Another source of details? Do they already have the full story?
http://www.forbes.com/feeds/ap/2007/04/24/ap3647951.html
Banks to Sue TJX Cos. Over Data Theft
By MARK JEWELL 04.24.07, 6:31 PM ET
Bank associations in Massachusetts, Connecticut and Maine said Tuesday they will sue TJX Cos. over a data theft that exposed at least 45 million credit and debit cards to potential fraud.
Banks have been saddled with costs to replace cards and cover fraudulent charges tied to the theft from TJX, the owner of nearly 2,500 discount stores including T.J. Maxx and Marshalls. Since it disclosed the data theft three months ago, Framingham-based TJX has been hit with several lawsuits filed in the U.S. and Canada by consumers, financial institutions and investors.
The Massachusetts Bankers Association said the Connecticut Bankers Association, Maine Association of Community Banks and at least three individuals banks are joining in a lawsuit to be filed Wednesday in U.S. District Court in Boston. The associations represent nearly 300 banks.
Dan Forte, president and chief executive of the Massachusetts Bankers Association, said his organization will contact other state bank groups nationwide to see if they're interested in joining the lawsuit, which seeks class-action status.
The complaint will make an unfair trade practices claim under Massachusetts law alleging that TJX failed to adequately protect sensitive customer data, and misrepresented how it handled data.
TJX spokeswoman Sherry Lang said the company does not comment on pending litigation, but also said, "TJX will defend itself vigorously."
The Massachusetts Bankers Association said in January its members had been contacted by credit and debit card companies of fraudulent purchases tied to the TJX breach that had been made in Florida, Georgia, and Louisiana, and overseas in Hong Kong and Sweden. Reports continue to come in from "around the world," bankers association spokesman Bruce Spitzer said.
Spitzer said the banks will try to recover "tens of millions of dollars," although the damages the banks ultimately will seek depends on future expenses from replacing cards and covering fraudulent purchases.
On Jan. 17, TJX disclosed a breach of its computer systems by an unknown hacker or hackers who accessed card data from transactions as long ago as late 2002. On March 28, TJX said at least 45.7 million of its shoppers' cards had been compromised. Independent organizations that track data thefts say the TJX case is believed to be the largest in the U.S. based on the number of customer records compromised.
TJX says about three-quarters of the 45.7 million cards had either expired by the time of the theft, or the stolen information didn't include security code data from the cards' magnetic stripes. However, TJX also has said the intruders could have tapped the unencrypted flow of information to card issuers as customers checked out with their credit cards.
The company and the U.S. Secret Service are investigating. The only arrests so far have come in Florida, where 10 people who aren't believed to be the TJX hackers are accused of using stolen TJX customer data to buy Wal-Mart (nyse: WMT - news - people ) gift cards.
See, it's not just me.
http://www.ebizq.net/podcasts/153.html
ebizQ Podcast: Systems Under Siege -
Steps a CSO Should Take Today: A Talk With Mike Rothman
Listen to or download the entire 10:03 podcast below: Download file
... Would you discuss the recent breach with TJX, and how incident response and crisis communications would have made a difference?
I always point back to the issue that Johnson & Johnson had with Tylenol. That was years ago and I was just a kid and there was bedlam and everybody was terrified and they were tossing their Tylenol out of their windows because they were scared. The CEO got on TV and accepted responsibility and said this is what my plan is going to be to both restore your trust in my company as well as the product and this is what we're doing to make sure it never happens again. That started the whole thing with sealing the drugs and making sure you?ve got tamper proof packaging. It really was a watershed moment in crises communications.
You look at how TJX handled their data breach which was, well, we didn't tell you for a couple of months. Sorry. You could tell they didn't even mean it and we're not going to give you any credit monitoring all 45 million customers that have been transgressed because, you know, at the end of the day I don't legally have to and my margins are like 2% so there is no way I can stay in business and do that. It just felt that every step of the process they were stonewalling the public, they were treating their customers shabbily. I think that comes back and bites you.
A brand is a very hard thing to build and is a very significant thing to waste. You do one stupid thing and years of good karma go by the wayside. I think by handling the situation a lot more effectively, TJX could have made this much less of an issue. But they stonewalled, they didn't admit a problem, they tried to blame other people, and they wouldn't do the right thing for customers. So at the end of the day, I believe customers won't do the right thing by them.
Probably after the computers...
http://www.cnbc.com/id/18294461
Thieves Nab Info on 160,000 Neiman Marcus Workers
24 Apr 2007 | 06:13 PM
A computer stolen from a Neiman Marcus consultant contained personal information on nearly 160,000 current and former employees, the luxury retailer said Tuesday.
The company said there was no indication yet that the thieves had tapped into the personal information, which included individuals' names, addresses, Social Security numbers, birth dates and salaries.
The stolen notebook computer belonged to a pension-benefits consulting firm hired by Neiman Marcus. It was taken April 5 from a technician hired by the consultant, according to a Neiman Marcus spokeswoman.
Ginger Reeder, the spokeswoman, said Neiman Marcus was told about the theft April 10 but was asked by police not to release information about it until this week while the case was investigated. She declined to say where or how the theft occurred, other than that it didn't occur in Dallas, where the retailer is based.
Reeder said other items were taken, leading the company to believe that the thieves weren't after information about the Neiman Marcus employees.
The consultant's policies called for computer files to be encrypted, but Neiman Marcus doesn't know whether that was done and is cautiously acting as if the data on the stolen machine wasn't protected, Reeder said.
... 'This is probably one of the most significant breaches of employee records by an American company,' said Mark Rotenberg, executive director of the Electronic Privacy Information Center, a consumer advocacy group. 'For a single company to lose its entire employee history is serious.'
Rotenberg said it was particularly alarming that the loss involved Social Security numbers and dates of birth -- the currency used by identity thieves.
... Neiman Marcus Group has close to 17,000 current employees. [High turnover... Bob]
... 'It's absolutely unacceptable for any company to be carrying around information that includes people's Social Security numbers without it being encrypted, but unfortunately we see quite a few instances of it,' he said.
Small time...
http://www.jconline.com/apps/pbcs.dll/article?AID=/20070424/NEWS0901/70424010
Purdue reports potential for ID theft for 175 students
STAFF REPORTS April 24, 2007
A Purdue University computer gaffe put the names and Social Security numbers of 175 students on the Internet, according to a release from the university this morning.
It is unclear how long the site was available.
The site had the names and Social Security numbers of students enrolled in a freshman engineering honors course in fall 2001. The site could be found through search engines, but has been taken down now. It is not known if any of the information has been used in identity theft or fraud by anyone who has seen it.
Letters to the students, many of whom have graduated or now left the university, have been sent. Since the addresses of the students are several years old, anyone who thinks they might be on the list should call (866) 307-8513. More information is available at www.purdue.edu/news/coe0704.html.
Another laptop stolen...
http://wjz.com/local/local_story_114155042.html
Apr 24, 2007 3:48 pm US/Eastern
Baltimore Co. Laptop Stolen With Personal Info
(AP) TOWSON, Md. A laptop containing the personal information of about 6,000 people was stolen from a Baltimore County health center, a health department spokeswoman said Tuesday.
The computer did not contain medical informationm but did have names, date of birth, social security numbers, telephone numbers and emergency contact information. The personal information was from patients who were seen at the clinic between Jan. 1, 2004 and April 12.
Letters have been sent out to the 6,000, advising them of the availability of free credit checks provided by the three major credit reporting agencies and saying the risk of identity theft was low because the file containing the information was protected by passwords and other security safeguards.
Monique Lyle, a spokeswoman for the county health department, said the computer, which was stolen April 16, has not been recovered, but no one has reported any identity theft or other problems related to the theft.
Likely the IT department doesn't even know this is happening...
http://www.technewsworld.com/rsstory/57058.html
Are Data Leaks Bleeding Your Company Dry?
By Jack M. Germain TechNewsWorld 04/25/07 4:00 AM PT
Businesses are starting to respond to the rising threat levels posed by data leakage from pocket-sized storage devices. The push to react is not coming from the fear of lost data as much as it is fear of losing money. Negative publicity became a primary driver last year in influencing
The data drip is here. Computer security experts are worried that corporate data leaking from networks onto small mobile storage devices will worsen into a flood of stolen customer and company information.
Over half of all information leaks travel to personal data storage devices such as USB drives, MP3 players and PDAs, according to recent industry surveys. These surveys suggest that portable storage devices are contributing to a staggering rise in ID theft and loss of sensitive data on the corporate level.
Every 79 seconds, someone in the United States becomes a victim of such thefts. Even a single incident of data loss can cost a company millions of dollars in lost revenue, lost opportunity, lost competitive advantage and costly penalties for regulatory non-compliance, warn security experts.
"The cost of remediating lost data can be (US)$100 per record, so it makes economic sense to invest in data loss prevention technology," Chip Hay, vice president of marketing Email Marketing Software - Free Demo for security firm Code Green Networks, told TechNewsWorld.
Another report/statistic/guess
http://www.eweek.com/article2/0,1759,2121597,00.asp?kc=EWRSS03119TX1K0000594
New Report Chronicles the Cost of Data Leaks
April 24, 2007 By Brian Prince
Researchers at Datamonitor can give corporations 1.8 million reasons to protect themselves against data breaches.
According to the research group's new report, "Datagate: The Next Inevitable Corporate Disaster?", the average cost of a data leak incident is $1.82 million. That figure is based on accounts of 23 percent of respondents—the others were unable to track and audit losses after a breach.
The report surveyed 1,400 IT decision makers across the globe. All totaled, 60 percent of those surveyed said they experienced a data leak last year, and only six percent could state with certainty that they had no data leakage problems in the past two years.
The court will be so pleased... (But note that they still don't have the emails)
http://news.com.com/8301-10784_3-9712220-7.html?part=rss&subj=news&tag=2547-1_3-0-5
April 24, 2007 4:57 PM PDT
Intel outlines plans to find missing e-mail
Posted by Tom Krazit
Intel filed a report late Monday night outlining how it plans to recover e-mail that it failed to preserve following the filing of Advanced Micro Devices' antitrust lawsuit against the company.
Last month, Intel said that a number of employees had failed to properly preserve e-mail related to AMD's allegations after some people forgot to save "sent" e-mail or assumed IT was backing up their folders. The report doesn't have much in the way of details beyond what Intel has already said, that despite the breakdown in its document retention policies it thinks it can cobble together the rest of the e-mail messages from backup tapes, e-mail preserved by those who properly followed retention procedures, and by looking at other employees within the same department or management team.
The mess goes all the way to the top: court transcripts indicated that CEO Paul Otellini was one of the individuals who thought IT was backing up his e-mail. But Intel noted that it did take a snapshot of every file on its network the day after AMD filed its lawsuit, which are the files that might have the evidence AMD seeks.
Take all you want, but eat all you take.
http://www.belleville.com/198/story/18298.html
Posted on Tue, Apr. 24, 2007
DNA left on cinnamon bun nabs car thief
The Associated Press
EASTPOINTE, Mich. --Norman O. Wheeler probably wishes he had finished that cinnamon bun. DNA evidence from the partly eaten pastry led to Wheeler's arrest in a 2004 car theft.
The 40-year-old Detroit resident already was serving time for another auto theft when authorities made the DNA match. Wheeler pleaded guilty earlier this month, and he now faces sentencing May 22.
Eastpointe Officer Ed Lulko was investigating the car-theft report when a witness described seeing a man arrive in one car and then break out the windows of the other car and steal it, according to police in the Detroit suburb.
"Officer Lulko found the partially eaten pastry in the car and sent it to the Michigan State Police crime laboratory with hopes that the DNA left on the roll could lead to the identity of the perpetrator," Detective Eric Keiser told The Macomb Daily of Mount Clemens. As a convict, Wheeler's DNA was on file, leading to the match and arrest.
I've gotta figure out how I can use this. Looks nteresting!
http://www.bespacific.com/mt/archives/014657.html
April 24, 2007
LC Global Legal Monitor, March 2007 Issue Now Available
LC Global Legal Monitor, March 2007 Issue Now Available
Amusing, but expected. Would a true businessman fire these lawyers?
http://techdirt.com/articles/20070424/154747.shtml
RIAA Seriously Smacked Down (Again) By Judge
from the worth-reading dept
The RIAA's track record in court hasn't been so great lately. After being forced to drop various lawsuits once it was pointed out to the RIAA that the suits were targeted incorrectly, the RIAA has tried (and failed) to get out of paying the legal fees of those they incorrectly sued. The latest ruling comes from a judge who already told the RIAA it needed to pay fees. Now he's reaffirmed the decision and explained it quite clearly to the RIAA. The quotes are absolutely worth reading at that link, as the judge highlights the fact that copyright isn't solely for the benefit of the content creator/owner, but for enriching the public domain, and that gives anyone accused of infringement strong defenses to their use of the content.
The judge also challenges a bunch of questionable or misleading claims by the RIAA, basically suggesting that the RIAA was assuming he wouldn't actually look into any of its claims. For example, the RIAA filing claimed that there were no "reported" cases where attorney fees were awarded without using a specific test, but the judge looked around and quickly found that there were many unreported cases, including ones against the exact same plaintiff. So the claim my be truthful that there were no "reported" cases, but ultimately misleading. Trying to trick a judge that way doesn't tend to end well. Also, rewriting history doesn't work well, as the judge points out the RIAA tried to do in claiming that it had offered the defendant a way to settle without paying anything. As the judge says: "Of course, that is not true. By the time the plaintiffs offered to dismiss their claims against the defendant, she had made a considerable litigation investment, and would have been required to pay those expenses already incurred. Furthermore, the plaintiffs offered merely to dismiss their claims without prejudice, thus leaving the defendant exposed to continued litigation in the matter." There's a lot more like that in the decision, including the judge pretty much slapping the RIAA down for suggesting that it may have won the case anyway... It's nice to see judges are recognizing the real issues in these cases.
Good news, bad news. If it works, don't worry about the perception. If it doesn't work, why even bring up perceptions – are you asking to take it covert?
http://www.abcnews.go.com/Politics/wireStory?id=3071482
Pentagon intel chief seeks end to TALON database
Apr 24, 2007 — WASHINGTON (Reuters) - The Pentagon's new intelligence chief has asked U.S. Defense Secretary Robert Gates to terminate the controversial military database known as TALON that tracks suspicious activity around U.S. bases, according to a memo obtained by Reuters on Tuesday.
James Clapper, U.S. undersecretary of defense for intelligence, said in an April 18 memo the program should end due in part to its image in Congress and the media.
"I have assessed results of the TALON program during the last year and I do not believe they merit continuing the program as currently constituted particularly in light of its image in the Congress and the media," Clapper said in a memo to Gates.
TALON is a database of raw reports of possible threats to U.S. military bases. It contains thousands of records of suspicious activities around bases that could involve terrorist threats, including information about some U.S. citizens.
After press reports in 2005, the Pentagon said the database included reports on peaceful civilian protests and anti-war demonstrations that should have been deleted from the collection. The Pentagon said the reports were added inadvertently and it later changed procedures and added safeguards to keep reports on U.S. civilians out of the system.
Just a note on the passing of the paper report.
http://www.bespacific.com/mt/archives/014661.html
April 24, 2007
FERC Announces No More Printed Copies of the Federal Energy Guidelines
"The Federal Energy Regulatory Commission (FERC) has informed GPO that they are discontinuing printed copies of the Federal Energy Guidelines, including FERC Reports and FERC Statutes and Regulations on April 30, 2007. The Commission's official issuances and decisions will be made available to the public and the FDLP through eLibrary, the Commission's Electronic records Management system - available on the Commission's Website. The affected classes and item numbers are: E 2.17: FERC Reports; 0438-C and E 2.18: FERC Statutes & Regulations; 0438-C-01." [via GPO Access]
Free is good!
http://digg.com/software/Best_of_the_Best_Free_and_Open_Source_Software_Collection_OS_X_and_Windows
Best of the Best Free and Open Source Software Collection: OS X and Windows
this site literally has everything
http://www.digitaldarknet.net/thelist/index.php?page=windows
No comments:
Post a Comment