They didn't see this before? How are they looking at their data differently now that they know they have been breached? Should this “new” way of looking at the data be part of everyone's Best Practices?

Anthem says hackers had access to customer data back to 2004

Chad Terhune reports:

Insurance giant Anthem Inc. said Thursday that hackers had access to customer data going back to 2004 as investigations continue into the massive breach.

I would not take that to mean that the Anthem is not retaining data that goes back before 2004, but only that the database the hackers accessed went back to 2004. I hope more on the issue of data retention is raised by Congress, HHS, and state attorneys general.

Terhune also reports:

In the meantime, Anthem said all current and former customers going back to 2004 can begin enrolling Friday for two years of identity theft protection and free credit monitoring.

Consumers can sign up and learn more details online or by calling (877) 263-7995.

Read more on The Los Angeles Times.

[From the article:

The Indianapolis-based company said its internal investigation was ongoing and it hadn't yet determined which customers might have been affected. [Are they saying there may be more? Bob]

Interesting, but grab the full package, the parts have some problems.

Fordham University’s Center on Law and Information Policy Publishes Privacy Handbook for Student Information Online: A Toolkit for Schools and Parents

This looks like a great – and free – resource!

Fordham University School of Law Center on Law and Information Policy is pleased to announce the publication of the Privacy Handbook for Student Information Online: A Toolkit for Schools and Parents, which is designed to provide materials that offer tools for school administrators, teachers and parents so that they can better understand and address online privacy protections and legal requirements.

School districts across the country rely on online service providers and technology companies to improve education and facilitate school administrative functions. These services typically involve the transfer of student information to third-party commercial organizations and raise significant privacy concerns for student information. The Fordham Center on Law and Information Policy (“Fordham CLIP”) conducted a research study titled “Privacy and Cloud Computing in Public Schools” (http://ir.lawnet.fordham.edu/clip/2/) which showed that major gaps exist in the protection of student privacy for many of the services used by schools.

“The study identified that school districts have a tremendous need for assistance in addressing privacy and called for the development of a national clearinghouse and research center to develop and distribute materials for schools to be able to use free of charge,” said Professor Joel R. Reidenberg, the Stanley D. and Nikki Waxberg Chair in Law and founder and director of the Fordham CLIP.

Under the direction of Professor Reidenberg, the Technology and Privacy Law Practicum course at Fordham Law School prepared this set of materials to assist school communities in addressing online privacy issues. [I love making students do the work! Bob]

The Privacy Handbook consists of a complete binder in PDF format and each tool as a stand-alone file, including the slides for the professional development presentations. All files may be downloaded and used free of charge by school communities. Any commercial uses will require prior written permission from the tool authors. The Privacy Handbook can be found here: law.fordham.edu/privacyhandbook

Professor Reidenberg will testify at a hearing on “How Emerging Technology Affects Student Privacy” on Thursday, February 12, 2015. The hearing is being held by the U.S. House of Representatives Committee on Education and the Workforce Subcommittee on Early Childhood, Elementary and Secondary Education.

Professor Reidenberg’s testimony will focus on the need to modernize federal educational privacy law to meet the challenges of today’s educational technologies, as well as make recommendations that Congress modernizes the Family Educational Rights and Privacy Act of 1974. For a complete list of hearing witnesses, please visit: http://edworkforce.house.gov/calendar/eventsingle.aspx?EventID=398317

SOURCE: Fordham Law School

For my Computer Security students. Do-It-Yourself Identity Theft guides

OR: Convicted ID thief found with ‘how to’ guide, DMV database

Brent Weisberg reports:

Joe V. Johansen was arrested Jan. 30 by officers with the Portland Police Bureau’s Street Crimes Unit that operates out of East Precinct.

[…]

In the affidavit that requested an increase for bail, Jackson wrote Portland police officers Michael Strawn and Patrick Mawdsley received a downloaded copy of a computer that Johansen admitted belonged to him.

“The computer download contained the Oregon Department of Motor Vehicles list of Oregon identification numbers, as well as 13 different victims’ federal income tax forms,” Jackson wrote.

Read more on KOIN6.

[From the article:

Investigators found a file on the computer that was titled “Guide to making fake IDs in the Privacy of Your Own Home,” Jackson wrote. On Jan. 7, 2015, the officers received another download of a second computer that Johansen admitted belonged to him, Jackson wrote.

On that computer, officers found another guide on how to make fake identifications, as well as roughly 350 forged prescriptions, including seven different doctor’s names and Drug Enforcement Administration (DEA) number, Jackson wrote.

Records show Johansen is on federal probation for bank fraud. Officers used the data from his GPS device that showed Johansen was going to various pharmacies around the Portland area “with unusual frequency,” Jackson wrote.

(Related) Phishing for fun and profit?

http://www.securityweek.com/phishing-kits-hook-victims-attacks

Phishing Kits Hook Victims in Attacks

According to Symantec, scammers can buy phishing kits for between $2 and $10. These kits do not always require technical skill to use – with just basic knowledge of PHP, attackers can customize their phishing pages to meet their needs, blogged Symantec's Roberto Sponchioni.

"Some of the kits that we observed were quite basic and only included two web pages," he blogged. "However, others appeared to be more professional and convincing, with more than 25 PHP source files and 14 different language files that can be loaded based on the user’s location.

(Related) First, write yourself a Presidential Pardon for all the crime you are about to commit. (http://deadfake.com/Default.aspx) Be sure to mention the national security implications that “will require the Secretary to deny any knowledge of your operation.”

http://www.makeuseof.com/tag/5-online-sources-disposable-email-addresses/

5 Online Sources for Disposable Email Addresses

We are starting to look ahead but still not willing to turn over full control?

http://www.theregister.co.uk/2015/02/12/facebook_legacy_contacts_appoint_account_manager_after_your_death/

DEATH is NOT THE END, on Facebook: 'Legacy' can be you BEYOND the GRAVE

A new feature from Facebook allows users to bequeath control of their accounts to loved ones when they die. It tries to tread the line between handing over full control and helping those who have lost someone use their memories and contacts to grieve.

For some time Facebook has had a “Memorialization” option which locks the account of a deceased person and stops the person from popping up in others' timelines.

The new legacy feature, rolling out soon in the US with other countries to follow, allows Facebook users to specify who should have limited control in the event of the user dying. One name can be selected from the account's security settings and optionally sends a message to the chosen contact.

People “inheriting” a dead person's Facebook account will be able to write a post to display at the top of the “memorialized” timeline. Facebook reckons this could be used, for example, to announce a memorial service or share a special message. They will also be able to respond to new friend requests from family members and friends and to update the deceased's profile picture and cover photo. The word “remembering” appears above the name of the person who has died.

For my programming students. I have used the “rubber duck” debug, but I call it the Major Smith method and I use a real person.

http://www.makeuseof.com/tag/7-useful-tricks-mastering-new-programming-language/

7 Useful Tricks for Mastering a New Programming Language

Resources for math teachers and students.

http://www.makeuseof.com/tag/banish-number-phobia-bit-everyday-math/

Banish Your Number Phobia With a Bit of Everyday Math