http://www.databreaches.net/?p=3047
New fraud reports attributed to Heartland Payment Systems breach
April 14, 2009 by admin Filed under: Financial Sector, Hack, ID Theft, Malware, U.S.
A few weeks ago, Clearstar Financial Credit Union reported that a few dozen of their members had detected fraudulent charges on their cards that began on March 25. Given that lists of possibly compromised card numbers from the Heartland Payment Systems breach had been sent out in January and thereafter, some of us wondered whether the Clearstar report was related to Heartland’s breach or indicated a separate problem. Representatives of Clearstar, when contacted, were unable to determine whether the problem was Heartland-related or not.
But now more credit unions are filing similar reports, and they are being attributed to the Heartland breach, suggesting that either card issuers had not identified all of the compromised numbers when they sent out their alerts, or banks and credit unions may have erred by not cancelling cards. Today, Deneen Smiths of the Kenosha News in Wisconsin reports that 78 customers at Southport Bank in Kenosha started noticing fraudulent debit card charges beginning on April 8 and that other local banks, including the Bank of Kenosha, have also been affected. As in other cases, the card numbers are being used at a variety of locations around the country.
The Bank of Kenosha spokesperson did not indicate whether the fraudulent charges only began in the past few weeks, but the Southport Bank report suggests that we have not heard the last of new fraud reports stemming from the Heartland breach. To date, over 625 banks and credit unions have been identified as having been affected by the breach.
It's amazing how ignorant some people can be. “We don't know...” is as far from a “Best Practice” as you can get.
UK: Second data blunder fear
April 14, 2009 by admin Filed under: Government Sector, Insider, Lost or Missing, Non-U.S., Theft
It’s amazing what you don’t find when you finally get around to looking for it. In this story out of the UK, a local council brought in consultants after one data breach, only to discover that their potential problem was bigger than they thought:
…. Charnwood Borough Council admitted it could not find nine missing computers that could contain personal and sensitive information about residents.
It comes after the authority discovered, in August, that a hard drive, holding financial details of thousands of taxpayers, had been stolen by an employee and sold on an internet auction site. [earlier coverage]
Information technology consultants, bought in to beef up the council’s computer security following the theft, believe the missing computers could lead to further data security losses.
The council has said it does not know what information is stored on them.
Read more in the Leicester Mercury.
The solution is simple: The Feds will pass a law making all state privacy laws moot.
http://www.pogowasright.org/article.php?story=20090414051214339
State privacy laws may undercut electronic medical records
Tuesday, April 14 2009 @ 05:12 AM EDT Contributed by: PrivacyNews
A study looks at correlations between stated medical privacy laws and the adoption of electronic record keeping by the hospitals within a state, and finds that an emphasis on privacy may decrease the rate of adoption of electronic systems.
Source - Ars Technica
Finally got everything working the way you want? Don't worry, we can change that!
http://www.tgdaily.com/html_tmp/content-view-42024-140.html
Microsoft preps auto IE8 update amidst dramatic usage share decline
Software By Wolfgang Gruener Monday, April 13, 2009 16:37
Redmond (WA) – As IE8’s adoption rates lag far behind initial expectations, Microsoft prepares its most powerful tool to push the browser out to user computers. The company said that it is preparing an Automatic Update/Windows Update targeting IE6 and IE7 users, which make currently make up about 93% of the IE user base. The update will be published in the third week of April. And we wonder: Can it slow the rapid decline of IE market share?
Another risk of “failure to keep up with technology?”
http://www.pogowasright.org/article.php?story=20090413155347229
The mobile phone as self-inflicted surveillance
Monday, April 13 2009 @ 03:53 PM EDT Contributed by: PrivacyNews
.... This is cogent analysis. Mobile phones and email are used by everyone, including terrorists and other criminals. The data can be instrumental in tracking down criminals, with the caveat that having a bigger haystack does not make it easier to find a needle. But it misses one perverse effect - those who will be stigmatised in the future are those who don't have traffic data retained.
Source - The Register Thanks to Brian Honan for this link.
[From the article:
Mobile phone penetration in Europe reached an average of 111.26 per cent in 2007 according to ITU estimates, while in the UK it was 118.47 per cent.
… Lack of traffic data is what becomes suspicious. There are already two documented cases in Europe where not carrying a mobile phone was considered one of the grounds for arrest.
… Earlier this year, Sir David Omand, a former Cabinet Office security and intelligence coordinator, gave a clear indication of what some in Whitehall have on their wish-list:
[A]pplication of modern data mining and processing techniques does involve examination of the innocent as well as the suspect to identify patterns of interest for further investigation.[...] Finding out other people's secrets is going to involve breaking everyday moral rules. So public trust in the essential reasonableness of UK police, security and intelligence agency activity will continue to be essential.
Another overreach?
http://www.pogowasright.org/article.php?story=20090413132308649
Computer Science Student Targeted for Criminal Investigation for Allegedly Sending Email
Monday, April 13 2009 @ 01:23 PM EDT Contributed by: PrivacyNews
A Boston College computer science student has asked a Massachusetts court to quash an invalid search warrant for his dorm room that resulted in campus police illegally seizing several computers, an iPod, a cell phone, and other technology.
The Electronic Frontier Foundation (EFF) is representing the student, who has petitioned the court for the immediate return of his property and is demanding that investigators be prohibited from any further searches or analysis of his digital data. Massachusetts State Police participated in the search and are overseeing the forensic analysis of the seized property.
"This search warrant is invalid, as there is no probable cause that a crime was committed at all," said EFF Civil Liberties Director Jennifer Granick. "Every day this student's private information is in the hands of the police department, he suffers harm to his property interests and his constitutional rights."
The dorm room search stemmed from an investigation into who sent an email to a Boston College mailing list alleging that another student was gay. [Is this a crime in Massachusetts? Bob] Police say they know who sent the email and that the sender committed the crimes of "obtaining computer services by fraud or misrepresentation" and obtaining "unauthorized access to a computer system." However, nothing presented by the investigating officer to obtain the warrant, including the allegation that the student sent the email to the mailing list, could constitute the cited criminal offenses.
Some of the supposedly suspicious activities listed in support of the search warrant application include: the student being seen with "unknown laptop computers," which he "says" he was fixing for other students; the student uses multiple names to log on to his computer; and the student uses two different operating systems, [Bill Gates made that a crime? Bob] including one that is not the "regular B.C. operating system" but instead has "a black screen with white font which he uses prompt commands on."
"The police used inapplicable criminal laws as a basis for a fishing expedition to determine the author of an anonymous email," said EFF Senior Staff Attorney Matt Zimmerman. "Now, this student has been suspended from his job, and he is without a laptop and other devices he needs to do his schoolwork. His private communications and papers are in the hands of police who are searching for evidence without just cause. Even his cell phone and iPod were taken, clearly an overreach if the goal is tracking the source of an email."
The motion to quash the search warrant was filed with assistance from Fish & Richardson attorneys Adam Kessel, Lawrence Kolodney, and Tom Brown. No court date has been set yet to hear the motion.
For the full motion for emergency relief:
http://www.eff.org/files/filenode/inresearchBC/CalixteMotEmergencyRelief.pdf
For more on this case: http://www.eff.org/cases/re-matter-search-warrant-boston-college
Source - EFF Press Release
Privacy is not an asset, therefore privacy has no value Privacy can not be damaged, so even if it had value, that value could not be reduced.
http://www.pogowasright.org/article.php?story=20090413115820305
Ruiz v. Gap: Increased Risk of ID Theft Not Damages
Monday, April 13 2009 @ 11:58 AM EDT Contributed by: PrivacyNews
In a previous post this blog noted that a California Federal District Court denied a motion to dismiss a data breach negligence claim based on a lack of “damages.” Despite the partial “victory,” the Court had also suggested that the damages issue might not survive a motion for summary judgment. Well, the Court made its own prediction come true in a recent ruling.
On April 4, 2009, the court issued a decision indicating that an increased risk of identity theft did not rise to the level of harm necessary to maintain a negligence claim.
Source - InfoSec Compliance
Related? Perhaps privacy creates a barrier (of rights?) you should not breach?
http://www.pogowasright.org/article.php?story=20090413120312965
CO: Judge says Weld County went too far in seizing tax documents
Monday, April 13 2009 @ 12:03 PM EDT Contributed by: PrivacyNews
A Colorado judge ruled today that Weld County officials went too far in their investigation of ID theft by illegal immigrants when they seized federal income tax documents as part of their investigation. The ACLU had gotten involved in this case because of the seizure of tax return records from Amalia's Translation and Tax Services in Greeley.
The Associated Press has more here.
Blogging is not always good for your health.
http://yro.slashdot.org/article.pl?sid=09/04/14/0216237&from=rss
South Korean Financial Blogger Faces 18 Months of Prison
Posted by Soulskill on Tuesday April 14, @02:14AM from the how-much-prison-time-for-a-tweet dept. Government
eldavojohn writes
"A South Korean blogger named Park Dae-sung has been arrested and charged with destabilizing foreign markets by blogging about declining companies. This is the same blogger who predicted the economic downturn that has been experienced the world over. The Korean Times offers more information on the community college graduate and the accusations levied against him."
Several readers have also sent in news that Omidreza Mirsayafi, an Iranian blogger arrested and imprisoned for his writings earlier this year, has now died in custody.
This is slick. (Sorry about the lawyer joke... NOT!)
http://www.bespacific.com/mt/archives/021094.html
April 13, 2009
Patient’s Guide to HIPAA: How to Use the Law to Guard your Health Privacy
"The Patient's Guide to HIPAA is the first comprehensive guide to medical privacy written expressly for patients with a practical eye as to how to use the law to protect privacy. It is a major privacy resource for patients, written directly and without legalese. The Patient's Guide to HIPAA is easy to navigate and digest; the guide is in the form of Frequently Asked Questions & Answers. All of the key points in HIPAA are included, from the 7 basic patient rights to how and when to get copies of health care records. Difficult situations that patients often encounter are included in the guide. The Patient's Guide to HIPAA was written by Robert Gellman, with assistance from Pam Dixon, John Fanning, and Dr. Lewis Lorton."
[From the guide:
Why Are the Notices Long and Boring?
One answer is that the rule is long and complicated. Another answer is that lawyers write many of the notices. Often, lawyers write like...lawyers, and the results are sometimes complete, precise, and in the end, incomprehensible.
For my Data Mining students
http://www.bespacific.com/mt/archives/021102.html
April 13, 2009
Center for Responsive Politics now provides 20 years of downloadable money-in-politics data--for free
News release: "Today the nonpartisan Center for Responsive Politics is putting 200 million data records from the watchdog group's archive directly into the hands of citizens, activists, journalists and anyone else interested in following the money in U.S. politics. For the first time in CRP's 26-year history, the nonprofit research group's most popular data archives are fully and freely downloadable for non-commercial purposes from the Center's website, OpenSecrets.org--a four-time Webby winner for best politics site online. OpenSecrets.org will remain the go-to independent source for most users interested in tracking money's political influence and, in fact, the site has some new general-interest features as of today. With today's announcement, skilled data-divers can explore the information that's already aggregated on OpenSecrets.org to its full depth. Web developers and database experts can grab federal money-in-politics data that CRP's researchers have standardized and coded, and mash it up with other data sets. Timelines, charts, maps, other graphics and mobile applications are just some of the projects that could result--all powered by CRP's unparalleled data."
For my stone-age readers?
http://tech.msn.com/products/article.aspx?cp-documentid=18764894
Getting Face-to-Face with Facebook
By Ian Cooley, State Street
… If you haven’t yet had a chance to catch up with the Facebook phenomenon, this Facebook primer is for you.
For gosh sake, don't tell Al Gore! He'll need to revise his PowerPoints!
http://www.tgdaily.com/content/view/42006/181/
Harvard astrophysicist: Sunspot activity correlates to global climate change
General Sciences By Rick C. Hodgin Friday, April 10, 2009 13:12
No comments:
Post a Comment