I think they would have preferred the traditional pen. NOTE: The electronic tax filing system has a major bug. If I can file one fraudulent return I can automate the process and file hundreds.
http://www.pogowasright.org/article.php?story=20080404173228638
CA: UCI students report their identities stolen
Friday, April 04 2008 @ 05:32 PM EDT Contributed by: PrivacyNews News Section: Breaches
At least 90 University of California, Irvine graduate students have reported to campus police that they were the victims of identity theft, by people who fraudulently filed tax returns using their names and social security numbers to collect refunds, campus officials confirmed today.
Most students discovered the thefts when they tried to file their tax returns electronically, and were informed by the IRS that their returns had already been filed, officials said. [Interesting that the IRS issues refunds before confirming that the recipient is real. Don't they have the ability to match income reported on a return with the employer's W2's? Bob]
Source - OCRegister
[From the article:
"UCI is trying to keep it out of the press because it looks horrible for them, but either (an employee) did this, or someone they contracted with did this and they don't want to create mass panic, but this is the kind of thing you should be panicked about."
... Casey said she was told that information was potentially breached on 4,500 graduate students and that the thieves may have set up a fake company to file phony tax returns.
“We have no control over our contractors?”
http://www.pogowasright.org/article.php?story=20080404194244975
Laptop stolen from Pfizer contractor puts employee data at risk
Friday, April 04 2008 @ 07:42 PM EDT Contributed by: PrivacyNews News Section: Breaches
Attorneys for Pfizer, Inc. have notified the NH DOJ [pdf] that on February 7, a laptop belonging to a contractor who assists with travel and meetings arrangements for Pfizer employees was stolen from the contractor's home during a burglary.
According to letter from Bernard Nash of Dickstein Shapiro LLP, analysis of a backup drive [Cheaper than a continuous inventory of data locations? How old is the backup? Bob] indicated that the stolen laptop contained information about approximately 800 individuals, including approximately 3 residents of New Hampshire. A forensic review indicated that the information on the stolen laptop included "names and credit card numbers, as well as, in some instances, credit card expiration dates, home and/or business addresses, home and/or business and/or cell phone numbers, personal and/or business e-mail addresses, hotel loyalty program numbers and other travel and logistics information." Although the forensic review was not completed by the time of notification, [Obviously, this is a slower method. Bob] no SSN appear to have been on the laptop, nor any PIN numbers.
Nash's letter indicated that although Pfizer's incident did not appear to meet the notification trigger for New Hampshire, Pfizer had elected to notify individuals. They have also arranged for a two-year package of credit-protection services and identity theft insurance for affected individuals.
It's not always contractors.
http://www.pogowasright.org/article.php?story=20080404195321776
Laptop stolen from employee's home held employee data for Griffin Electric
Friday, April 04 2008 @ 07:53 PM EDT Contributed by: PrivacyNews News Section: Breaches
Griffin Electric, Inc. has notified the NH DOJ [pdf] that a a password-protected [Oxymoron Bob] company laptop computer and company health plan insurance invoices were stolen from an employee's home during the weekend of March 15. The breach affected an unspecified number of employees, including approximately 55 New Hampshire residents.
According to the notification letter to employees, the laptop contained the names of certain employees, their social security numbers, and dates of birth. The health insurance paper invoices listed employee names and social security numbers, although those security numbers were identified as "sub. numbers" and not "social security numbers." The invoices did not include any personal medical information, addresses or dates of birth.
Griffin Electric indicated that they planned to arrange for credit monitoring services, and had contacted the health insurance vendor to have them change the employee information printed on their invoices. [The invoices violated HIPAA? Bob]
How was this accidental?
http://www.pogowasright.org/article.php?story=20080404201005665
Oops - please give us back $985.44 and all of the employee data we sent you by mistake
Friday, April 04 2008 @ 08:10 PM EDT Contributed by: PrivacyNews News Section: Breaches
Eastern Sales and Marketing New England has notified the NH DOJ [pdf[ that in corresponding with a former employee over monies they had paid her in error, they inadvertently disclosed the name, bank identification number and bank account number of 137 of current and former employees.
According to John Buckley, Chairman of ESMNE, "The employee who received the inadvertent disclosure returned the documents to ESMNE and stated that she does not want any of the inadvertently disclosed information in her possession."
ESMNE notified all affected individuals, but did offer free credit monitoring.
It's not always data on a computer that gets lost, and the trash receptacle isn't always “secure storage.” (See next article)
http://www.pogowasright.org/article.php?story=20080404161356407
Gov't loses thousands of staff records (updated)
Friday, April 04 2008 @ 04:13 PM EDT Contributed by: PrivacyNews News Section: Breaches
A three-ring binder containing the personal records of nearly 3,000 former federal employees is missing. But the government says not to worry -- because it was probably accidentally thrown out with the trash.
The Federal Energy Regulatory Commission said on Friday that the binder, which first went missing last month, contained Social Security numbers of employees who left the agency between 1983 and 2007.
Source - Interactive Investor
PogoWasRight.org editorial comment: interesting that a UK site picked up the story that wasn't on any US site yet -- Dissent
Update: The FERC has a press release about the incident on their site.
How valuable is your trash?
http://www.pogowasright.org/article.php?story=20080405075944492
SC: Trash with personal information stolen
Saturday, April 05 2008 @ 07:59 AM EDT Contributed by: PrivacyNews News Section: Breaches
An employee of Spartanburg insurance company Seguros Internacionales reported bags of trash containing personal client information were stolen this week.
The employee, 21, said sometime between Wednesday evening and Thursday morning an unknown person or persons rummaged through bags of trash outside of the 7980 Asheville Highway store.
She said three trash bags containing finished tax returns, I-10 forms, insurance forms and check receipts were stolen. The paperwork included copies of driver's licenses, birth certificates and other personal information. None of the papers were shredded before they were thrown away.
Source - GoUpstate.com
Trash for hackers.
http://www.pogowasright.org/article.php?story=20080405075314614
AU: Royal Perth Hospital dump computers, patient details
Saturday, April 05 2008 @ 07:53 AM EDT Contributed by: PrivacyNews News Section: Breaches
CONFIDENTIAL patient details are being left on old computers dumped in an open skip bin in a busy laneway at Royal Perth Hospital.
Personal information, including patient names and addresses, dates of birth, medical conditions and patient numbers, was accessed with ease by The Sunday Times this week.
Sources say up to 500 computers have been dumped in the bin, pending collection, since November.
Source - Perth Now
[From the article:
Government sources tipped off The Sunday Times about the slack security because they were furious that patients' personal information was left out in the open.
Resource?
http://www.pogowasright.org/article.php?story=20080404164810956
RESOURCE: For businesses that have a breach
Friday, April 04 2008 @ 04:48 PM EDT Contributed by: PrivacyNews News Section: Breaches
It's becoming an almost hourly occurrence for me (Dissent, a/k/a the Caped Crusader for Privacy) to see press releases from commercial outfits that offer their services to businesses to help prevent or respond to breaches, or to comment on them.
One of the lesser known resources for dealing with breaches may be the Identity Theft Resource Center's "Breach Response Program," and I thought I'd mention them on this site because businesses may want to know about them.
The Identity Theft Resource Center, a nonprofit organization, has consistently held the view that both consumers and businesses are the dual victims of identity theft. As part of its outreach program to companies and governmental agencies, ITRC provides Breach Response Services including recommendations for notification letters, first responder call center training, website FAQs, and assistance in establishing clear communications by the breached entity.
Unlike many commercial services that will only help you if you buy their product or contract with them, ITRC does NOT require the purchase of consumer products as a pre-requisite for ITRC providing breach response services.
If you find your company in the unenviable position of having to deal with a breach, this nonprofit can be reached at itrc[at]idtheftcenter.org or 858-693-7935 x 101, or contact them through their web site at www.idtheftcenter.org, and do consider them when trying to determine where and how to get help.
Good to see this is working. Interesting that there were no reports of terrorists detected.
http://www.pogowasright.org/article.php?story=2008040414432095
TSA Deploys Airport Behavior Screeners
Friday, April 04 2008 @ 02:43 PM EDT Contributed by: PrivacyNews News Section: Fed. Govt.
To the untrained eye, the man looked like any other traveler as he waited in line at Kennedy Airport. But something about the way he was acting caught the attention of two security screeners.
For 16 minutes, they questioned him, scanned every inch of his body twice with a metal-detecting wand and emptied his carry-on bag onto a table. Out came a car stereo with wires dangling from it.
... Of the more than 104,000 air travelers who were plucked out of security lines and subjected to a more intense level of screening because of something suspicious in their demeanor, fewer than 700 were ultimately arrested, officials said.
Many more -- about 9,300 -- revealed something during the screening process that caused the TSA to call in law enforcement for a more thorough investigation.
Source - Newsday http://www.newsday.com/news/nationworld/nation/wire/sns-ap-airports-behavior-agents,0,5978041.story
This is an interesting idea. I wonder how hard US companies would lobby to keep this from happening here? Also interesting to see who wouldn't comply and what excuse they offered.
http://www.pogowasright.org/article.php?story=20080404191023932
UK: The John Harris files
Friday, April 04 2008 @ 07:10 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News
For the past couple of months, fragments of my past have been regularly dropping through the letterbox, contained in A4 envelopes.
I didn't remember buying the autobiography of the US basketball star Dennis Rodman from Amazon on February 19 2000, but according to the bumf they sent me - and, in actual fact, my bookshelves - that's what happened. When I opened a package from the Identity and Passport Service, I found a murky photocopy of a form I'd filled in 22 years ago. My old postcodes and telephone numbers regularly flashed in front of my eyes; thanks to the DVLA, I was reminded not only of all my past parking fines, but the fact that my secondhand Volkswagen Golf clocked up its first mileage in and around Basingstoke.
The AA, bless them, sent me the full transcript of a conversation I had in June 2007 with an operative called Julie (an illustrative excerpt: "We're at home and our car won't start. I assume it's the battery"; "Right, smashing. We'll get some help to you there.")
This is what happens when you make a list of the companies and organisations with whom you regularly deal and put in subject access requests - an opportunity afforded by the 1998 Data Protection Act (DPA), whereby anyone with access to paper and envelopes (and, more often than not, a £10 cheque) can write to an organisation's data protection officer, and demand to see the information held on them.
Source - Guardian
Gartner is well respected – if sometimes slow on the uptake.
http://news.zdnet.co.uk/software/0,1000000121,39379900,00.htm?r=1
Gartner: Open source will quietly take over
Peter Judge ZDNet.co.uk Published: 04 Apr 2008 14:53 BST
In a few years' time, almost all businesses will use open source, according to Gartner; even though IT managers may be unaware of it, and prefer to talk about fashions such as software as a service.
... Gartner misses the point that a free licence does more than cut the cost of ownership, said Taylor, pointing out that it provides other benefits. "Licensing is only a slice of the total cost, but historically, companies have only bought as many licences as they can afford. If you remove the licence cost, you may only remove three percent of the of total cost of the existing project, but you also remove the brakes — you massively expand the numbers that project can be rolled out to at no extra cost.
"Open source gives massive scalability at no transaction cost, for whatever you are doing," he said.
Aside for the fact it is counter-productive, doesn't test for steroids, irritates the parents and the students, and fails to comply with the Supreme Court mandates; what's wrong with it?
http://www.pogowasright.org/article.php?story=2008040423501625
Drug testing opposition grows in Flower Mound
Friday, April 04 2008 @ 11:50 PM EDT Contributed by: PrivacyNews News Section: Minors & Students
Students at Flower Mound High School participating in any extracurricular activities (and any student with a parking permit) will be given "the privacy of a stall" to provide a urine sample, should they be selected for a random drug test as part of Lewisville ISD's new drug testing program.
In what may be one of the most far-reaching applications of random student drug testing since a divided United States Supreme Court upheld the practice in 2002, Lewisville ISD's new aggressive, $437,787 campaign to combat teen drug use is meant to deter and decrease use, along with providing counseling for students already using illegal drugs, according to the Lewisville ISD.
Source - Pegasus News
Some simple but interesting ideas.
http://www.darkreading.com/document.asp?doc_id=150276&WT.svl=column1_1
An Inconvenient Lack of Truth
We'll never be able to fix our security problems until we start truthfully sharing breach information
APRIL 4, 2008
... My research leads to some conclusions that may be unsurprising, but often ignored:
1. Blame the system, not the victims, for identity fraud.
2. Blame the credit card companies, not the retailers, for credit card fraud.
3. Consumers suffer from identity fraud, retailers from credit card fraud.
4. We need fraud disclosure, not breach disclosure.
5. We need public root cause analysis. [I would LOVE that. Probably ain't gonna happen though. Bob]
6. Breach disclosures teach us the wrong lessons.
Just consider it 'convergence' Next: DRM on your apartment door! DRM on your pacemaker!
http://www.technewsworld.com/rsstory/62391.html?welcome=1207400561
DRM for Cars: No Pay, No Play
By Chris Woodyard USA Today 04/05/08 4:00 AM PT
When the light starts to flash, you had better have the cash.
That's the reality for millions of subprime borrowers whose used car purchase is contingent upon having an unusual option: a little box mounted underneath the dashboard that forces them to make their payments on time.
A light on the plastic box flashes when a payment is due. If the payment isn't made and the resulting code punched in to reset the box, the vehicle won't start. The next step is a visit from the repo man.
Tools & Techniques
http://www.killerstartups.com/Mobile/MobileTalkPacket8net---Affordable-International-Calls/
MobileTalk.Packet8.net - Affordable International Calls
International calls making a dent in your pocketbook? MobileTalk from Packet8 will get you cheaper rates without all the dressed up frills. The app works by looping your calls through VoIP, thereby cutting costs by 90%. It’s really too easy to use. Set up takes a few minutes, but from there, every thing else is a breeze. You download the app to your phone, and then proceed with your calls as you normally would. When you make an international call MobileTalk will immediately route the call through their network, getting you a local number, and making your calls really cheap.
http://mobiletalk.packet8.net/
For my students (I wonder if this could be extended to rare and antique books?)
http://www.killerstartups.com/eCommerce/Bluerectanglecom---Book-Reviews-and-Buybacks/
Bluerectangle.com - Book Reviews and Buybacks
BlueRectangle is an online bookstore that buys and sells books and also helps you to select your next purchase by providing you with video book reviews. Selling a book is simple, just enter the ISBN number of the books you’d like to sell and BlueRectangle will let you know whether they have a need for the book and how much they will pay you for it. Shipping is free, so you don’t have to worry about making any further calculations because the price you see is the price you get. Attention college students: BlueRectangle will also buy your used textbooks, which should allow you to save a bit of money for the more important things in life.
For my Small Business class This is one of many sites offering “instant storefronts”
http://www.killerstartups.com/eCommerce/Shopwindozcom---Online-Shops-for-Niche-Products/
Shopwindoz.com - Online Shops for Niche Products
ShopWindoz is a portal where designers of original products can create their own online shop without requiring any programming knowledge. Anyone with a suitable product can go to ShopWindoz, open a shop, and start selling their goods to the world. People interested in purchasing original micro-brand, independent products directly from the source can go to ShopWindoz, and search for either the product they desire or a particular shop. ShopWindoz offers secure SSL encrypted payment methods and a community rating system so that the best vendors will rise to the top over time. A quick glance at the current inventory shows that the site is heavily focused on unique clothing and fashion apparel, at least for the time being.
http://www.shopwindoz.com/en/home/public
I found this little gem recently...
FOSSWIN is a collection of over 100 Free and Open Source Software for academic, government, and business organizations using the Windows 98SE/Me/2000/2003/XP operating systems. The software has been carefully assembled to provide free alternatives to expensive commercial suites such as MS Office, MS Outlook, Photoshop, Matlab, etc. The collection is available as an ISO image, a ZIP archive, or as a portable package. The portable version is self-contained - it can be extracted on a removable storage media such as a USB thumb drive and applications will run directly from it without installation. Simply extract the "fosswin_portable.zip" file on a 512MB USB stick and double-click on the file "PStart.exe". This will launch the applications menu and park it in the system tray of the computer. All three distributions contain this README file with a more detailed description of FOSSWIN and its usage.
FOSSWIN ISO
FOSSWIN ZIP
FOSSWIN Portable