Friday, July 09, 2010

Another “minor” suit out of the way. Was it worth the lawyers' time? (and of course the cops got bupkis)

http://www.databreaches.net/?p=12431

Investor, TJX settle suit over data theft

July 8, 2010 by admin

Hiawatha Bray reports:

TJX Cos., which owns the T.J. Maxx and Marshalls discount retail chains, has settled an investor lawsuit related to the theft of millions of its customers’ credit card numbers.

The Louisiana Municipal Police Employees’ Retirement System, which holds shares of TJX stock, alleged that members of the TJX board of directors failed in their duty to protect customers’ personal data.

TJX announced yesterday that it had settled the lawsuit on Friday. A lawyer for the Louisiana police retirement fund, which filed its lawsuit in Delaware, where Framingham-based TJX is incorporated, did not return calls seeking comment. Bloomberg News reported the case was settled for $595,000 in legal fees and enhanced oversight of customer files.

Read more in the Boston Globe.



Gary Alexander (Law Librarian extraordinaire) finds another article I missed. It continuously amazes me that such trivial systems (parking) hold so much unsecured data for so long.

http://www.staradvertiser.com/news/hawaiinews/20100707_UH_breach_affects_53000.html

UH breach affects 53,000

University of Hawaii officials said yesterday that a hacker breached the security of a parking office computer server that contained personal information of 53,000 people.

There were 40,870 Social Security numbers and 200 credit cards that were possibly compromised, officials said.

… Although officials do not know how it happened, [We're a pretty clueless University... Bob] they believe a site in China was involved, Takayama said.

The affected people included: Anyone who did business with the parking office between Jan. 1, 1998, and June 30, 2009;



I would have expected better security for Pirate Bay. Now I suppose I'll get emails from the “Let me steal that for you” services.

http://www.databreaches.net/?p=12429

Pirate Bay Hack Exposes User Booty

July 8, 2010 by admin

Brian Krebs reports:

Security weaknesses in the hugely popular file-sharing Web site thepiratebay.org have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users, according to information obtained by KrebsOnSecurity.com.

An Argentinian hacker named Ch Russo said he and two of his associates discovered multiple SQL injection vulnerabilities that let them into the user database for the site. Armed with this access, the hackers had the ability to create, delete, modify or view all user information, including the number and name of file trackers or torrents uploaded by users.

Read more on KrebsOnSecurity.com



This pretty much sums things up. Organizations are better at finding the loopholes in the law than the loopholes in their own security practices.

http://www.databreaches.net/?p=12436

Data Breaches: A Black Hole – ITRC

July 8, 2010 by admin

The Identity Theft Resource Center is singing to this choir. Their most recent press release:

As of June 30th, The Identity Theft Resource Center® recorded 341 individual breaches for the first six months of 2010. Unfortunately, hundreds of breaches have been veiled from the public, delayed in publication, or not listed on any public lists. The question still remains: How many breaches and victims are there?

Despite a law stating all medical breaches involving more than 500 people must be listed on the Health and Human Services (HHS) breach list, ITRC recorded medical breaches which never made the list. Why? The HHS list allows a “risk of harm” loophole, [Why not just say “We're passing this law to show the voters how tough we are, but we don't actually want to inconvenience our large contributors.” Bob] without requiring federal law enforcement verification. One state’s recent breach list reported more than 200 breaches. Most are not included in the ITRC Breach Report because they did not include sufficient pertinent details regarding the event. Some states now harbor a protected breach list which is not made public at all, or is only accessible by exercising the Freedom of Information Act.

The ITRC has a clearly defined policy on what constitutes a breach: an event in which an individual name plus Social Security Number (SSN), driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format. Most agencies, state and federal, have a similar understanding of what constitutes a breach. Why is there such a disparity between the number of breach occurrences and the information made available to the public? Why is there not a greater effort for openness and transparency with the public? If an agency as small as the ITRC can publish a weekly breach list, then doing so is certainly within the abilities of any state or federal agency. The list posted by the New Hampshire Attorney General’s Office is a shining example of transparency in the interest of the public good.

It is important for the public, when becoming aware of the details of a data breach, to immediately have a broad understanding as to whether their personal information may be involved. Incomplete information feeds public fears and does not accomplish the intended transparency of most breach laws. This situation further encourages bad behavior on the part of companies who should be more concerned about the protection of the privacy of their customers. Consumers want to know if they are at risk from even a small breach. The details of a breach help determine their risk factors as well as guide them in proactive measures.

Since 2005, the ITRC has maintained a detailed breach list which is updated weekly. This list, and supplemental reports, allows the ITRC to compare data of known breaches and help form a partial picture of breach patterns. For 2010 we know:

  • 46% of all breaches do not disclose how many records were potentially affected

  • 38% of all known breaches didn’t disclose how the breach occurred

  • The business community accounted for 36% of all breaches, the highest category listed

  • 82% of all breaches were electronic and 18% were paper oriented

  • Data on the Move accounted for 17% of all breaches with the business community ranking highest. If added with Accidental Exposure (8%), 25% of data breaches were presumably non-malicious in nature

  • Insider Theft (17%) and hacking (17%) resulted in a combined total of 34% of breaches known to have occurred from malicious attacks.

ITRC and the public will not know the whole story about breaches until a public federal database is created listing all data breaches in detail. Until then, we teeter around the edge of a black hole getting only glimpses of light upon hidden breach events.



Is there “big bucks” in the “suing Privacy violators” business? We'll see.

http://www.wired.com/threatlevel/2010/07/lawyers-demand-millions/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Lawyers Who Won NSA Spy Case Demand $2.63 Million

How much does it cost to convince a federal judge your clients were victims of President Bush’s once-secret warrantless spy program? $2.63 million.

That’s the combined payment a team of eight lawyers is demanding from the government after proving their clients were illegally wiretapped under a once-secret National Security Agency spy program adopted in the wake of the 9/11 terror attacks.

… Judge Walker has given the government until Aug. 4 to dispute the fee proposal. Judge Walker has not ruled on Eisenberg’s motion to pay an additional $612,000 in damages, split evenly among his two clients and the charity.



I wonder if the state will keep records of your purchases and down the road send someone to offer memberships in AA?

http://www.google.com/hostednews/ap/article/ALeqM5iNSc82rttw43rBj0V93dMzho-oMwD9GQVU3G0

Swipe, smile, blow: Pa. has wine vending machines

HARRISBURG, Pa. — Swipe your driver's license, look into the camera, blow into the breath sensor and — voila! — you have permission to buy a bottle of wine from a vending machine.

Pennsylvania, which has some of the most Byzantine liquor laws in the nation, recently introduced the country's first wine "kiosks." If the machines are successful in their test run inside two grocery stores, the state Liquor Control Board could place the high-tech alcohol automats in about 100 others.



I doubt it, but it might have some trivial effect. Interest to contemplate what would have to occur for Facebookies to abandon their egos.

http://www.pcworld.com/article/200695/are_privacy_problems_finally_killing_facebook.html

Are Privacy Problems Finally Killing Facebook?

Interesting news from the world of Internet bean counters: Facebook's growth last month stalled to virtually nothing - at least here in the US. And a number of people are pointing to the social network's seemingly endless series of privacy and security gaffes as the culprits.

According to market research wonks Inside Facebook, the world's biggest social network added just 320,000 new US users in June.



This could be handy.

http://www.bespacific.com/mt/archives/024675.html

July 08, 2010

Library of Congress Global Legal Information Catalog

"The Global Legal Information Catalog includes information about publications which reprint the laws and regulations of multiple jurisdictions on a particular legal topic. The purpose of the database is to provide additional identifying information about titles, beyond that which is provided in the Library's online catalog. The database works as an interface with the Library of Congress’s online catalog and is searchable by jurisdiction, title, subject and keyword."



About time! I've had my students doing this for (Internet) ages!

http://www.bespacific.com/mt/archives/024676.html

July 08, 2010

National Archives Announces Launch of New "Our Archives" Wiki

"The National Archives announces the launch today of its first public wiki called “Our Archives” on Wikispaces located at: http://www.ourarchives.wikispaces.net. “Our Archives” provides a collaborative space for members of the public, researchers, and staff to share knowledge about National Archives records, resources and research. The wiki is an opportunity for researchers, historians, archivists, and citizen archivists to work together to create pages on specific records or topics as well as to share information and resources to connect with other researchers."



I think this is inevitable, but still a bit too complicated for the average non-geek.

http://news.cnet.com/8301-30686_3-20010070-266.html?part=rss&subj=news&tag=2547-1_3-0-20

Ask Maggie: On dumping cable for online video



This could mean a 95% reduction in government IT spending! (I wonder if Congress will pass a “Pimp compensation” bill for all those forced out of work?)

http://news.cnet.com/8301-13578_3-20010067-38.html?part=rss&subj=news&tag=2547-1_3-0-20

House votes to block Net porn on government PCs



For my Computer Security majors

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=225702691&cid=RSSfeed_IWK_News

NIST Updates Federal Cybersecurity Guidelines

The National Institute for Standards and Technology (NIST) on Wednesday released an updated set of guidelines that organizations can use to develop their security assessment plans, as well as their associated procedures for security controls.



For my Small Business Management students

http://www.makeuseof.com/dir/acceptpay-online-payment-solution-american-express/

AcceptPay: Send Free Electronic Invoices & Accept Payments Online

AcceptPay is a great new solution from American Express that lets you send free electronic invoices and accept payments online The free version called AcceptPayLite lets you send an 10 electronic invoices each month to as many customers as you want for free. You can even set up recurring invoices and manage your receivables online.

www.acceptpay.com

Similar sites: PaperFreeBilling, Invoice Journal, InvoiceASAP, BillPDF, InvoicePlace,

No comments: