Another big Friday (day when no one reads the news) for Identity Theft announcements. Also a disturbing trend to push notification responsibility to others.
It looks like this SunGard breach will trickle in all summer.
http://www.pogowasright.org/article.php?story=20080509145826822
Former St. John's University students' personal info on stolen laptop (SunGard update)
Friday, May 09 2008 @ 02:58 PM EDT Contributed by: PrivacyNews News Section: Breaches
St. John's University has notified the Maryland Attorney General's office that some of their former students had personal information on the laptop stolen in March from an employee of SunGard Higher Education.
Although the laptop was stolen on March 13, St. John's reports that they were not notified until April 10.
In their notification letter to former students, Joseph J. Tufano, the Vice President of Information Technology, notes that although the university cannot be certain, [Far too common. Suggests they didn't know what SunGard was doing “for them?” Bob] the laptop appears to have contained data on students who were enrolled in 2001, including their name, address, and Social Security number.
The university has offered to reimburse affected students for both one year of credit monitoring from Experian for the cost of freezing and unfreezing their credit report (once each) during the next 12 months if the individual submits an invoice from the three major credit bureaus.
Another college, but no mention of the number of students impacted.
http://www.pogowasright.org/article.php?story=20080509152349221
Bryant & Stratton students told that their data was on stolen laptop (SunGard update)
Friday, May 09 2008 @ 03:23 PM EDT Contributed by: PrivacyNews News Section: Breaches
Bryant & Stratton College in New York reports that its students were among those who had personal information on a laptop stolen from an employee of SunGard HE.
As numbers become available, this entry will be updated.
Looks like SunGard is negotiating with each university individually...
http://www.pogowasright.org/article.php?story=20080509143756841
Software Vendor Has Agreed to Pay for Credit Monitoring for Students (SunGard update)
Friday, May 09 2008 @ 02:37 PM EDT Contributed by: PrivacyNews News Section: Breaches
Richard Blumenthal, Connecticut’s attorney general, said he is encouraged by SunGard’s response this week to his questions regarding the steps the software company has taken to protect students’ personal data.
... In a phone conversation Thursday, Mr. Blumenthal said SunGard has agreed to pay for two years of credit monitoring and $2,500 in identity-theft insurance for each of the affected students in Connecticut. However, SunGard has declined to pay for students to freeze and unfreeze their credit reports, as the attorney general requested. He said officials from his office will be meeting with those from SunGard to discuss the issue.
Source - Chronicle of Higher Education
Another “It's not my job” approach to informing Identity Theft victims.
http://www.pogowasright.org/article.php?story=20080509090821906
Theft of tax data spurs change in process (follow-up)
Friday, May 09 2008 @ 09:08 AM EDT Contributed by: PrivacyNews News Section: Breaches
After 10 days of dealing with the aftermath of a stolen bank courier vehicle, Iredell County officials are changing the way they handle processed tax payments.
... While the information was recovered during a traffic stop May 2, the county is moving toward a more computerized system and reducing the number of unprocessed items transported by courier, Furches said.
Source - Mooresville Tribune
[From the article:
Iredell County Manager Joel Mashburn said First Citizens officials told the county it was the bank’s responsibility to inform taxpayers’ banks, and then it was up to the individual banks to inform the account holder.
She was authorized (from the computer's access rules) to see this information. How do you determine that an individual access was not authorized? Interesting management problem.
http://www.pogowasright.org/article.php?story=20080509144243959
Ex-911 operator accused of illegal database searches
Friday, May 09 2008 @ 02:42 PM EDT Contributed by: PrivacyNews News Section: Breaches
A former city 911 operator faces multiple felony counts for illegally searching state driving records and state police databases that included the FBI's terrorist watch list, officials said Wednesday.
The fired employee, Nadire P. Zenelaj, 32, of Rochester insists she did nothing wrong and is being singled out because she is Muslim.
... Richard Vega, director of the city's Office of Public Integrity, said Zenelaj was "running personal information on herself, on her family and on friends. I think it went beyond curiosity. ... We think she was accessing this information to pass it on to others." [Homeland Security must start with this assumption, but if I remember correctly, they still have to prove it in court. Bob]
At least one of the 227 names that Zenelaj searched for was on the terrorist watch list, [Ted Kennedy? Bob] according to police. She was fired in December, arrested Tuesday and pleaded not guilty Wednesday to misdemeanor official misconduct and 232 felony counts of computer trespass — one for each allegedly illegal search.
Source - Democrat and Chronicle hat-tip, The Jawa Report
[From the article:
In a telephone interview, she said that when she was trained on the database systems, instructors told her that she needed to practice and that was all she was doing.
"It was a common practice in the office," she said of nonofficial searches, adding: "I never disseminated any information to anybody. I kept my obligations to my employer."
Another “insider” job and another potentially huge breach that is staying under the radar?
http://www.pogowasright.org/article.php?story=20080509181226696
SC: Prisoners' ID Theft Scheme Grabs Lawmaker's Attention
Friday, May 09 2008 @ 06:12 PM EDT Contributed by: PrivacyNews News Section: Breaches
A credit card scheme linked to Lee Correctional Facility stretches all the way to California and back. While authorities in Dyer, Indiana investigate one case, SC lawmakers are expressing their concerns.
News 19 continues its investigation into a credit card scheme involving some South Carolina prisoners. The inmates were granted access to the personal information of dozens of Citibank customers.
Source - WLTX
[From the article:
... the case in Dyer was among dozens nationwide. A stolen identity scheme involving Citibank employees and prisoners at Lee Correctional Facility in South Carolina.
... But it doesn't shock Department of Corrections Director, Jon Ozmint. He's known about the scheme for months. [So much for disclosure laws... Bob]
... State and federal agencies are also investigating the case. No charges have been filed and no arrests have been made.
For your Security Manager
Hackers find a new place to hide rootkits
A pair of security researchers has developed a new kind of rootkit, called an SSM, that hides in an obscure part of the processor that is invisible to antivirus apps
By Robert McMillan, IDG News Service May 09, 2008
... Called an SSM (System Management Mode) rootkit, the software runs in a protected part of a computer's memory that can be locked and rendered invisible to the operating system but which can give attackers a picture of what's happening in a computer's memory.
... SMM dates back to Intel's 386 processors, where it was added as a way to help hardware vendors fix bugs in their products using software. The technology is also used to help manage the computer's power management, taking it into sleep mode, for example.
Ditto! Perhaps it's not ready for prime time? (Is this a problem of non-compliant hardware?)
XP SP3 cripples some PCs with endless reboots
Windows blogger has tentatively identified XP SP3's endless reboot problem as involving only machines using processors from AMD
By Gregg Keizer, Computerworld May 09, 2008
Interesting. “Double Secret Probation” rules are in effect!
http://www.pogowasright.org/article.php?story=20080509174418813
EPIC Prevails in Virginia Fusion Center FOIA Case
Friday, May 09 2008 @ 05:44 PM EDT Contributed by: PrivacyNews News Section: In the Courts
Yesterday, Richmond General District Court held that EPIC "substantially prevailed" on the merits of its freedom of information lawsuit against the Virginia State Police. EPIC filed the case after the State Police refused to disclose documents describing the federal government's involvement in efforts to limit Virginia's transparency and privacy laws. Through the litigation, EPIC uncovered a secret contract between the State Police and the FBI that limits the rights of Virginia citizens to learn what information the State Police collect about them. The court's letter opinion requires the State Police to pay EPIC's litigation costs, but not its attorneys' fees.
Source - EPIC.org
I doubt this will have much impact one way or another, but we'll have to wait and see.
http://yro.slashdot.org/article.pl?sid=08/05/09/223219&from=rss
RIAA Lawyer Jumps Ship
Posted by ScuttleMonkey on Friday May 09, @07:22PM from the bigger-better-deal dept. The Courts Media
NewYorkCountryLawyer writes
"The RIAA's top litigation lawyer, who has been personally leading the RIAA's litigation campaign for the past several years, Richard Gabriel, will be leaving his law practice, after getting a job as a state court judge for a 2-year term in Colorado. What this will mean to the RIAA's litigation machine is anyone's guess. Mr. Gabriel has personally argued all of the RIAA's main cases, including Elektra v. Barker, Atlantic v. Howell, Atlantic v. Brennan, Capitol v. Foster, Atlantic v. Andersen, UMG v. Lindor, and London-Sire v. Doe 1, and personally tried the Capitol v. Thomas case, the only RIAA case that has ever gone to trial. He was working directly under the supervision of the RIAA's mysterious 'representative' Matthew Oppenheim."
Truth is stranger than fiction...
http://www.money.co.uk/article/1000390-13-year-old-steals-dads-credit-card-to-buy-hookers.htm
13 Year Old Steals Dad's Credit Card to Buy Hookers
Published on 9 May 2008
A 13 year old from Texas who stole his Dad's credit card and ordered two hookers from an escort agency, has today been convicted of fraud and given a three year community order.
Ralph Hardy, a 13 year old from Newark, Texas confessed to ordering an extra credit card from his father's existing credit card company, and took his friends on a $30,000 spending spree, culminating in playing "Halo" on an Xbox with a couple of hookers in a Texas motel.
The credit card company involved said it was regular practice to send extra credit cards out as long as all security questions are answered.
The escort girls who were released without charge, told the arresting officers something was up when the kids said they would rather play Xbox than get down to business.
Police said they were alerted to the motel by a concerned delivery clerk, whom after delivering supplies of Dr Pepper, Fritos and Oreos had been asked by the kids where they could score some chicks and were willing to pay. They explained they had just made a big score at a "World of Warcraft" tournament and wanted to get some relaxation. On noting the boys age the delivery clerk informed the authorities.
When police arrived at the motel they found $3,000 in cash, numerous electronic gadgets, an Xbox video console with numerous games, and the two local escort girls.
Ralph had reportedly told police that his father wouldn't mind, as it was his birthday last week and he had forgot to get him a present. The father, a lawyer said he had been too busy, but would take him on a surprise trip to Disneyland instead.
Asked why he ordered two escorts, Ralph said he thought it was the thing to do when you win a "World of Warcraft" tournament. They told the suspicious working girls they were people of restricted growth working with a traveling circus, and as State law does not allow those with disabilities to be discriminated against they had no right to refuse them.
The $1,000 a night girls sensing something up played "Halo" on the Xbox with the kids, instead of selling their sexual services.
Ralph's ambition is to one day become a politician.