“Hey, we're the government. Your
data is safe with us!”
UK:
Local councils lose personal details of 160,000 people
September 1, 2011 by admin
David Pegg reports:
Local councils
have lost data relating to personal details of more than 160,000
people in the last five years, a Bureau investigation can reveal.
More than 26,000 individuals have had their personal details lost in
the first half of 2011 alone.
The losses include
personal details of more than 5,000 children.
CVs, housing
benefit information, passport numbers, information on vulnerable
people and an encrypted version of a local electoral register were
amongst the various losses that councils admitted.
One council,
Worcestershire, even admitted losing people’s bank details, in an
incident that involved the loss of a contractor’s
laptop that contained information relating to 16,200 staff
in 2007.
In
many cases councils have also failed to inform people affected by the
loss.
Read more on Bureau
of Investigative Journalism. Some of the breaches mentioned were
only uncovered by a freedom of information request.
(Related) “Hey, we're a school
district. We're educated in Security!”
TX:
Hackers tap EPISD system: Student, employee information, including
Social Security numbers, compromised
September 1, 2011 by admin
Daniel Borunda reports:
The private
information of thousands of El Paso Independent School District
students, teachers and other employees is at risk after hackers
broke into the district’s internal computer network.
The security
breach was discovered Wednesday when a computer
security company noticed hackers bragging on a website about breaking
into the EPISD system. [EPISD didn't notice... Bob]
EPISD officials
confirmed that the district’s internal network (myepisd.org) was
infiltrated and that hackers gained access to information such as
names, birth dates, addresses and Social Security numbers of district
employees and students.
Read more on the El
Paso Times.
The hackers’ post referred to in the
story seemingly was posted on Pastebin, but has been removed as of
the time of this posting. A cached
copy, still currently available, shows that ethnicity data were
also acquired. The hackers, who identified themselves as
-Sy5t3mF41lur3 & t3hblackhatter of H05t_Bu5t0rz, did not display
any dates of birth in their proof of intrusion, nor Social Security
Numbers. Their post reveals the names, ethnicity codes, and student
ID numbers for 26 students. There are no other personal details
revealed.
Gaby Loria of KVIA
notes that the server contained the district’s internal network
includes names, addresses and Social Security numbers for
approximately 63,000 students and 9,000 teachers.
The alert to parents is posted in both
English and Spanish on the district’s
home page.
There is no explanation
of why the district had failed to encrypt the sensitive information.
(Related) “Hey, we're your Health
Care provider. Can't you wait until we go national?”
By Dissent,
August 31, 2011
Saw this press release today and
thought it worth mentioning here for its statistics:
Veriphyr, a leading provider of
Identity and Access Intelligence, today announced the results of new
survey on Protected Health Information (PHI) privacy breaches.
According to the findings, more than 70 percent of the organizations
in the study have suffered one or more breaches of PHI within the
last 12 months. Insiders were responsible for the majority of
breaches, with 35 percent snooping into medical records of fellow
employees and 27 percent accessing records of friends and relatives.
The report, entitled “Veriphyr’s
2011 Survey of Patient Privacy Breaches”, summarizes the findings
of a survey of compliance and privacy officers at mid to large sized
hospitals and healthcare service providers. Respondents were queried
on their perceptions of privacy and compliance initiatives within
their organization, adequacy of tools to monitor unauthorized access
to PHI, and the number and type of breaches sustained in the past
year. A complimentary copy is available here
(registration required). [No link. Perhaps in a later Update...
Available here (registration required)
http://www.veriphyr.com/landing/HIPAA_violation_survey/
Bob]
“Given that data breaches of patient
information cost healthcare organizations nearly $6 billion annually,
we were not very surprised to discover that more than 70 percent of
the organizations surveyed were victimized last year,” said Alan
Norquist, CEO of Veriphyr. “However, we did not expect the
prevalence of insider abuse reported, and that nearly
80 percent of the respondents feel they lack adequate controls to
detect PHI breaches in a timely fashion.”
Some of the report’s key findings
include:
– Top breaches
in the past 12 months by type: — Snooping into medical records of
fellow employees (35%)
– Snooping into
records of friends and relatives (27%)
– Loss /theft of
physical records (25%)
– Loss/theft of
equipment holding PHI (20%)
– When a breach
occurred, it was detected in:
-- One to three
days (30%)
– One week (12%)
– Two to four
weeks (17%)
– Once a breach
was detected, it was resolved in:
-- One to three
days (16%)
– One week (18%)
– Two to Four
weeks (25%)
– 79% of
respondents were “somewhat concerned” or “very concerned”
that their existing controls do not enable timely detection of
breaches of PHI
– 52%
stated they did not have adequate tools for monitoring inappropriate
access to PHI
The not-so-secret world of diplomacy
WikiLeaks
breach exposes unredacted US cables; organization blames Guardian
reporter
August 31, 2011 by admin
James Ball of The
Guardian reports:
A Twitter user has
now published a link to the full, unredacted database of embassy
cables. The user is believed to have found the information after
acting on hints published in several media outlets and on the
WikiLeaks Twitter feed, all of which cited a member of rival
whistleblowing website OpenLeaks as the original source of the
tipoffs.
[...]
WikiLeaks
published a statement blaming the documents’ release on the
Guardian’s book WikiLeaks: Inside Julian Assange’s War on
Secrecy, by investigations editor David Leigh and Luke Harding,
published in February 2011.
The statement,
released on WikiLeaks’s official Twitter
feed, alleged: “A Guardian journalist has, in a previously
undetected act of gross negligence or malice, and in violation of a
signed security agreement with the Guardian’s editor-in-chief Alan
Rusbridger, disclosed top secret decryption passwords to the entire,
unredacted, WikiLeaks Cablegate archive. We have already spoken to
the state department and commenced pre-litigation action. We will
issue a formal statement in due course.” The Guardian denies
WikiLeaks’s allegations.
[...]
The embassy cables
were shared with the Guardian through a secure server for a period of
hours, after which the server was taken offline and all files
removed, as was previously agreed by both parties. This is
considered a basic security precaution when handling sensitive files.
But unknown to anyone at the Guardian, the same file with the same
password was republished later on BitTorrent, a network typically
used to distribute films and music. This file’s contents were
never publicised, nor was it linked online to WikiLeaks in any way.
Read more on The
Guardian. WikiLeaks’ editorial on the breach can be found
here.
Protecting Twits!
Bitdefender
Launches Anti-Malware Protection For Twitter
Bitdefender’s new Safego
protection for Twitter scans your profile for spam, phishing
attempts and malware, and automatically notifies you when threats are
detected.
Similar to the company’s Safego
Facebook app, the new Twitter
protection (now in beta), uses the same anti-malware and
anti-phishing engines to scan the URLs posted to your profile.
An interesting business model –
consolidate the sites of other online vendors and smooth the search
interface. No inventory or customer service hassle, just a small
percentage of each sale.
Online
Retail Giant CSN Stores Rolls Its 200+ Shopping Sites Into One Brand:
Wayfair.com
Good on ya Google!
8/30/2011 11:50:00 AM
We understand that it’s not always
easy or affordable for our troops serving overseas to call friends
and family at home, so starting today we’re making it completely
free for all uniformed military personnel with valid United States
Military (.mil) email addresses to call the United States, right
from Gmail.
“Hey guys! We gotta do something
about this Global Warming thing, so let's spend billions on
something! We can figure out later why it didn't work.” (Al
Gore's chart tying Carbon Dioxide to Global Warming was one of the
first things scientists attacked, because it was clearly flawed.)
"You may or may not be old
enough to remember the TV commercial for margarine that had the tag
line: 'It's not nice to fool Mother Nature.' But that commercial
came to mind as I was reading a report out recently that looked at
the viability
of large climate engineering projects that would basically alter
large parts of the atmosphere to reduce greenhouse gases or basically
reverse some of the effects of climate change. The congressional
watchdogs at the Government Accountability Office took a look at the
current state of climate engineering science and technology
(PDF), which generally aims at either carbon
dioxide removal or solar radiation management."
(Related) Will this be enough to kill
an industry before it is born? Will we repeal Carbon Credits?
http://hotair.com/archives/2011/08/31/has-the-agw-argument-imploded/
Has
the AGW argument imploded?
A new study by a European nuclear
research group appears to show that the actual prime
cause of temperature shifts in the Earth’s climate isn’t carbon
dioxide at all, or even the broader range of “greenhouse
gases,” but the large ball of fire in the center of the solar
system. Not that this study from CERN has attracted much attention
in the media, at least not in the US — but at least Nature
reported the results and the implications:
… In fact, AGW skeptics have long
pointed to solar cycles as a much more likely explanation for the
gradual but uneven warming seen over the last century or so.
No comments:
Post a Comment