The more we learn, the worse they seem. (...and they are no doubt spinning this story for all they are worth.)
TJX breach occurred seven months before it was detected
Jaikumar Vijayan
January 22, 2007 (Computerworld) The data breach at TJX Companies Inc. that exposed sensitive credit and debit card data on an unknown number of customers occurred nearly seven months before it was detected, a company spokeswoman said today.
The breach occurred as far back as mid-May 2006 but was only discovered in mid-December, said company spokeswoman Debra McConnell. The original statement from Framingham, Mass.-based TJX announcing the data compromise last week only mentioned the discovery of the breach in December and made no mention of when the breach actually happened.
... Meanwhile, a Canadian law firm, the Merchant Law Group, filed a class-action lawsuit against Winners and HomeSense, two TJX-owned retailers in Canada whose customers were affected by the breach.
The lawsuit was filed in courts in six Canadian provinces and seeks "financial recovery on behalf of all individuals for whom personal information has been revealed," a statement posted on the company's Web site said.
... TJX said last Wednesday that an "unauthorized intruder" had gained access to its system and may have stolen credit and debit card data belonging to an unspecified number of customers in the U.S., Canada and Puerto Rico, and possibly in the U.K. and Ireland.
... So far, about 50 banks in Massachusetts alone have been affected by the TJX breach, according to a spokesman at the Massachusetts Bankers Association.
Ryan Fisher, senior risk manager with Madison, Wis.-based CUNA Mutual Group, which insures about 5,500 credit unions, said that while the scope of the breach is unknown, it appears to have had an impact on a substantial number of credit unions as well.
So if these folks had a virus or trojan, is the financial institution off the hook (could they claim they have no responsibility?)
Hackers steal $35,000 from customers of federal savings plan
Linda Rosencrance
January 19, 2007 (Computerworld) Hackers stole $35,000 from two dozen users of the Thrift Savings Plan (TSP), a retirement savings and investment plan for federal employees.
In late December, the computers of several TSP participants were infected with keylogging software that allowed criminals to record all keystrokes made by participants without their knowledge. The hackers also retrieved the customers' TSP personal identification number and other account information, according to a statement on the TSP Web site. However, the TSP's system was not breached, the company said.
"We were able to identify approximately two dozen participants who had relatively small amounts withdrawn from their accounts and electronically forwarded to fraudulent accounts," the TSP said. "Although we are working with the financial companies involved for the return of the funds, the total amount of loss involved is approximately $35,000. All affected participants have been notified."
"External penetration testing has demonstrated that our system has not been breached," the TSP said. "There is no evidence of any successful attacks against the system to identify a PIN and thus obtain access."
TSP officials said the personal information was compromised when keyloggers monitored each keystroke made by the users while they entered their TSP information into their own computers. All cases that have been identified involve electronic funds transfers. As an added security measure, the TSP has discontinued making these electronic payments for online transactions.
The TSP said over the coming months, it will be introducing several enhancements to the Web site, including a new alert message, more robust Web passwords and TSP account numbers, which will replace the use of the Social Security numbers for most TSP purposes.
A TSP spokesman declined to comment beyond the statement.
Perhaps not the best thought-out program for community service...
http://www.longmontfyi.com/Local-Story.asp?id=14188
ID recycling?
Security to be tightened at Eco-Cycle following reports of document theft
By Ben Ready The Daily Times-Call Publish Date: 1/21/2007
BOULDER — Think twice about throwing sensitive, unshredded papers into your recycling bin, says a convicted thief who claims he watched some of his companions pocket personal documents at Eco-Cycle’s Boulder facility.
The head of the Boulder County Jail’s alternative-sentencing programs and the director of Eco-Cycle promised to beef up security at the plant after a complaint that a handful of inmates — those serving community service sentences — and Eco-Cycle staff are stealing documents.
... According to Ned, jail volunteers and paid Eco-Cycle staff alike snagged credit card statements, bank statements, medical records, blank checks and documents containing Social Security numbers off conveyor belts while they sorted recyclables at the plant.
... Eco-Cycle director Eric Lombardi said that in the 30 years since he founded the nonprofit, no cases of identity theft have been traced to its four locations or processing plant. [Good security or bad tracing? Bob] That includes the last 10 years in which Eco-Cycle augmented its labor force with jail inmates and alternative-sentencing crews.
... “I’ve never had anything like this brought to my attention,” Caven said Thursday. [Should he be relying on outside tipsters? Bob]
... Jail workers have never caught inmates with anything they could use to steal someone else’s identity, he said. [Why not? Bob]
Alternative-sentence work crew members, however, go home after a day’s work at Eco-Cycle without being strip-searched or patted down, Caven said.
“...and when we're done, the recycled paper is shipped out of state.” (From the pictures, it was not sliced thinly enough... AND NO ONE NOTICED!)
http://www.wfsb.com/iteam/10562661/detail.html?taf=hart
Packing Material Contains Crime Report Info
Company To Stop Using Vendor's Shredded Paper In Packages
POSTED: 6:13 pm EST December 18, 2006 UPDATED: 6:51 pm EST December 18, 2006
ANDOVER, Conn. -- A couple in Andover opened a box they were expecting and found everything one would need to steal someone's identity.
Channel 3 I-Team reporter Kara Sundlun reported the box contained shredded paper meant to protect the contents of the box.
John and Bernadette McBride ordered parts for their humidifier. Upon opening their order, the couple noticed that the shredded paper contained crime reports from a police department in Colorado, replete with names, dates of birth and Social Security numbers.
... The parts came from the Appliance Factory in Colorado. The owner told Eyewitness News he was shocked. He said his company got the paper from Waste Not Recycling, which is based in Colorado. Many companies use shredding services that sell the paper they pick up.
“Unfortunately, our information wasn't stolen – there is no penalty for that.”
http://www.king5.com/localnews/stories/NW_012207BUBpsepenalizedSW.c39580e.html
PSE penalized for illegal release of private customer data
03:36 PM PST on Monday, January 22, 2007 KING5.com Staff
Video: Shredded Paper Contains Social Security Numbers
OLYMPIA - State regulators on Monday penalized Puget Sound Energy nearly $1 million for violating consumer privacy laws by intentionally sharing customers' private information with an outside marketing partner without the customers' written permission.
The Washington Utilities and Transportation Commission accepted a settlement that calls for PSE to pay a $900,000 penalty, contribute an additional $95,000 to low-income heating assistance and permanently cease the marketing program that released private customer information in violation of state law.
Under the settlement, PSE acknowledged transferring more than 65,000 phone calls to an outside marketing firm without the customers' written permission over a five-year period.
In March 2006, the UTC began an investigation into a report that PSE call-center employees were transferring some customer calls and information to Allconnect, Inc., a Georgia-based marketing company. Known as PSE Connections, the program marketed household services, such as telephone, newspaper and lawn services, to PSE's residential customers.
PSE received payment for transferring these residential customers to Allconnect. After PSE transferred a call and customer information, Allconnect would confirm the service order and then market additional services.
PSE immediately suspended the program in March 2006, when the commission investigation began.
As a condition of accepting the settlement, the UTC required PSE to notify its customers of its misconduct and the penalties. PSE will not be allowed to recover the penalties in any future rate-increase request.
State regulations prohibit privately owned energy utilities from releasing or selling customer information to any outside party for marketing purposes without the customer's written permission.
Phila. Is the city of brotherly love, is New York headed toward Big Brotherly-ness?
New Scanners for Tracking City Workers
By SEWELL CHAN January 23, 2007
The Bloomberg administration is devoting more than $180 million toward state-of-the-art technology to keep track of when city employees come and go, with one agency requiring its workers to scan their hands each time they enter and leave the workplace.
The scanning, which began in August at the Department of Design and Construction, has created an uproar at a generally quiet department that focuses on major city construction projects.
... In New York City, the use of the hand scanners is part of CityTime, an ambitious effort by the city’s Office of Payroll Administration to automate timekeeping. The city has a $181.1 million contract through 2009 with the Science Applications International Corporation to put CityTime in effect, according to the city’s public database of contracts.
... The scanners were introduced in August at the department’s headquarters in Long Island City, Queens. Hundreds of workers who keep daily timesheets — generally, those who make less than $66,000 a year — must use the scanners; those who file weekly timesheets, including many managers and supervisors, are exempt. [“We gotta keep those second class citizens in their place!” Bob]
It's just another warrentless search – what's the big deal?
http://yro.slashdot.org/article.pl?sid=07/01/22/1517218&from=rss
British Cops Hack Into Government Computers
Posted by Zonk on Monday January 22, @10:59AM from the accountability-from-the-bobbies dept. Privacy The Courts Politics
CmdrGravy writes "The British Police have hacked into Government computers as part of the on-going 'cash for peerages' investigation. They've uncovered evidence which has, so far, led to one arrest and charge of perverting the course of justice for a leading Labour party figure. This charge carries a potential life sentence. The British police have the power to hack into computer systems as part of an investigation. On previous occasions they have said they did not believe the government was providing them with the information they had been asking for and had warned that they would seek other methods to gather evidence. The police won't say what tools they have used. From the article: 'The investigators did not have to notify No 10 if they were "hacking" into its system. One legal expert said: "In some cases, a senior officer can give permission. In other cases, you might need the authorization of an independent commissioner, who is usually a retired judge appointed by the Home Office."'"
Ah yes, that bastion of civil liberties which is New Jersey...
http://techdirt.com/articles/20070121/203827.shtml
Another Court Ruling Supports Online Anonymity Rights
from the more-good-news dept
Just last week, we were talking about the importance of protecting online anonymity, and how so many people feel that anonymous speech criticizing themselves must be illegal. The good news, though, is that the courts seem to be in favor of protecting online anonymity if there's no real evidence of anything illegal. The latest case involved a website about a real estate developer. The site was set up anonymously by someone who was critical of the developer, and the developer sued. However, during the course of the case, the judge asked the developers lawyer if his client was willing to move forward with the case even if the identity of the anonymous critic remained hidden -- and the lawyer replied that he did not know, as the main focus of his client was to uncover the identity. The judge then ruled that the online critic could remain anonymous. That's actually an interesting test to pose to those bringing such cases. Most of the time, it does seem like they're bringing the case not to right some wrong, but simply to find out who their anonymous critic is -- and there's no legal reason to force the critic to be unmasked. It seems perfectly reasonable that a court should see whether or not the plaintiff is willing to continue to have the case move forward on the merits without knowing who it is they're suing, before any anonymity is lifted.
See, more goodness from the bench!
Court finds NJ users can expect privacy from Internet providers
By JEFFREY GOLD Associated Press Writer January 22, 2007, 5:37 PM EST
NEWARK, N.J. -- Computer users in New Jersey can expect that personal information they give their Internet service providers be treated as private, a state appellate court decided Monday in the first such case considered in the state.
As a result, New Jersey and several other states give greater privacy rights to computer users than most federal courts, and law enforcement officers in New Jersey need to obtain valid subpoenas or search warrants to obtain the information.
The court ruled that a computer user whose screen name hid her identity has a "legitimate and substantial" interest in anonymity.
... By using a coded screen name the "defendant manifested an intention to keep her identity publicly anonymous. She could have used her own name or some other ISP address that would have readily revealed her identity, but she did not. Having chosen anonymity, we conclude that defendant manifested a reasonable expectation of privacy in her true identity, known only to Comcast," Appellate Judge Harvey Weissbard wrote for the panel.
... Federal courts have held the Internet subscribers have no right of privacy under Fourth Amendment protections against illegal search and seizure regarding identifying information on file with their service providers. That stems from U.S. Supreme Court decisions which held that a person cannot expect privacy for information voluntarily given to others, the New Jersey court said.
Appellate ruling: http://www.judiciary.state.nj.us/opinions/a3424-05.pdf
Fortunately, this is America, and this would never happen here...
http://news.yahoo.com/s/afp/20070122/od_afp/australiausairlinebushoffbeat_070122033853
Dumped airline passenger fights for right to call Bush a terrorist
Sun Jan 21, 10:38 PM ET
An Australian man barred from an international flight for wearing a T-shirt depicting US President George W. Bush as a terrorist has said he would fight the airline's ruling.
... A Qantas spokesman said: "Whether made verbally or on a T-shirt, comments with the potential to offend other customers or threaten the security of a Qantas group aircraft will not be tolerated".
...except of course in Pennsylvania.
http://news.yahoo.com/s/ap/20070121/ap_on_re_us/letter_writer_threat
Pa. man's letter brings Secret Service
Sun Jan 21, 2:51 PM ET
An elderly man who wrote in a letter to the editor about Saddam Hussein's execution that "they hanged the wrong man" got a visit from Secret Service agents concerned he was threatening President Bush.
The letter by Dan Tilli, 81, was published in Monday's edition of The Express-Times of Easton, Pa. It ended with the line, "I still believe they hanged the wrong man."
... The agents almost immediately decided Tilli was not a threat, Slama said
... Tilli said the agents appeared more relaxed when he dug out a scrapbook containing more than 200 letters that he has written over the years, almost all on political topics. [Sounds like cheap insurance... Bob]
... It wasn't Tilli's first run-in with the federal government over his letter writing. Two FBI agents from Allentown showed up at his home last year about a letter he wrote advocating a civil war to unseat Bush, he said. [Do you suppose the Secret Service was unaware of this? Bob]
Sometools for my students... Many are free!
http://digg.com/apple/Seven_Applications_for_Writing_and_Note_Taking
Seven Applications for Writing and Note Taking
A rundown of 7 applications for note taking and information organization.
http://theappleblog.com/2007/01/22/note-taking-application-faceoff/
Something else...
http://edition.cnn.com/2007/TECH/internet/01/22/grammar.girl/index.html
'Grammar Girl' a quick and dirty success
By David E. Williams CNN
(CNN) -- Grammar lessons often are associated with high school drudgery -- diagramming sentences and memorizing obscure rules in between passing notes in English class -- but an Arizona technical writer has turned the seemingly dry subject into a popular podcast.
Mignon Fogarty, the woman behind "Grammar Girl's Quick & Dirty Tips for Better Writing," has been explaining the finer points of commas, colons and split infinitives since July.
... The show is currently the 47th most popular podcast on Apple's iTunes service, right behind "Merriam-Webster's Word of the Day." It has been as high as number two, Fogarty said. She said the shows have been downloaded more than 1.3 million times.
Another way to get free money? But you have to be first, and big enough to ensure publicity...
http://www.treehugger.com/files/2007/01/free_solar_powe.php
Free Solar Power for Staples
by Justin Thomas, Virginia on 01.22.07 Science & Technology (alternative energy)
Staples has unveiled the largest solar power installation in New England at its 300,000-square-foot retail distribution center in Killingly, Connecticut. The solar power installation was built at no capital cost to Staples. The 433-kilowatt DC commercial solar photovoltaic system larger that a football field, covering nearly 74,000 square feet of roof space. The solar power system has the capacity to produce enough energy to power 14 percent of the distribution center or 36 homes per year.
The project was made possible through the collaborative effort of Connecticut Clean Energy Fund, which provided a $1.7 million grant for the project, and SunEdison, which financed the remaining costs of the project and designed and installed the system.
“It is better to look smart than to be smart” Fernando
http://digg.com/gadgets/How_to_solve_Rubik_s_Cube_2
How to solve Rubik's Cube
The world's most famous puzzle, simultaneously beloved and despised for it's beautiful simple complexity, the Rubiks Cube has been frustrating gamers since Erno Rubik invented it back in 1974.
No comments:
Post a Comment