Thursday, September 03, 2009

They should have this completely cleared up in a few more years...

http://www.databreaches.net/?p=7008

TJX settles banks’ lawsuit

September 2, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, U.S.

The Associated Press reports that TJX has settled TJX said it has paid $525,000 to settle claims by some banks about costs they incurred as a result of the retailer’s massive data breach. Other banks — AmeriFirst Bank, HarborOne Credit Union, SELCO Community Credit Union and Trustco bank - have dropped their respective claims against TJX.



Is this the case of the “T. J. Hooper” for the Internet age?

http://www.databreaches.net/?p=7011

Court allows suit against bank for lax security

September 2, 2009 by admin Filed under Breach Incidents, Financial Sector, Of Note, Other, U.S.

Jaikumar Vijayan of Computerworld reports:

A couple whose bank account was breached can sue their bank for its alleged failure to implement the latest security measures designed to prevent such compromises.

In a ruling issued last month, Judge Rebecca Pallmeyer, of the District Court for the Northern District of Illinois, denied a request by Citizens Financial Bank to dismiss a negligence claim brought against it by Marsha and Michael Shames-Yeakel. The Crown Point, Ind. couple — customers of the bank — alleged that Citizens’ failure to implement up-to-date user authentication measures resulted in the theft of more than $26,000 from their home equity line of credit.

Read more on Network World

[From the article:

The negligence claim was one of several claims brought against Citizens by the couple. Although, Pallmeyer dismissed several of the other claims, she allowed the negligence claim against Citizens to stand. She noted that the couple had shown that a "reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs' account against fraudulent access."

The ruling highlights an issue that security analysts have been talking about for a long time: the need by companies to show due diligence in protecting customer data against malicious and accidental compromise. Security analysts have warned that companies that can't prove they took adequate measures to protect data could find themselves exposed to legal liability after a data breach.

… The decision in the Shames-Yeakel case was first reported on Digital Media Lawyer Blog , which is written by David Johnson, a lawyer specializing in digital media law with Jeffer, Mangels, Butler and Marmaro LLP in Los Angeles. The case shows how the failure to expeditiously implement state-of-the-art security measures can open companies to negligence claims, Johnson wrote.

… Citizens held the couple responsible for paying back the money, and claimed that under its online terms and conditions it had no liability for any unauthorized transactions that were made using legitimate usernames and passwords. It said there was no liability unless it had been notified in advance about the possibility of unauthorized use and had been given a reasonable opportunity to act on that notice.

… But the Shames-Yeakels claimed those measures were inadequate. They said that at the time of the breach, Citizens was still relying on usernames and passwords to control access to accounts while others had begun using two-factor authentication, including token-based authentication, that is considered more secure. They pointed to a 2005 document by the Federal Financial Institutions Examination Council (FFIEC), which called single-factor authentication inadequate and recommended the use of two-factor authentication by banks.



The report is very confusing. No indication why there would be a database of pharmacy 'clients' on a laptop computer. If there is no health information (i.e. prescription records) what was the database for? If it was not supposed to leave the pharmacy, why use a laptop rather than a cheaper desktop?

http://www.databreaches.net/?p=7005

Navy laptop with personal info missing

September 2, 2009 by admin Filed under Breach Incidents, Government Sector, Healthcare Sector, Lost or Missing, U.S.

Liz Nelson reports:

Naval Hospital Pensacola will be notifying thousands of beneficiaries who use its pharmacy services, following the disappearance of a laptop computer August 18 which contains personally identifiable information.

The computer’s database contains a registry of 38,000 pharmacy service customers’ names, Social Security numbers and dates of birth on all patients that used the pharmacy in the last year. It does not contain any personal health information.

Read more on Fox10TV

Neither the story nor the hospital’s FAQ (below) indicate whether the data were encrypted or unencrypted. The FAQ indicates that in some cases, spouses’ information and disability ratings may also have been on the laptop.

Related: FAQ on the breach on the hospital’s site (pdf)

[From the article:

The computer has a damaged exterior and may have been disposed of. [and no one remembers (or records) it's destruction? Bob]



Would this have been different if he had received a text message from his lawyer?

http://www.pogowasright.org/?p=3493

ACLU lawsuit says student’s cell phone was illegally searched

September 2, 2009 by Dissent Filed under Court, U.S., Youth

John Cox of Network World reports:

A middle school honor student who was expelled after authorities searched his cell phone and found evidence of what they claimed were “gang-related activities” now has a lawyer: the American Civil Liberties Union.

The Mississippi ACLU this week filed a federal civil rights lawsuit, arguing that the 2008 cell phone search was illegal and the expulsion wrongful. The lawsuit claims that the gang activities were simply photos showing the student, then-12-year-old Richard Wade, dancing in the bathroom of his own home, and a friend, also at Wade’s home, with a BB gun held across his chest.

According to the ACLU press release, Wade, then a 12-year-old at Southaven Middle School, Southhaven, Miss., had his phone confiscated and then searched by his football coaches, the class principal, and a police sergeant after he read a text message received from his father during football class. [Improbable cause? Bob]

Read more on The Standard.



Mostly high school math, but many of my students start at that level.

http://www.brightstorm.com/d/math

Brightstorm

Free online math video lessons to help students with the formulas, equations and calculator use, to improve their math problem solving skills.



Tools & Techniques Hang onto this one. You will need it someday.

http://www.makeuseof.com/tag/how-to-find-unknown-device-drivers-by-their-vendor-device-id/

How To Find Unknown Device Drivers By Their Vendor & Device ID

Sep. 2nd, 2009 By Saikat Basu



Quick screenshots.

http://janeknight.typepad.com/pick/2009/08/screensnapr.html

31 August 2009

ScreenSnapr

Simply press the ScreenSnapr Hotkey (Ctrl + 1), and almost instantly have access to a URL to share on IM, Twitter, Email, or any other virtual medium.

[And here you will find a list of over 70 screen capture and screencasting tools]

No comments: