Much more polite than,
“So easy, even a caveman could do it!”
Adam Carey reports:
Personal
information about public transport users in Victoria has been exposed
to potential identity theft because government
authority Public Transport Victoria failed to secure its website.
The
security flaw in the PTV website was discovered by schoolboy Joshua
Rogers, 16, who used a simple hacking technique to unearth a database
containing the personal records of customers of the former Metlink
online store.
The
database includes full names, addresses, home and mobile phone
numbers, email addresses, dates of birth, seniors card ID numbers,
and nine-digit extracts of credit card numbers.
Read more on The
Age.
The government plods,
but eventually they'll get around to screwing everything up.
Okay, so HHS decided to
give me a migraine by adding no less than 37 breach incidents to its
public breach tool today. I suspect, but cannot be certain, that my
repeated inquiries to them about breach reports not showing up in a
timely fashion – the last such inquiry a few days ago – may have
contributed to today’s massive update. Interestingly, a number of
the entries refer to breaches well over a year old. Have they been
sitting on these reports all this time? And if so, why?
… In the next post,
I’ll discuss the newly added breaches we didn’t know about
already.
About time a law firm
built an App to demonstrate their expertise in Security Breach Law.
What other areas could be “claimed” this way?
A law firm has created
an app to help counsel comply with the myriad state data breach
notification requirements. From their press
release:
Features
of the Fox data breach app include:
- State Security Breach Statutes: An alphabetical listing of the 46 states that have data breach laws in place and links to all the relevant notification statutes.
- HIPAA/HITECH Statutes: Breach notifications rules and other pertinent information related to the loss or theft of personal health information.
- Resources: Links to credit agencies and credit monitoring services as well as the FTC website. Also, a section on COPPA – the Children’s Online Privacy Protection Act – and relevant information surrounding the mining of data on minors. This section also includes links to Fox’s Privacy Compliance & Data Security Blog and its HIPAA, HITECH and Health Information Technology Blog.
The
app is available for free in the iTunes
Store. To download it, click
here.
Over
the past decade, Vernick has developed extensive fluency in the
rapidly evolving field of privacy and data security. He routinely
counsels multinational and mid-sized businesses on how to mitigate
risk and overcome the challenges posed by the current state and
federal enforcement environment. For several years, Vernick has
contributed to the “Combating Cyberthreats” section to
West/Thompson Reuters’s Data Security and Privacy Law guide,
and he is also a frequent commentator for national and local media
outlets on current issues related to privacy.
The app is a free
download.
“Ah to be on a
Cyber-Jury, now that Spring is here.”
Firm
Bankrupted by Cyberheist Sues Bank
A state-appointed
receiver for the now defunct Huntington Beach, Calif. based Efficient
Services Escrow has filed suit against First
Foundation Bank, alleging that the bank’s security
procedures were not up to snuff, and that it failed to act in good
faith when it processed three fraudulent international wire transfers
totaling $1,558,439 between December 2012 and February 2013.
The lawsuit, filed in
the Superior Court for Orange County, is the latest in a series of
legal battles over whether banks can and should be held more
accountable for losses stemming from account takeovers. In the
United States, consumers have little to no liability if a computer
infection from a banking Trojan leads to the emptying of their bank
accounts — provided that victims alert their bank in a timely
manner. Businesses of all sizes, however, enjoy no such protection,
with many small business owners shockingly unaware of the risks of
banking online.
… Efficient
Services and its bank were able to recover the wire to Russia, but
the two wires to China totaling $1.1 million were long gone. Under
California law, escrow and title companies are required to
immediately report any lost funds. When Efficient reported the
incident to state regulators, the California Department of
Corporations gave the firm three days to come up with money
to replace the stolen funds.
Three days later, with
Efficient no closer to recovering the funds, the state stepped in and
shut the company down. [MTBU = 3 (Maximum Time to
Belly Up) Bob]
For my geeks...
FREE
EBOOK Guide To KDE: The Other Linux Desktop
No password or
registration required. Read online or download PDF, EPUB version
free of charge; Amazon version $1
No comments:
Post a Comment