Thursday, April 05, 2007

Due to a hack into a server?

http://www.pogowasright.org/article.php?story=20070404131654687

UCSF reports possible compromise in computer security

Wednesday, April 04 2007 @ 01:16 PM CDT - Contributed by: Lyger - Breaches

UCSF is notifying students, faculty, and staff that their personal information may have been accessed by an unauthorized party due to a possible compromise in security of a computer server. The server did not contain any patient names or patient information.

As a precautionary measure, the University is contacting about 46,000 individuals to alert them to look for signs of identity theft and advise them of steps to protect personal information. The contact list is comprised of students, faculty, and staff associated with UCSF or UCSF Medical Center over the past two years.

Source - UCSF News Office
Related - UCSF Establishes Identity Theft Website, Hotline



An easy way to look like your “doing something?”

http://www.pogowasright.org/article.php?story=2007040413491438

TX: Attorney general's dumpster-diving snares third big score

Wednesday, April 04 2007 @ 01:49 PM CDT - Contributed by: PrivacyNews - Breaches

Companies in Texas should soon start to get the message that attorney general Greg Abbott is growing a little edgy about identity theft. In some cases, like Fort Worth-based electronics-retailing giant RadioShack, it might come the hard way.

And several weeks ago Abbott landed a one-two punch on identity protection by charging two companies on consecutive days for very similar breaches to those alleged against RadioShack.

Talent agency On Track Modeling in Grand Prairie was charged with abandoning confidential client records March 13. Dallas-based Jones Beauty College improperly discarded documents containing SSNs, Abbott alleged the next day.

Source - Legal Newsline



Not uncommon...

http://www.timesdaily.com/apps/pbcs.dll/article?AID=/20070404/APF/704043724

AP Newsbreak: State Web site contains data for ID thieves

By KEN MAGUIRE Associated Press Writer Last Updated:April 04. 2007 3:16PM Published: April 04. 2007 3:16PM

An array of personal information that can be used by identity thieves is freely available on the Web site of Secretary of State William Galvin, who recently criticized Gov. Deval Patrick for failing to protect information about voters on his campaign's site.

Social Security numbers, bank account numbers, home addresses and phone numbers can be viewed with a few clicks, and Galvin said Wednesday he doesn't plan to immediately remove the information because he's launching a software program to start the process within weeks.

"It's totally unacceptable that they are contemplating leaving it up," said Betty Ostergren, a Virginia-based privacy advocate. "Once they realize it's a veritable treasure trove, identity thieves will flock to it. They need to shut the links down."

Galvin refused to do so.

"This is standard practice in the business world," he said. "It's necessary for commerce. There are people who are reliant upon this system."

... The information is put online to make it easier for lenders to access it. There is no security, though, to prevent anyone else from viewing the information.

... Nonetheless, he said people know they are signing a public document when they agree to such loans.



Who ya gonna call?” Perhaps TJX should have asked the DMVs in these states?

http://www.krnv.com/Global/story.asp?S=6326676&nav=8faO

Nevada DMV Asks Worried TJ Maxx Customers Not to Call

CARSON CITY April 4, 2007 02:52 PM

The Nevada Department of Motor Vehicles says customers concerned about a security breach at TJ Maxx stores nationwide should not contact them if they are worried their driver's license numbers have been compromised.

DMV officials say the security breach included license numbers only for customers who returned merchandise without a receipt to TJ Maxx, Marshalls or HomeGoods in the final four months of 2003 and May or June of 2004. And DMV officials add that a driver's license number alone is not an effective means of identity theft, and does not give an identity thief the opportunity to access or alter someone's driving record.

The DMV says it is getting an influx of calls from customers who were advised to contact several agencies in light of the breach. Officials recommend instead following the advice of the Federal Trade Commission.


http://www.wcsh6.com/news/article.aspx?storyid=56856

2,283 Mainers Affected By Security Breach

Web Editor: Rhonda Erskine, Online Content Producer Last Updated: 4/4/2007 3:08:39 PM

Nearly 2,300 Mainers may have had their drivers' license numbers and other personal ID numbers stolen by computer hackers who got TJX companies records. TJX owns retailers TJ Maxx, Marshalls, HomeGoods and AJ Wright.

Maine Secretary of State Matthew Dunlap says investigations continue into what's called the largest security breach affecting a retailer.

Dunlap says the company's learned that driver's license information, state ID numbers, and military ID numbers may have been stolen. It also tells the state that 2,283 Mainers may be affected.

Dunlap says that no one who has a stolen Maine driver's license number has access to any financial information by way of the state's computer systems. He also says no financial information is stored on the state license database.

TJX has sent letters to all Maine residents who may have been affected by the data theft. They're being advised to contact the Bureau of Motor Vehicles to minimize risks created by that situation.



Wouldn't this be a job for a “virtual lawyer?”

http://techdirt.com/articles/20070404/071904.shtml

If Gambling In Virtual Worlds Is Illegal, Does The Avatar Get Arrested?

from the the-mind-boggles dept

In the past year or so, establishing a presence in Second Life has become a popular way for companies to get some media attention and establish their Web 2.0 cred. The latest to enter the virtual world isn't a company, but the FBI, which, on the invitation of Linden Lab, is looking around to see if anything untoward is going on in there. Of particular interest to the FBI are the in-game casinos, where people gamble Linden Dollars that can be exchanged for real money. At the moment, this is something of a end run around the laws aimed at blocking online gambling. With so many arrests of online gambling executives, Linden Lab seems concerned about the legality of its own operations, and has smartly sought an opinion from the government on whether it's breaking any laws. Of course, this question just opens up a huge can of worms about the relationship between real world law and in-game play. Meanwhile, now that the government has entered the virtual world, it's comforting to know that Reuters has a full-time reporter there, just to keep it in check.



Where is the line?

http://www.pogowasright.org/article.php?story=20070404134647123

Monitoring of employee breached human rights, says European court

Wednesday, April 04 2007 @ 01:46 PM CDT - Contributed by: PrivacyNews - Non-U.S. News

The monitoring by a Welsh college of an employee's email, phone and internet use was a breach of her human rights, the European Court of Human Rights has ruled. The UK Government must pay £3,000 damages and legal costs in the case.

Lynette Copland said that her email traffic, internet activity and telephone usage were all monitored by the deputy prinicipal of Carmarthenshire College or his staff in a manner that breached her rights to a private life as enshrined in the European Convention on Human Rights.

Copland took a case against the Government that the activity breached her rights under Article 8 of the Convention, which says that "everyone has the right to respect for his private and family life, his home and his correspondence". Her case was against the government because Carmarthern College is a publicly funded body.

Source - Out-Law.com

[From the article: "The Court is not convinced by the Government's submission that the College was authorised under its statutory powers to do 'anything necessary or expedient' for the purposes of providing higher and further education, and finds the argument unpersuasive," said the Court's ruling.

... "According to the Court's case-law, telephone calls from business premises are prima facie covered by the notions of 'private life' and 'correspondence' for the purposes of article eight," said the Court's ruling. "It follows logically that emails sent from work should be similarly protected under article eight, as should information derived from the monitoring of personal internet usage."



This has potential...

http://www.technewsworld.com/rsstory/56683.html

Making the Grade in Podcasting Class

By Leah Etling The Tribune 04/04/07 4:00 AM PT

Gary Bissell, a high school computer science teacher in Atascadero, Calif., has proposed a new class to add to his school's curriculum: Podcasting. "Public speaking is involved, audio editing, script writing, organization and presentation," Bissell said. Now that today's students have been with computers all their lives, Bissell said, schools need to teach more than the basics.


...after all, there is money to be made! ($295 per)

http://www.pr.com/press-release/34860

GLBA Compliance Workshop Offered on BankInfoSecurity.com

This webinar will explain how financial institutions can best maintain compliance with the Gramm-Leach-Bliley Act Section 501(b). In light of the recent TJX data breach, this is a webinar worth attending.

Princeton, NJ, April 05, 2007 --(PR.com)-- In many ways, the most significant challenges presented by Section 501(b) are those that are non-technical such as conducting an enterprise-wide Information Security Risk Assessment and the requirements to engage the Board of Directors in the ongoing management of operational risk. This workshop will expand on many of these areas and present practical and proven approaches many institutions have adopted in order to comply with Section 501(B) of GLBA and Section 216 of Fair and Accurate Credit Transaction Act. This webinar will be offered on Thursday, April 12 on BankInfoSecurity.com.

... For additional information about the BankInfoSecurity.com GLBA Compliance webinar, please visit: http://www.bankinfosecurity.com/webinarsDetails.php?webinarID=19

### Contact Information BankInfoSecurity.com Linda McGlasson 609-356-1499

lmcglasson@bankinfosecurity.com www.bankinfosecurity.com

No comments: