http://www.databreaches.net/?p=6385
Big credit card breach in Japan
July 24, 2009 by admin Filed under Business Sector, ID Theft, Non-U.S., Of Note
Alico Japan said Thursday that credit card data on possibly tens of thousands of its insurance policyholders had apparently leaked, resulting in massive fraudulent transactions.
It said that up to 110,000 policyholders could be affected.
Names of policyholders, their credit card numbers and the expiry dates of the cards were used to make fraudulent purchases via the Internet.
By Thursday, the life insurer said it had received inquiries from more than 1,000 policyholders who complained they had been billed by credit card companies for purchases they hadn’t made.
The parent company of Alico Japan is the U.S.-based American Life Insurance Co. Alico Japan also falls under the umbrella of the giant American International Group Inc. (AIG).
The apparent scope of the fraud makes it one of the largest of its kind in Japan in recent years.
Alico Japan said it was first alerted to the problem on July 14 by a credit card company with which it has business dealings. The credit card company said the leak had apparently occurred at Alico Japan.
Read more on Asahi.com. The company does not yet know how the breach occurred.
[From the article:
… Their policy contract numbers end with the numerals 2 or 3. [So only 2 out of 10 policies are impacted – or the crooks haven't needed to open the other files yet. Bob]
Trends?
http://www.atthebreach.com/blog/2009-verizon-business-risk-team-findings/
2009 Verizon Business Risk Team Findings
Key Findings of the 2009 Verizon Business Risk Team Cybercrime Report
This year’s key findings both support last year’s conclusions and provide new insights. These include:
* Most data breaches investigated were caused by external sources. Seventy-four percent of breaches resulted from external sources, while 32 percent were linked to business partners. Only 20 percent were caused by insiders, a finding that may be contrary to certain widely held beliefs.
* Most breaches resulted from a combination of events rather than a single action. Sixty-four percent of breaches were attributed to hackers who used a combination of methods. In most successful breaches, the attacker exploited some mistake committed by the victim, hacked into the network, and installed malware on a system to collect data.
* In 69 percent of cases, the breach was discovered by third parties. The ability to detect a data breach when it occurs remains a huge stumbling block for most organizations. Whether the deficiency lies in technology or process, the result is the same. During the last five years, relatively few victims have discovered their own breaches.
* Nearly all records compromised in 2008 were from online assets. Despite widespread concern over desktops, mobile devices, portable media and the like, 99 percent of all breached records were compromised from servers and applications. [A bit misleading, since the greatest volume of data is on servers and in applications. One server breach could yield 1000 times the data on a stolen laptop. Bob]
* Roughly 20 percent of 2008 cases involved more than one breach. Multiple distinct entities or locations were individually compromised as part of a single case, and remarkably, half of the breaches consisted of interrelated incidents often caused by the same individuals.
* Being PCI-compliant is critically important. A staggering 81 percent of affected organizations subject to the Payment Card Industry Data Security Standard (PCI-DSS) had been found non-compliant prior to being breached.
If nothing else, the graphic showing relative length of the privacy policies examined is amusing.
http://www.pogowasright.org/?p=2132
15 Top Privacy Policies, Analyzed
July 23, 2009 by Dissent Filed under Internet
We all know no one reads privacy policies. What do the top websites really include in them? In its mission to get anonymous public data, The Common Data Project a New York City-based non-profit, is on a mission to eliminate the barriers that privacy policies pose.
In a new report, they analyzed ten of the most popular Web properties on the Internet, and several more emerging ones. Here’s how what they put in their policies affects your privacy, and how other enterprises can imitate their best practices.
Read more on ReadWrite Enterprise.
… find all the sections together here.
No doubt they will want to add video cameras to each recycling bin. Facial recognition would let them identify the anti-social/non-recyclers for deportation.
http://www.pogowasright.org/?p=2138
Council admits snooping through rubbish
July 24, 2009 by Dissent Filed under Breaches, Govt, Non-U.S., Surveillance
“Disgraceful” council staff have been snooping through residents’ rubbish to monitor their recycling habits, it has been revealed.
Residents across Rother, including Battle, have had their refuse rifled through by East Sussex County Council, without their knowledge or consent.
And council staff have also been accused of using their findings to rate households across the county into five different social categories, from Level One, ‘Wealthy Achievers’, to Level Five, ‘Hard Pressed’.
Read more on the Rye & Battle Observer.
The start of a trend or do these Mainers have lobster fever again...
http://www.pogowasright.org/?p=2122
Maine law limits collection of data on minors
July 23, 2009 by Dissent Filed under Legislation, U.S., Youth
David Navetta of InfoSecCompliance provides an overview of a new law in Maine that limits the collection of personal information of minors. The law, which goes into effect on September 12, 2009, has a provision for an individual cause of action in state court, unlike many privacy laws that do not provide for an individual cause of action:
3. Civil violation; penalty. Notwithstanding the penalty provisions of Title 5, section 209, each violation of this chapter constitutes a civil violation for which a fine may be assessed of:
A. No less than $10,000 and no more than $20,000 for a first violation; and
B. No less than $20,000 for a 2nd or subsequent violation
Read more on InfoSecCompliance.com
No doubt this is important to a few IP lawyer types...
http://www.wipo.int/wipo_magazine/en/2009/04/article_0005.html
Are Tweets Copyright-Protected?
July 2009 By Consuelo Reinberg
Copyright and tweeting – the debate was bound to happen. Can repeating a message on Twitter - a free social networking and micro-blogging service that enables users to send and read other users' updates (known as tweets) – actually be construed as copyright infringement? This article, by Consuelo Reinberg, content editor, BP Council, was first published in the BP Council Note, June 18, 2009.
Tools & Techniques
http://www.makeuseof.com/tag/how-to-secure-check-your-hotmail-account/
How to Make Your Hotmail Sign In More Secure
Jul. 23rd, 2009 By Tim Watson
… If you’re not a Hotmail user, many of these tips can still apply to you, as other web-mail services may have the same features.
No comments:
Post a Comment