Thursday, May 22, 2008

Another ratio question. Does Tennessee represent only 1/200ths of their business?

http://www.phiprivacy.net/?p=418

HealthSpring says laptop with personal data stolen

Wendy Lee reports: May-22-2008

Nashville-based managed care company HealthSpring Inc. said Wednesday a laptop computer containing personal information of about 450 state residents was stolen in March.

The laptop, believed to contain names, dates of birth and social security numbers of about 9,000 individuals, was stolen from a HealthSpring employee’s locked car on March 30 in Houston, the company said.

[...]The stolen laptop was password protected but not encrypted….

Full story - The Tennessean



Interesting only for the Colorado connection

http://www.pogowasright.org/article.php?story=20080522054254263

NJ: ID thieves hit Elmer auto dealer employees

Thursday, May 22 2008 @ 05:42 AM EDT Contributed by: PrivacyNews News Section: Breaches

Several employees at Country Ford in Elmer, including owner Brent Lilliston, were apparently victims of identity thieves, the auto dealer said Wednesday.

As many as 11 service technicians were affected by an information breach that stretches back at least six months, one of the victims said.

Service technician Colt Gibson, 24, of Crest Avenue in Millville, reported the incident to police Tuesday. He indicated it occurred several months ago and this week he was notified that someone used his name to apply for a Kohl's credit card but was turned down because Gibson had put a lock on his credit report.

In a telephone interview Wednesday afternoon, Gibson said names, addresses, Social Security numbers and home phone numbers of the 11 technicians "somehow ended up in Colorado."

Source - The Daily Journal

[From the article:

"We have no idea how it happened," Gibson said.

... "It looks like the information was taken from years ago and in the last six months things started to pop," Nelson said.

... When he filed the police report, Gibson told investigators the dealership assured its employees the security breach had been eliminated. [Even though “we have no idea how it happened?” Bob



Why would this device be more secure than any other?

http://www.pogowasright.org/article.php?story=20080521070204808

iPhone forensics toolkit raises questions about privacy

Wednesday, May 21 2008 @ 07:02 AM EDT Contributed by: PrivacyNews News Section: Other Privacy News

You may have reason to worry about your personal data resurfacing if you've returned an iPhone back to the Apple Store or sold it on eBay. It appears one developer discovered a serious privacy issue with refurbished iPhones after creating a forensics toolkit that allowed him to recover deleted email, contact information, and other personal data previously stored on his iPhone.

On his website, Jonathan Zdziarski describes how this is possible.

Source - Yahoo! Tech

[From the article:

This means that while the average Joe may not have the know-how to recover deleted files yet, someone who does can easily have access to any data you've ever stored on the phone.


Now this is NOT new, so what's their excuse? (and wouldn't they still need to disclose the “breach?”)

http://www.pogowasright.org/article.php?story=20080521083712396

OKC buyer finds sensitive information on server

Wednesday, May 21 2008 @ 08:37 AM EDT Contributed by: PrivacyNews News Section: Breaches

The Oklahoma Corporation Commission is removing hard drives from all surplus computer equipment after a server containing the names and Social Security numbers of thousands of residents was sold at an auction recently.

Oklahoma City resident Joe Sills discovered more than 5,000 Social Security numbers after purchasing the server and other surplus state computer equipment at an auction last month.

Source - Tulsa World



When AG's start making noises like this, it could mean 1) they are running for re-election, 2) they want to make a “name” as 'tough on corporations' in preparation for a run for Governor or 3) their name was on that tape.

http://www.pogowasright.org/article.php?story=20080521142150916

People's customers' data lost (update1)

Wednesday, May 21 2008 @ 02:21 PM EDT Contributed by: PrivacyNews News Section: Breaches

Connecticut Attorney General Richard Blumenthal warned today that thousands of state residents' Social Security numbers and bank account information may have been lost when unencrypted computer back-up tapes disappeared in February.

According to Blumenthal, account holders and share owners of People's United Bank are among the 4.5 million consumers whose personal data was on the tapes.

Blumenthal demanded more information about the incident in a letter to Steven Dalmatch, general counsel of The Bank of New York Mellon Shareowner Services. A spokesman for People's United could not be immediately reached for comment.

Source - Connecticut Post

Related - Statement of Connecticut Attorney General: Data breach at New York bank possibly affecting hundreds of thousands of CT consumers
Related - AP: Bank of N.Y. works with attorney general on security breach
Related - The Day: Bank data breach exposes information on 4.5 million accounts
Related - WTNH: Security breach exposes Social Security, bank account numbers
Previous coverage on PogoWasRight.org: here and here



So where do I go for a refund? A case of “undue reliance?” How do you differentiate between stupidity and criminal intent? (The comments are very interesting...)

http://it.slashdot.org/article.pl?sid=08/05/21/2045247&from=rss

Coding Flaws Caused Moody's Debt Rating Errors

Posted by timothy on Wednesday May 21, @05:31PM from the uh-oh-spaghettios dept. Bug Programming The Almighty Buck News

An anonymous reader writes

"The Financial Times has the story that billions in incorrect AAA ratings given out by Moody's were the result of a coding error in its computer models. 'Internal Moody's documents seen by the FT show that some senior staff within the credit agency knew early in 2007 that products rated the previous year had received top-notch triple A ratings and that, after a computer coding error was corrected, their ratings should have been up to four notches lower.'"



Google's spin on the issue...

http://googlepublicpolicy.blogspot.com/2008/05/google-health-privacy-and-hipaa.html

Google Health, privacy, and HIPAA

Monday, May 19, 2008 at 6:32 PM Posted by Mike Yang, Senior Product Counsel

... Unlike a doctor or health plan, Google Health is not regulated by HIPAA because Google does not provide health care services.



Interesting. By the same logic, would you go to jail if I claimed YOU had child porn? (Is one free speech and the other crying “Fire” in a crowded theater?)

http://techdirt.com/articles/20080520/1749381182.shtml

Supreme Court Says Telling People You Have Child Porn Is Illegal... Even If You Don't Have It

from the something-doesn't-seem-right-there dept

I certainly have absolutely no problem with the government going after folks involved in child pornography. [Amen! Bob] However, they shouldn't stretch the laws so far as to make it ridiculous. Unfortunately, however, it looks like the Supreme Court is allowing them to do so. In a recent decision, the Supreme Court okayed a law that makes it illegal to simply try to convince someone else that child pornography is available -- even if it is not. That is, merely telling someone that there is child pornography at a certain link could be considered illegal. Two justices dissented, but seven said the law was fine. The lower court seemed to have it right, noting how problematic it was that this law would apply to "any promoter -- be they a braggart, exaggerator, or outright liar -- who claims to have illegal pornography." However, the justices, led by Justice Scalia, seem to say that the law would only be used in cases where it made sense. Of course, given how often we see laws twisted beyond their original purpose, this seems difficult to believe.



Better than nothing. I wonder how they prioritize?

http://www.pogowasright.org/article.php?story=20080522060742733

Feds encrypt 800,000 laptops; 1.2 million to go

Thursday, May 22 2008 @ 06:07 AM EDT Contributed by: PrivacyNews News Section: Fed. Govt.

In the last year, agencies have purchased 800,000 licenses for encryption software through the federal Data at Rest (DAR) Encryption program, which is run jointly by the General Services Administration and the U.S. Department of Defense.

... While sales on the DAR Encryption program are stronger than anticipated, federal officials admit they haven’t secured all of their laptops, handhelds and removable drives yet.

``It was originally thought that there would be about 1 million laptops in DoD and one million in civilian agencies. We roughly came up with the number of 2 million laptops. However that number is informal. It’s constantly being expanded and contracted,’’ says David Hollis, program manager for the Defense Department’s Data at Rest Tiger Team.

Source - NetworkWorld


If the UK's National Health Service alone has 700,000 devices, the the US Government-wide estimate of 2,000,000 suspect?

http://www.pogowasright.org/article.php?story=2008052206123147

UK: NHS to encrypt 700,000 devices

Thursday, May 22 2008 @ 06:12 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Connecting for Health, the NHS agency behind the troubled National Programme for IT, is to purchase 700,000 encryption licences for its desktop PCs, laptops and smartphones.

The encryption software, which will be provided by McAfee, should help limit the impact of any further data loss.

Source - SC Magazine Thanks to Brian Honan for this link.



The saga continues...

http://tech.slashdot.org/article.pl?sid=08/05/21/2211201&from=rss

Feds Now Allowed to Use Internet

Posted by samzenpus on Wednesday May 21, @07:35PM from the welcome-to-the-web dept. The Internet It's funny. Laugh. Security

fast66 writes

"Nextgov reports that a new court order allows the Department of the Interior to connect to the Internet, six years after the federal agency was ordered to disconnect. District Judge James Robertson said, "I find that the consent order is of no further use and must be vacated," Robertson wrote in his ruling. "The . . . disconnected offices and bureaus may be connected." He added that his ruling was based not on evidence but "on a legal conclusion that it is not my role to weigh IT security risks."

[Robertson's ruling:

http://www.usdoj.gov/civil/cases/cobell/docs/pdf/05142008_order.pdf



It isn't always wise to be on the cutting (bleeding?) edge.

http://www.law.wisc.edu/blogs/wisblawg/2008/05/twitter_and_the_legal_professi.html

Twitter and the Legal Profession

There has been a lot of discussion lately about Twitter and its applications for the legal profession. Twitter is a free micro-blog service in which people answer the question "What are you doing?" in 140 characters or less.

Although many have questioned whether such a tool could have any practical application at all, for better or worse, some enterprising individuals have indeed applied it in legal settings. Here's a sample of some of the ways in which Twitter is being used:

  • Live Coverage from the Courtroom - From journalists:
    From the ABA Journal:



Way to go, Judge! (No one else is teaching cell phone etiquette ...)

http://www.news.com.au/story/0,23599,23735155-421,00.html

Teenage boy jailed for taking call in court

By Phoebe Stewart May 21, 2008 02:53pm

A MAGISTRATE has jailed a teen for answering his mobile phone in court.



How I grade my students.

http://www.phdcomics.com/comics/archive/phd051608s.gif

No comments: