Saturday, December 01, 2007

In with a bang, out with a whimper... Someone at TJX had the right strategy (and the nerve) to make this potential disaster a minor bump in the road. Might make a great case study!

http://www.pogowasright.org/article.php?story=20071130103352988

(follow-up)TJX settles with Visa, Fifth Third Bank

Friday, November 30 2007 @ 10:33 AM EST Contributed by: PrivacyNews News Section: Breaches

TJX Companies Inc. said Friday it reached a settlement with Visa Inc. and Fifth Third Bancorp for potential claims regarding a massive security breach that put consumers' credit card data at risk.

The discount clothing retailer will pay up to $40.9 million in pre-tax recovery payments to eligible U.S. Visa issuers who issued payment card accounts identified to Visa by Fifth Third or TJX. At least 80 percent of the issuers must accept by Dec. 19 for the settlement to finalize.

... The company said in September it had settled customer class action lawsuits in the United States, Canada and Puerto Rico. It did not specify the settlement cost, but noted that its estimated costs were included in a $107 million reserve included in its second-quarter report for fiscal 2008 and its estimate of $21 million in costs expected in fiscal 2009. The $107 million figure includes costs from other lawsuits not included in the customer class actions, the Framingham, Mass.-based company said.

Source - CNN Money

Related - Visa and TJX Agree to Provide U.S. Issuers up to $40.9 Million for Data Breach Claims (Press Release)



This is a good group to target.

http://www.pogowasright.org/article.php?story=2007113010382233

MA: 150,000 Bay State seniors notified of Prescription Advantage security breach

Friday, November 30 2007 @ 10:38 AM EST Contributed by: PrivacyNews News Section: Breaches

Thousands of senior citizens are being notified of a security breach at the state’s Prescription Advantage program that could lead to their identities being hijacked.

The breach was detected in late August and appears to be limited to a handful of members enrolled in the state’s prescription drug insurance plan for seniors, state officials said.

[...] Ms. Goodwin confirmed that a perpetrator was caught and charged, but she declined to identify the individual or to say if the suspect worked for the Prescription Advantage program.

Source - SouthCoastToday.com



Summarize the data. Too much detail is easy to match to individuals.

http://techdirt.com/articles/20071130/114005.shtml

There's No Such Thing As An Anonymized Dataset

from the statistical-analysis dept

Slashdot reports that a pair of computer scientists have figured out how to de-anonymize the "anonymous" data set that Netflix released as part of its million-dollar contest to improve its recommendation algorithm. The researchers found that the set of less-popular movies a user has rated tends to uniquely identify that user. By comparing movie ratings on IMDB with the ratings in the Netflix data set, the researchers were often able to uniquely pair a particular IMDB user with a corresponding Netflix user. And that meant the researcher would instantly have access to all of the user's Netflix ratings, which Netflix users presumably expected to remain private. While movie ratings might seem innocuous at first glance, the authors point out that one's movie ratings can often reveal potentially embarrassing personal details, including a user's views on politics, religion, and homosexuality. This isn't the first time a company has released "anonymous" data regarding its users that turned out not to be so anonymous. Last year, AOL got in a lot of hot water when it released a data set of search queries that turned out to be quite easy to link back to the users conducting the searches. The lesson here is that companies should be very reluctant to release private customer data, even if they believe they have "anonymized" it. Anonymization is surprisingly difficult, and you can never be sure you've done it successfully; it's always possible that someone will find a way to link records back to the people they represent. Wherever possible, companies needing to release data should either aggregate it in a way that avoids revealing information about individuals, or they should carefully limit who has access to the data sets, to avoid having the data sets become publicly available. Simply stripping out the "username" field doesn't cut it.



Everything you ever wanted to know...

http://jurist.law.pitt.edu/monitor/2007/11/terrorism-congress-and-president.php

Terrorism, Congress and the President [Harvard Law School]

Wednesday, November 14, 2007 9:46 PM ET

Dealing with Terrorism: What Congress and the President Should Do, Harvard Law School, November 14, 2007 [discussing what changes they think should be adopted to better deal with the legal issues that have become controversial in dealing with the war on terror, including interrogation techniques, detention facilities, surveillance, and torture]. 1 hr. 22 minutes. Additional event details here. Watch recorded video.



For my web site class (I got 21 hits for Dave Brubeck)

http://www.killerstartups.com/Web-App-Tools/WuZAMcom---Download-MP3s-For-Free/

WuZAM.com - Download MP3's For Free

WuZAM.com is a site where you can search for your favorite songs and artist and download free MP3’s.

http://www.wuzam.com/

No comments: