparently, would disagree. Late Friday, a CIA official claimed that cyberattacks have been to blame for certain blackouts over the past few years, and that the agency had debated whether or not to release that information publicly. Of course, without much in the way of detail, it's difficult to have any sense of what's actually happening here and how accurate the information really is. However, we will repeat what we said after that huge blackout: even if it was a cyberattack, it wasn't particularly damaging. Yes, it was an inconvenience. And, yes, it was annoying, and some businesses were temporarily hurt due to the blackout. But, compared to other types of attacks, shutting off the power certainly seems relatively minor.
Perhaps this is why the CIA is releasing information about a utility hack – Sort of a “the threat is real” comment on these regulation? (or is that too obvious?)
Feds Set Standards for Protecting Power Cos. From Cyber-Attacks
By Dan Caterinicchia AP 01/18/08 10:30 AM PT
The Federal Energy Regulatory Commission has approved cyber-security standards to protect the electric industry from hackers. The Edison Electric Institute, which represents investor-owned utilities that supply about 70 percent of the nation's electric generation had advocated for standards and welcomed the decision.
Not sure about the report, but the chart is interesting... (Web 4.0? Aren't we pushing things a bit?)
Semantic Wave 2008 - Free Summary Report for RWW Readers
Written by Richard MacManus / January 17, 2008 9:40 PM
Project10X has just released a 400-page study of semantic technologies and their market impact, entitled Semantic Wave 2008: Industry Roadmap to Web 3.0 and Multibillion Dollar Market Opportunities. The report discusses the emergence of semantic technologies for consumer and enterprise applications, and the evolution from Web 2.0 to the so-called "Web 3.0".
A free 27-page summary of Project10X’s Semantic Wave 2008 Report has been made available to ReadWriteWeb readers.
I hereby Copyright © the following: “Honest Lawyer” “Good Law Firm” “Fight for your rights” “Money Damages” and “Sue the Bastards!” Royalties should be huge! (This lends credence to the old joke: “99% of lawyers make the rest look bad.”)
There Can Be Only One... Cyberlawyer?
from the seriously? dept
In our culture where some companies (and their lawyers) have convinced people that intellectual property gives you total control over things, we start to see some bizarre and ridiculous trademark claims. The latest comes to us via the EFF, who point to a lawyer who has received a trademark on the term "cyberlaw" and is going after other lawyers who use the term which has been in fairly common usage for ages. As the EFF notes, it's especially upsetting that an intellectual property lawyer would abuse trademark law this way in a manner well beyond what trademark law is supposed to do -- while also warning that courts as well as tech companies don't tend to look kindly on people who abuse trademark law.
For my web site class. Create, download and modify...
PhpForm.org - On The Fly Form Creator
PhpForm is an on the fly, no coding skills needed form maker. There are three stems to making forms you site visitors will fall in love with. The first step involves choosing your color—there are 25 to select from in total. Next you’ll need to pick your field types; there are a variety to choose from: multiple choice, drop-down, address, single line, and the list goes on. Choose as many as necessary. Drag and drop each element to achieve the look and design that you want. Customize each field, using the field properties tool. Finally, preview and save your form. With PhpForm, you can also send entries to email, and save submissions to your database. All of this without writing one single line of code.
Web sites, Part Deux
Comiqs.com - Make Comics Out of Your Photos
The world of social design has just gotten a breath of fresh air with the arrival of Comiqs, a community bearing comic styled photographs. This Singapore-based newcomer brings a bright combo of levity as fresh and as pure as can be, along with succinct, priceless tales. Take your average photo spread, add comi-esque captions, doodles and borders, and voila, you get something neater and more compelling than just words alone. Check out the featured strip of the day which takes a punch at Ron Paul. Alternatively, browse the obligatory, but funny nonetheless pet comics. Making your own comic is easy; you can drag and drop elements onto your drawing board, and you’re given a variety of different frames and shapes to work with. Once you’ve started, you’ll probably want to create more. On the social side, there’s commenting, rating and profiles.