No notification required in Australia. Here's what happens...
http://www.techworld.nl/idgns/3056/hsbc-acts-to-stem-the-fallout-of-security-breach.html
HSBC acts to stem the fallout of security breach
Door: Sandra Rossi Computerworld Australia dinsdag 1 mei 2007
At long last, after weeks of stony silence and apparent mute indifference, the HSBC Bank finally acts!
Amid complaints by outraged account holders, the bank has taken action to deal with the fallout created when a serious security breach exposed records of more than a 100 of its customers.
... As reported in Computerworld, these confidential documents were found on a peak hour train in Sydney, left there by an HSBC employee.
But what made the situation worse was the bank's decision not to notify a single customer after the incident. Put simply the bank failed to act.
... Customers suspect the reason they weren't notified of the security breach has more to do with reputation protection (the bank's that is), than privacy protection.
If you think the customers are a tad cynical, then think again. When the bank finally did reach its painfully, slow, drawn out decision to act, what did it do?
HSBC chose to shoot the messenger.
That's right -- blame Computerworld for its predicament and take steps to gag this reporter. Surely that is the best way for HSBC to throw its support behind customers, right?
What a brilliant idea, try to bind the reporter in legal red tape and hollow threats so there are no more stories detailing security breaches at the bank. Problem solved! Not.
HSBC fired the first shot on Monday, April 23 sending a letter to Computerworld from its General Counsel.
HSBC had the audacity to write a letter expressing concern that this reporter had breached the Privacy Act by sighting the missing documents first hand.
Concerned that I am in possession of copies of the documents, HSBC was quick to demand their return by 5pm the very same day, or the bank "will not hesitate to take further action."
If only the bank had shown this level of concern for its customers, writing a brief letter notifying them when the incident first occurred.
But that incident didn't warrant any correspondence, yet HSBC seems to have fallen into a letter writing frenzy when it comes to Computerworld. I am reading my third letter in as many days. It seems I have become their favorite penpal.
Even more remarkable is letter number two which threatens to "seek damages" if I dare to contact any of their customers, especially those that had their financial details exposed in the security breach.
This is extraordinary because the only party in this debacle that has any right to seek damages is the customer who became a victim of HSBC's carelessness.
Nice of these folks to load the data into an easy to carry container...
http://content.hamptonroads.com/story.cfm?story=123820&ran=180020
Personal data stolen from Virginia agency
By CHRISTINA NUCKOLS, The Virginian-Pilot © May 1, 2007
RICHMOND - The names, addresses and Social Security numbers of 40,000 people were stolen last month from a state agency that serves elderly Virginians.
... Burcham said a computer and other equipment were stolen April 18 from the Richmond headquarters of the agency. She said a police investigation is pending and declined to give more details about the theft.
Notices were mailed to people in the database on April 26, eight days after the theft.
... Department officials said the client data is double-password-protected, but privacy advocates said that is not sufficient to safeguard personal information.
Minimum standards?
http://www.pogowasright.org/article.php?story=20070430172434317
GAO report targets data breach guidelines
Monday, April 30 2007 @ 05:24 PM CDT - Contributed by: PrivacyNews - Fed. Govt.
A U.S. Government Accountability Office (GAO) report issued Monday in response to a May 2006 data breach at the Department of Veterans Affairs says federal agencies should have uniform guidelines governing when to offer credit monitoring to individuals whose personal information is exposed.
Source - Network World
Related - GAO-07-657 {Full Report, PDF]
Related - GAO-07-657 [GAO Report Abstract]
Related - [GAO Report Highlights-PDF]
Originals are secured, copies are not!
http://pressherald.mainetoday.com/news/state/070501records.html
Data in Dumpster called 'disturbing'
Associated Press © Copyright 2007 Associated Press. Tuesday, May 1, 2007
AUGUSTA - A state official acknowledged Monday that a breakdown in security procedures caused personal information, including names and Social Security numbers, to be discarded in a Dumpster, where the records were uncovered by a television reporter. [New journalistic skill – dumpster diving! Bob]
The papers were found by WGME-TV, Portland, near the State Archives Records Center in Hallowell as part of an investigation about how state government handles personal information.
"What was discovered in the trash is certainly disturbing," said Secretary of State Matthew Dunlap, "but even though no laws were broken and the information uncovered could also be found in a variety of public records readily accessible to anyone who cares to look at them, this incident highlights a need -- for better tools for state employees and the implementation of additional policies and procedures to safeguard the personal information of Maine citizens."
More...
http://www.sunjournal.com/story/210197-3/MaineNews/Dumpster_discovery_raises_flag_on_ID_theft/
Dumpster discovery raises flag on ID theft
By Gregg Lagerquist and Judith Meyer , WGME 13 News Staff Sun Journal Managing editor/days Tuesday, May 1, 2007
HALLOWELL - In a parking lot Dumpster beside the state's Lottery Commission on Water Street there were enough discarded state records, including Social Security numbers, names and birth dates, to provide everything a would-be thief would need to steal dozens of identities.
... The News 13 investigation was launched after Maine's Health and Human Services Department issued an apology for unintentionally giving a half-dozen client records to a woman who had nothing to do with those cases.
... In a test of whether the state followed through on its pledge to better protect personal information, Lagerquist rifled through the contents of a Dumpster last week to see what kinds of records had been tossed there.
... He pulled all of the documents out of the Dumpster within two minutes and wasn't stopped by anyone from nearby state offices. In many cases, the documents were stamped "confidential" on their covers.
... Lagerquist shared what he found with Secretary of State Matt Dunlap.
"It's bad stuff," Dunlap said.
Dunlap, who supervises the state's record-keeping, acknowledged confidential documents "should be either in a locked Dumpster or shredded or somehow destroyed."
Maine law, according to the secretary of state's own rules for disposing local government records, requires that (unless otherwise specified by statute or rule), confidential records "may be destroyed by shredding, pulping, burning, burial or other effective means. The removal and destruction process shall be supervised by the official in whose custody the records are held in order to prevent the inadvertent removal and destruction of records of continuing value."
... The records Lagerquist found in the Dumpster were not original documents, but copies of documents forwarded through so-called inter-agency "transfer requests."
According to Dunlap, Maine treats original documents very carefully but secondary documents, like those in the Hallowell Dumpster, are not so carefully secured. He assured News 13 that the state would make changes to upgrade security for these secondary documents, changes that he started putting in place as soon as he learned of the security lapse.
The miracle continues!
http://www.bespacific.com/mt/archives/014715.html
April 30, 2007
Wiretaps Up Slightly in 2006
Federal Judiciary News Release: "A total of 1,839 orders were issued by federal and state courts in 2006 authorizing or approving the interception of wire, oral or electronic communications, also known as wiretaps. This is a 4 percent increase over the 1,773 orders issued in 2005, according to The 2006 Wiretap Report. The complete report contains information on interceptions concluded between January 1, 2006 and December 31, 2006. A summary of the authorized intercepts reported for calendar years 1996-2006 is availabe in Table 7."
[From the report: Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that reporting should reflect the number of wiretap applications granted for which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant to the court orders. In 2006, no instances were reported of encryption encountered during any federal or state wiretap.
They won't...
http://slashdot.org/article.pl?sid=07/04/30/1816247&from=rss
How Will Governments Keep Up With Technology?
Posted by ScuttleMonkey on Monday April 30, @03:58PM from the just-like-a-large-poorly-managed-corporation dept. The Internet Technology
Andy Updegrove writes "Governments are beginning to realize that perhaps the Internet really has changed everything, at least for them, and that they are going to have to deal with new responsibilities in this area. How will they deal with financial and medical data breaches? What can they do to ensure that first responders will be able to communicate the next time that terrorists strike in the Homeland, and how will the refugees of the next Katrina be able to access their electronic medical records? And what must governments do to ensure that public records will be available in fifty years, if they no longer maintain paper archives? Whether government should incline towards leading, following or simply getting out of the way [My personal choice... Bob] is a matter upon which there are likely to be strongly held differences of opinion. It's also likely, though, that government will not have the luxury of opting for the third choice in some of the areas just mentioned. How well government chooses among those roles, and how well it executes when it chooses to lead, will likely have a profound impact on our lives in the years ahead."
Worth reading the entire comedy...
No Spoliation Sanctions for “Missing” Porn on Police Computers
April 29th, 2007
Just a few weeks before trial the District Court in Orlando considered an “Emergency Motion” for spoliation sanctions against the defendant, City of Orlando, for alleged destruction of pornographic emails on police department computers. Floeter v. City of Orlando,2007 WL 486633 (M.D. F. Feb. 9. 2007). This is a sexual harassment and retaliation case where the plaintiff, a male undercover drug agent for the Orlando Police Department, complained about his female supervisor’s sexual advances, including viewing of x-rated emails on police department computers. Plaintiff complained, and was then, in his words, “disciplined and stripped of his job responsibilities.”
... The Administrator reported, however, that key hard drives could not be searched for various reasons, including an alleged hard drive crash and a re-imaging of another key hard drive after an upgrade to a new laptop. The re-imaging of the old drive made it forensically impossible to search for deleted or slack files. The re-imaging was standard procedure for a new computer replacement. The Magistrate who heard the testimony concerning these facts found the timing of the request for a new computer, resulting as it did in the complete destruction of all deleted data on the old computer, to be “certainly suspicious.”
The backup tapes the Administrator searched were also porn free as to these individuals. However, by the time of the search these tapes only went back to October 2005, seven months after suit was filed. This is because the City recycles its tapes every three months. Remarkably, the Court reports that:
There is no evidence that in-house nor outside counsel for the City ever issued a directive requiring that information which might be relevant to the issues in the case be preserved.
In a related story...
Trooper posted explicit photos of ex
Pleads guilty to harassment for placing images on sex site. He will quit the state police.
By Debbie Garlicki Of The Morning Call May 1, 2007
A state trooper who posted photographs of his former wife nude on a bondage and sadomasochistic Web site pleaded guilty Monday to harassment, a misdemeanor.
As part of the plea agreement, Luke J. Heller, 37, will resign from the state police on or before his sentencing date, June 18.
Heller, who worked for the state police for 14 years, was suspended without pay after authorities accused him of putting his ex-wife's photographs, occupation and date of birth on the site. It also contained a solicitation for people to contact her to engage in violent sexual acts.
... In January, Steinberg dismissed two felony charges -- unlawful use of a computer and criminal use of a communication facility -- after ruling that the statutes on those charges didn't apply to the evidence in the case.
It used to be that the aristocracy had servants who were so well trained they could do this without us noticing. Perhaps we want to return to that era – sans people.
http://yro.slashdot.org/article.pl?sid=07/04/30/2018232&from=rss
Buildings Could Save Energy By Spying On Workers
Posted by ScuttleMonkey on Monday April 30, @06:07PM from the tracking-everyone-driving-down-that-particular-sidewalk dept. Privacy Science
Galactic_grub writes "In the future, your place of work (or apartment) may very well spy on you. But that doesn't mean it'll be able to name and shame you for all your nasty habits. Researchers at Mitsubishi Electric Research Laboratory (MERL) have devised a 'dumb' surveillance system that monitors the movements of workers without identifying them individually. The idea is to have a computer system automatically configure the air-conditioning to save money, or illuminate the most appropriate escape signs in an emergency."
e-Discovery statistics...
http://www.eweek.com/article2/0,1759,2123982,00.asp?kc=EWRSS03119TX1K0000594
Report: E-Mail Archiving Becoming a Must
April 30, 2007 By Chris Preimesberger
Only about 14 percent of all corporate e-mail accounts are currently being backed up and archived for future access, but that number is going to shoot up to nearly 70 percent by the year 2011, according to a new storage industry study.
... People are sending and receiving more—and digitally heavier—e-mails now as opposed to past years, the study says. According to Radicati's research, in 2007 a typical corporate account generates about 18MB of mail and attachments per business day, or about 4.3GB of electronic data per user/per year.
This number is expected to grow to over 28MB per day (or 6.7GB per year) by 2011, Radicati said.
"Without an archiving record of all relevant messages, regulated companies can be heavily penalized," said Sara Radicati, president and CEO of The Radicati Group.
"Today, there is no good alternative to an interactive archiving solution to help companies properly store electronic messages."
This has been borne out in recent weeks in the ongoing Intel-AMD antitrust lawsuit, in which Intel was unable to come up with some 1,000 e-mails judged to be in evidence by the federal court.
... "Instant messaging is especially popular in the banking and securities industries," Radicati told eWEEK. "It's standard now to make trading deals via instant message. And companies certainly want to keep all those communications."
... The study, "E-Mail Archiving Market, 2007-2011," provides market size, four-year forecasts and regional breakouts. It also discusses legislative and technology issues of the archiving market and provides an analysis of the leading archiving vendors and service providers, Radicati said.
To order a copy of the study, visit the Radicati Web site here.
Die, DRM die?
http://apple.slashdot.org/article.pl?sid=07/04/30/2225246&from=rss
Apple To Grant All Labels DRM-Free Distribution
Posted by kdawson on Monday April 30, @07:06PM from the you-asked-for-it dept. Music Encryption Media (Apple) Apple
SexCaptain writes "MacRumors.com reveals a letter circulated by Apple to all producers of content for the iTunes Store, announcing that from May onward they can sell their music at higher quality and free of DRM. Hopefully this opens the doors for labels like Netwerk. This is a big step in the right direction, although it's unclear exactly what Apple means by 'higher quality,' and there is no mention of price changes. (Apple charges $0.30 more per song for DRM-free content from EMI and encodes it at 256K.) Quoting from the letter: 'Many of you have reached out to iTunes to find out how you can make your songs available higher quality and DRM-free," Apple wrote in the communication. "Starting next month, iTunes will begin offering higher-quality, DRM-free music and DRM-free music videos to all customers."
Checking for clients or companies you deal with might be a good idea! (sic the Class Action lawyers on them?)
http://it.slashdot.org/article.pl?sid=07/04/30/2340255&from=rss
Exposing Bots In Big Companies
Posted by kdawson on Monday April 30, @10:24PM from the pwned dept.
CalicoPenny let us know about yet another "30 days" effort, this one to name the names of major companies infected with spam-spewing bots. Support Intelligence began the effort on March 28, out of frustration at not being able to attract the attention of anyone who could fix the problems at these companies. While they haven't named 30 companies over the ensuing month, they did name some prominent ones, such as Thompson Financial, Bank of America, and AIG. The scary part is that if a bot can spam it can capture keystrokes or troll for interesting documents.
Strategy? More like Panic.
http://yro.slashdot.org/article.pl?sid=07/05/01/0246241&from=rss
SCO Wanted To Gag Torvalds, Moglen
Posted by kdawson on Tuesday May 01, @02:14AM from the can't-say-that dept.
An anonymous reader passes on word of court documents filed by IBM on Friday. The documents contain a copy of a letter, dated 2004, from SCO to IBM's lawyers stating that they tried to keep Linus Torvalds from making disparaging public statements about SCO, speculating erroneously that IBM was the principal funder of OSDL, where Torvalds worked at the time. Quoting: "The company also tried to silence Eben Moglen, the Columbia University professor who, until this month, was a director of the Free Software Foundation, and Eric Raymond, a controversial open-source advocate, saying they claimed to be IBM consultants."
No comments:
Post a Comment