Medium sized, but worth a mention...

Schnucks discloses details of breach affecting 2.4M customers

Last month, Schnucks Markets, a multi-state chain of grocery markets, disclosed that customers at some of its stores had become victims of card fraud. I duly entered the reports in DataLossDB.org, but didn’t post anything on this blog.

This past week, I emailed Schnucks to ask for some more details. They declined to answer any specifics, but just today issued a statement that does address some of the questions I had posed to them:

Leaders of St. Louis-based Schnuck Markets, Inc., today announced that between December 2012 and March 29, 2013, approximately 2.4 million credit and debit cards used at 79 of its 100 stores may have been compromised. The company emphasizes that only the card number and expiration date would have been accessed – not the cardholder’s name, address or any other identifying information.

Schnucks has posted a list of the 79 stores and specific dates for each store at www.schnucks.com. In addition, Schnucks has distributed a timeline of the actions taken to investigate, find, contain, and share information about the cyber-attack, as well as a personal video message from Chairman and CEO Scott Schnuck.

“On behalf of myself, the Schnuck family, and all of our 15,000 teammates, I apologize to everyone affected by this incident,” said Scott Schnuck.

… Schnucks has worked with its payment processor to make sure all potentially affected card numbers are sent to the credit card companies so that they may continue sending alerts to the issuing banks. Those banks will then be able to take steps to protect their cardholders, such as adding enhanced transaction monitoring or reissuing a new card. Many banks have already taken these steps.

“Customers have asked me if it is safe to shop at Schnucks,” continued Schnuck. “Yes, we believe it is, and we will work hard to keep it that way.”

… Schnucks provided the Secret Service and FBI with information about the methods and tools used by the attacker and has worked and will continue to partner with law enforcement to apprehend those responsible.

The press release incorporates an FAQ for consumers.

This is an example of good transparency by a breached entity. They disclosed the breach as soon as they became aware of it (even if it took from December to March to become aware of it and even though they had to be told by their card processor to look for a breach), and they updated their reports by revealing more of what they found as they found it, including the numbers affected.

What makes sense and what is legal don't always agree...

California appellate court expands common law right of privacy

V. John Ella of Jackson Lewis writes:

The Fourth District Court of Appeal for the State of California expanded the tort of “public disclosure of private facts” under that state’s common law right to privacy in a case involving a claim by an employee against her supervisor and employer. Ignat v. Yum! Brands, Inc. et al, No. G046434, (Cal. Ct. App. March 18, 2013). The plaintiff in that case suffered from bi-polar disorder and occasionally missed work due to the side effects of medication adjustments. After returning from such an absence, the plaintiff alleged that her supervisor had informed everyone in her department about her medical condition and that, as a result, she was “shunned” and a co-worker asked if she was going to “go postal.” The plaintiff filed suit alleging a single cause of action for invasion of privacy by public disclosure of private facts.

Read more on Lexology. This is a good case for all employers to consider, as the issue of how much co-workers can be told if an employee is out on medical leave or for other personal reasons comes up fairly frequently. To avoid possible legal problems, it would make sense (to me, anyway) for an employer to ask the employee, “Your colleagues are concerned about you – how much do you want me to tell them about what’s going on?”

Now you can't even trust a pigeon...

New Bird Shaped Drone Shown at Security and Defense Trade Show

"SHEPHERD-MIL, a UAV which looks like a native bird with the same flight performance, will be featured at HOMSEC 2013. This UAV is characterized by the glide-ratio and noiseless motor that make it invisible, silent and unobtrusive in sensitive missions. SHEPHERD-MIL is equipped with cameras and geolocation software. The system is especially suitable for border surveillance missions, firefighting, and anti-drug trafficking operations amongst others."

We'll probably need at least one in every state.

NSA Data Center Brings Concerns Over Security and Privacy and Jobs

"Twenty-five miles due south of Salt Lake City, a massive construction project is nearing completion. The heavily secured site belongs to the National Security Agency. The NSA says the Utah Data Center is a facility for the intelligence community that will have a major focus on cyber security. Some published reports suggest it could hold 5 zettabytes of data. Asked if the Utah Data Center would hold the data of American citizens, Alexander [director of the NSA] said, 'No...we don't hold data on U.S. citizens,' adding that the NSA staff 'take protecting your civil liberties and privacy as the most important thing that they do, and securing this nation.' But critics, including former NSA employees, say the data center is front and center in the debate over liberty, security and privacy."

According to University of Utah computing professor Matthew Might, one thing is clear about the Utah Data Center, it means good paying jobs. "The federal government is giving money to the U.'s programming department to develop jobs to fill the NSA building," he says.

Inevitiable, I suppose. And lots of people who don't know better will welcome this model.

http://www.wired.com/business/2013/04/facebook-phone-subsidy/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Top+Stories%29

Why Facebook Could Finance Your Next Phone

Facebook Home was released last week for six new high-end smartphones. But Facebook isn’t going to make its mobile platform ubiquitous by targeting pricier devices; it needs to blanket the low end of the market too. Which is why you should expect the social network to start outright subsidizing smartphone and even tablet purchases.

Facebook unveiled its Facebook Home “apperating system” earlier this month, pitching it as a way to move the focus of mobile phone and tablets from software to people. The device should be a boon to users who spend a lot of time chatting and swapping photos on Facebook, but businesses will soon benefit, too: Facebook plans to show advertisements right on the lock screen of the device, interspersed with photos and status updates.

… Here’s how it might work: Facebook could offer to pay mobile subscribers’ out-of-pocket costs for a device like, say, the $200 Samsung Galaxy Note II. In exchange, Facebook Home would be allowed to show advertisements a bit more often on the device and to report back a bit more tracking data than it normally does (Facebook says Facebook Home tracks only the same data as Facebook’s mobile app, plus some anonymized app launching stats on rare occasion).

Facebook wouldn’t be the first company to offer ad-supported discounts on digital devices. Amazon does this already, knocking roughly 30 percent off the price of a Kindle e-reader for those willing to accept ads on the lock screen and holding down the price of its Kindle Fire tablet by showing ads on all of them. If you think about it, the entire ecosystem of devices running the Android operating system is advertising subsidized, since Google only gives away the mobile OS as a way of getting its ads into more smartphones and tablets.

As long as they don't price it like Cable TV...

http://www.wired.com/gadgetlab/2013/04/e-book-subscriptions/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Top+Stories%29

Prepare Your Eyeballs: E-Book Subscriptions Are Coming

E-books are getting the Spotify subscription model.

Books have long been the last holdout as music, movies, games and even TV shows and magazines have embraced the subscription model. Pay a single monthly fee and you can gorge on all the content you can cram into your eyes and ears. But on Tuesday, Tim Waterstone, the founder of the UK bookstore Waterstones, announced Read Petite, a subscription streaming service for short fiction. It’s a baby step toward a new model that could shake up an industry that has seen traditional books losing ground to e-books, which comprised 22.5 percent of the book market in 2012.

… Waterson’s Read Petite would give readers unlimited access to available book for a few bucks a month. The service will launch this fall, and it will be interesting to see how it is received by readers and, more importantly, publishers.

One publisher that’s already on board is F+W Media. It offers subscriptions for its library of design, writing reference and romance genres — genres that lend themselves to the all-you-can eat subscription model, said Chad Phelps, chief digital officer.

… While specific genres lend themselves to a subscription service, there is a market for the two-three book a week reader. It’s just a question of who will act first and how.

Could this be useful in our programming classes?

The Internet Archive Is Now the Largest Collection of Historical Software Online

"The Internet Archive has a great collection of books, music, visual items and websites but, it had one thing lacking up until now – software. This has changed recently as The Internet Archive now claims to hold the largest collection of software in the world. The expansion at the Internet Archive has come through collaboration with other independent archives like the Disk Drives collection, the FTP site boneyard, Shareware CD Archive, and the TOSEC archive. The archive doesn't hold just the software – it also holds documentation as well."