Seibels Bruce Group hacked?
January 2nd, 2009 by admin From the your-guess-is-as-good-as-mine dept.
On December 22, Seibels Bruce Group notified the New Hampshire Attorney General of breach. I’m pretty sure they were describing a hack, but from their wording, I suppose it’s possible that someone wandered into their offices and just browsed through their file cabinets. See what you think when you read the description.
What’s really noteworthy is that within the space of a few paragraphs, they went from saying that individuals’ data may have been improperly accessed to saying that they had confirmed that the individuals’ data was accessed.
From the letter to those affected:
We are sending you this letter as a cautionary measure because we believe that certain information about you may have been improperly accessed.
The Seibels Bruce Group, Inc. and its subsidiaries (”Seibels Bruce”) provide various identity verification and related services to insurance companies who use our services during the process of granting and servicing insurance policies. In mid-December, we became aware that certain personal records that we use for these business purposes were accessed improperly by an unauthorized third party. We promptly detected the issue, and took a number of measures to secure our systems. We are sending you this letter because we confirmed that, during this brief period of time, your records (which may have contained your name, address, telephone number, Social Security number, and/or date of birth) were accessed by an unauthorized third party.
And that’s all they wrote by way of explanation. They did tell those affected that they could call them on a toll-free information helpline, and it was a nice touch to have the President of Seibels Bruce Group sign the letter, but if I was on the receiving end of this notification letter, I would not be happy with the contradictions in the notification. What do you think?
I wonder if anyone has actually thought through the contract requirements to secure data in third party hands?
Vonage customer data on Google Notebook
January 2nd, 2009 by admin
With all the advice we see these days about hardening security, this might be a good time to remember the importance of both having stringent security standards written into any contractor agreements and actually monitoring compliance with any contracts or policies. A recent breach reported by Vonage serves as a useful example.
On December 23, Vonage notified the New Hampshire Attorney General that it had recently discovered that an employee of an unnamed telesales contractor had violated Vonage’s policy of not recording sensitive customer data outside of its own computer system. The agent was recording contact data — including credit card number, CCV, or bank account number and routing information on Googe Notebook. [Expect more of this a Cloud Computing grows Bob]
Vonage got the information removed from Google Notebook, but in response to the incident:
Vonage has required that all of its third party vendors that handle credit card data provide Vonage with a description of their methodology for detecting data leaks. In addition, Vonage has required that third party vendors, with sales or support agents serving Vonage, block access to a number of web sites including Google Notebook.
That’s a good start, and kudos to Vonage for catching the breach and trying to address it in a proactive way, but of course, that is just one piece of a more comprehensive security approach. Hopefully, more entities will take a closer look at what they are requiring from vendors in the way of security and what they are requiring of the vendors and themselves in terms of monitoring.
“ all men are created equal” but sometimes that changes... Perhaps someone will invent a scoring system that measures privacy against 'the public's right to know' – perhaps.
IA: Panel proposes expanded privacy in public records
Saturday, January 03 2009 @ 05:58 AM EST Contributed by: PrivacyNews
Iowa governments would have greater authority to black out personal information from public records under proposals recommended by a legislative committee.
Advocates say the proposals would protect citizens from identity theft.
But opponents say the unintended results could be alarming, particularly if the public is unable to differentiate between, for example, a convicted sex offender and another citizen with the same name.
Source - Des Moines Register
Perhaps a bit too British?
India Sleepwalks Into a Surveillance Society
Posted by Soulskill on Saturday January 03, @02:11AM from the your-tech-support-calls-may-be-monitored dept. Privacy Government The Internet
An anonymous reader writes
"ZeroPaid has a fascinating roundup of news stories surrounding the latest surveillance laws passed in India, including a first-hand account of someone writing from inside India. The legislation in question is the Information Technology Act's amendment bill 2006, which was recently passed in the Indian parliament. Things you can't do with the new legislation include surfing for news in Bollywood and looking up porn on the internet. The legislation also allows all transmissions over the internet to be monitored for any form of lawbreaking and permits a sub-inspector to break into your house to make sure you aren't browsing porn on your computer."
If you make an exact copy of your data as it changes, you are protected when (not if) a hard drive fails – but you are not protected if you are writing corrupt data to the disk.
Why Mirroring Is Not a Backup Solution
Posted by kdawson on Friday January 02, @12:25PM from the pointed-lesson dept. Data Storage IT
"Journalspace.com has fallen and can't get up. The post on their site describes how their entire database was overwritten through either some inconceivable OS or application bug, or more likely a malicious act. Regardless of how the data was lost, their undoing appears to have been that they treated drive mirroring as a backup and have now paid the ultimate price for not having point-in-time backups of the data that was their business."
The site had been in business since 2002 and had an Alexa page rank of 106,881. Quantcast said they had 14,000 monthly visitors recently. No word on how many thousands of bloggers' entire output has evaporated.
Whatever you do, don't tell the taxpayers! Download the spreadsheet and try to keep it up to date? Naaah, too depressing.
January 02, 2009
Calculating the Acutal Cost of the Financial Bailout
Several sources are reporting the current price tag for the bailout of the financial system. According to the Washington Post's Binyamin Appelbaum, "...the Treasury Department has now spent or committed more money than Congress has allocated to its financial rescue program, effectively making more promises than it can afford to keep. The scorecard: Congress gave Treasury $350 billion; Treasury has allocated $354.4 billion." Another perspective, on total expenditures of $8.5 trillion, comes from Barry Ritholtz's blog posting, Calculating the Total Bailout Costs, inclusive of a handy spreadsheet.
Related postings on financial system
Is Microsoft taking a page from the Free Software book? (While maintaining deniability?)
Windows 7 Leaked To Pirates By Microsoft?
Posted by ScuttleMonkey on Friday January 02, @03:55PM from the viral-marketing-usually-comes-back-to-bite-you dept. Microsoft Windows
"The beta version of Windows 7 has been widely distributed through torrents and other file sharing systems. But now some commentators claim Microsoft deliberately allowed the package to get into the hands of pirates. ' I'm not being critical here, as some Microsoft Watch commenters will surely claim. It's rather smart marketing. Microsoft fills a big news void with something bloggers and journalists will write about. The suspense of stealth downloads from torrents and races to post the best screenshots first make the Windows 7 leak buzz all the more exciting. For other people, there is delight in seeing Microsoft squirm because Seven leaked early. Not that I see much squirming going on.'"
Something for your Swiss Army Folder?
Cherple.com – IM To SMS And Back
The gap between the internet and mobile phones is growing ever smaller. Since the iPhone and other smart phones became mainstream, there’s little difference between an IM message and an SMS text message. Cherple.com is here to make that gap even smaller. Through the site, you’ll be able to send SMS text messages to any phone in the US, and get an answer, all in IM format. Why should you care? Well, it makes getting in touch with anyone with a US cell phone instant, without having to waste money sending a text message from your phone. Standard text message charge rates apply to the user on the cell phone end, but the online user doesn’t have to worry about it. [Know anyone who deserves the entire Library of Congress at 20 Cents a message? Bob]
It could get you out of a jam, say you lost your cell phone and you need to get in touch with someone quickly. It might sound like a novelty now, but it could grow into something truly interesting. Look for a desktop version coming soon, and might we suggest a mobile app?
Who says the FBI doesn't understand technology? Look at this exotic tool for tracking your Internet surfing!