Wednesday, January 08, 2014

Much more polite than, “So easy, even a caveman could do it!”
Adam Carey reports:
Personal information about public transport users in Victoria has been exposed to potential identity theft because government authority Public Transport Victoria failed to secure its website.
The security flaw in the PTV website was discovered by schoolboy Joshua Rogers, 16, who used a simple hacking technique to unearth a database containing the personal records of customers of the former Metlink online store.
The database includes full names, addresses, home and mobile phone numbers, email addresses, dates of birth, seniors card ID numbers, and nine-digit extracts of credit card numbers.
Read more on The Age.

The government plods, but eventually they'll get around to screwing everything up.
Okay, so HHS decided to give me a migraine by adding no less than 37 breach incidents to its public breach tool today. I suspect, but cannot be certain, that my repeated inquiries to them about breach reports not showing up in a timely fashion – the last such inquiry a few days ago – may have contributed to today’s massive update. Interestingly, a number of the entries refer to breaches well over a year old. Have they been sitting on these reports all this time? And if so, why?
… In the next post, I’ll discuss the newly added breaches we didn’t know about already.

About time a law firm built an App to demonstrate their expertise in Security Breach Law. What other areas could be “claimed” this way?
A law firm has created an app to help counsel comply with the myriad state data breach notification requirements. From their press release:
Features of the Fox data breach app include:
  • State Security Breach Statutes: An alphabetical listing of the 46 states that have data breach laws in place and links to all the relevant notification statutes.
  • HIPAA/HITECH Statutes: Breach notifications rules and other pertinent information related to the loss or theft of personal health information.
  • Resources: Links to credit agencies and credit monitoring services as well as the FTC website. Also, a section on COPPA – the Children’s Online Privacy Protection Act – and relevant information surrounding the mining of data on minors. This section also includes links to Fox’s Privacy Compliance & Data Security Blog and its HIPAA, HITECH and Health Information Technology Blog.
The app is available for free in the iTunes Store. To download it, click here.
Over the past decade, Vernick has developed extensive fluency in the rapidly evolving field of privacy and data security. He routinely counsels multinational and mid-sized businesses on how to mitigate risk and overcome the challenges posed by the current state and federal enforcement environment. For several years, Vernick has contributed to the “Combating Cyberthreats” section to West/Thompson Reuters’s Data Security and Privacy Law guide, and he is also a frequent commentator for national and local media outlets on current issues related to privacy.
The app is a free download.

“Ah to be on a Cyber-Jury, now that Spring is here.”
Firm Bankrupted by Cyberheist Sues Bank
A state-appointed receiver for the now defunct Huntington Beach, Calif. based Efficient Services Escrow has filed suit against First Foundation Bank, alleging that the bank’s security procedures were not up to snuff, and that it failed to act in good faith when it processed three fraudulent international wire transfers totaling $1,558,439 between December 2012 and February 2013.
The lawsuit, filed in the Superior Court for Orange County, is the latest in a series of legal battles over whether banks can and should be held more accountable for losses stemming from account takeovers. In the United States, consumers have little to no liability if a computer infection from a banking Trojan leads to the emptying of their bank accounts — provided that victims alert their bank in a timely manner. Businesses of all sizes, however, enjoy no such protection, with many small business owners shockingly unaware of the risks of banking online.
… Efficient Services and its bank were able to recover the wire to Russia, but the two wires to China totaling $1.1 million were long gone. Under California law, escrow and title companies are required to immediately report any lost funds. When Efficient reported the incident to state regulators, the California Department of Corporations gave the firm three days to come up with money to replace the stolen funds.
Three days later, with Efficient no closer to recovering the funds, the state stepped in and shut the company down. [MTBU = 3 (Maximum Time to Belly Up) Bob]

For my geeks...
FREE EBOOK Guide To KDE: The Other Linux Desktop
No password or registration required. Read online or download PDF, EPUB version free of charge; Amazon version $1

No comments: