http://www.databreaches.net/?p=7553
700,000 Express Scripts members notified of extortion demands (update 2)
September 30, 2009 by admin Filed under Breach Incidents, Healthcare Sector, Of Note, U.S.
As previously reported here Express Scripts recently updated their breach report on the incident from 2008 involving an extortion demand. Now Dina Wisenberg Brin of Dow Jones Newswires provides some additional details, including the statistic that Express Scripts has now sent out approximately 700,000 individual notification letters, total. The company has not revealed how many of the 700,000 notifications are due to its recently becoming aware that even more data had been acquired than they had realized. [Almost always the case. No idea why that is so. Bob]
Express Scripts spokeswoman Maria Palumbo told Dow Jones Newswires that the person who illegally obtained member records recently sent a data file to a law firm, [Hacktivism? Bob] which forwarded it to the FBI. Palumbo wouldn’t identify the law firm, other than to say it was one that had filed a lawsuit against the company.
As it has in the past, Express Scripts made a statement that it is “unaware at this time of any actual misuse of members’ information, but we understand the concern that this situation has caused our members.”
That statement strikes me as somewhat preposterous because the company is already aware of actual misuse of the information — the extortion demand itself represents actual misuse of the information, in my opinion.
This report was crossposted from PHIprivacy.net
Update: Robert McMillan of IDG News Service also reports on the latest developments in this breach, and notes that:
In May, Washington, D.C., law firm Finkelstein Thompson brought a class-action suit against Express Scripts on behalf of members whose data was stolen. Attorneys at the firm did not return messages seeking comment for this story.
The report also includes statements I made to the reporter about this breach.
Update 2: Dina Wisenberg Brin has updated her story to include a few more details. Express Scripts indicates that most of the 700,000 notifications are due to the recently revealed data as only a few hundred members were notified last year. Additionally, the company notes that the data appear to be consistent with how their data looked in 2006.
(Related) “We didn't know where our records were either...” I teach my Statistics students that they should know how many people are involved in their studies. The math doesn't work well otherwise...
http://www.databreaches.net/?p=7563
UNC security breach less severe than feared
September 30, 2009 by admin Filed under Breach Incidents, Education Sector, Hack, U.S.
As an update to a previously reported breach:
A hacker who wormed into a UNC Chapel Hill computer server may not have gotten access to as much information as officials originally feared.
UNC School of Medicine officials said last week that a security breach had left data related to as many as 236,000 women enrolled in a mammography study exposed, including 163,000 social security numbers.
But now school officials say the number of exposed files is actually about 160,000 total, including about 114,000 social security numbers, said Stephanie Crayton, a UNC Health Care spokeswoman.
Source: NewsObserver.com
This week, UNC was also informed by DataBreaches.net that the UNC School of Journalism and Mass Communication server appeared to have been infected and was serving up spam. In that case, the compromise appeared to be due to a known WordPress vulnerability affecting older versions of WordPress.
A little encryption would have made this whole kerfuffle go away.
http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/
Probe Targets Archives’ Handling of Data on 70 Million Vets
By Ryan Singel October 1, 2009 8:05 am
The inspector general of the National Archives and Records Administration is investigating a potential data breach of tens of million of records about U.S. military veterans, after the agency sent a defective hard drive back to its vendor for repair and recycling without first destroying the data. [It's hard to 'erase' data if the drive won't let you talk to it. Bob]
As I mentioned yesterday, e-crooks are becoming more sophisticated. (not to be confused with smarter)
http://www.databreaches.net/?p=7575
Hackers Breach Payroll Giant, Target Customers
October 1, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack, Malware, U.S.
Brian Krebs reports:
Hackers last week apparently used stolen account information from a New Jersey company that provides online payroll services to target the firm’s customers in a scheme to steal passwords and other information.
[...]
Unlike typical so-called “phishing” scams — which are sent indiscriminately to large numbers of people in the hopes that some percentage of recipients are customers of the targeted institution — this attack addressed PayChoice customers by name in the body of the message. The missives also included reference to each recipient’s onlineemployer.com user name and a portion of his or her password for the site.
In a statement e-mailed to Security Fix, PayChoice said the company discovered on Sept 23 that its online systems had been breached. The company said it immediately shut down the onlineemployer.com site and instituted fresh security measures to protect client information, such as requiring users to change their passwords.
Read more on Security Fix
[From Security Fix:
Last Wednesday, a number of PayChoice customers received an e-mail warning them that they needed to download a Web browser plug-in in order to maintain uninterrupted access to onlineemployer.com, the portal for PayChoice's online payroll service. The supposed plug-in was instead malicious software designed to steal the victim's user names and passwords.
Wow! Things are bad in Australia
http://www.databreaches.net/?p=7577
AU: One in five fall victim to ID theft
October 1, 2009 by admin Filed under Commentaries and Analyses, ID Theft, Non-U.S.
Nick Gardner reports:
The identity crimes report, which was commissioned by credit company Veda Advantage and conducted by Galaxy Research, found more than 1.5 million people’s credit cards had been skimmed and 1.2 million people’s bank accounts were illegally accessed.
Many more people’s mail containing PINs and other information that can be used to create a false identity was stolen.
ID fraud in Australia is up at least 23per cent this year compared with a year ago and experts believe it is because Australia has been slow in deploying anti-fraud technology.
Read more in Australian IT.
[From the article:
Police, meanwhile, rarely investigate incidents of ID theft because it is regarded as a "low priority'' crime.
Interesting. I would imagine corporations could more easily prove damages that individuals could. Perhaps I should become legal?
http://www.pogowasright.org/?p=4247
Since when does a legal entity have “privacy” rights?
September 30, 2009 by Dissent Filed under Businesses, Court
Kristen J. Mathews writes:
Since when does a legal entity have “privacy” rights?
Since the Third Circuit said so, in its September 22, 2009 decision in AT&T v. Federal Communications Commission (No. 084024).
Most privacy practitioners would not consider a legal entity to have privacy rights. Rather, a legal entity may have trade secrets or contractual confidentiality protections. However, in its novel holding, the Third Circuit found that a corporation (AT&T) was protected by an exemption in the Freedom of Information Act (FOIA) that applies to “unwarranted invasions of personal privacy.”
Read more on Proskauer Rose Privacy Law Blog
Advertising through intimidation? I don't remember this as a “Japanese thing” (Interesting too that she never contacted the police...)
http://www.pogowasright.org/?p=4251
Those unwanted terrifying emails were from…. Toyota?
September 30, 2009 by Dissent Filed under Businesses, Court
Over on Courthouse News, Tim Hull reports that an advertising firm and Toyota are being sued because an advertising campaign terrorized an email recipient:
A woman says a “terror marketing” campaign that Saatchi & Saatchi created for Toyota made her believe a drunken English soccer hooligan with a pit bull would show up at her home expecting to crash on her couch. She says the defendants sent her a series of anonymous emails in which a fictional man claimed he knew her address and planned to “lay low at your place for a bit. Till it all blows over. Bringing Trigger.”
Amber Duik says she was terrorized by the “nontraditional promotion” called “The Other You.” In her Superior Court complaint, Duik says the anonymous series of emails left her “constantly in tears and shaking and sobbing in emotional distress” during the entire month of April 2008.
[...]
Eventually an actor in the “movie” revealed that the entire ordeal was a hoax, and that Duik had been “punked” by Toyota as part of a marketing campaign for its Matrix automobile.
Duik says she was so terrified by the emails that her boyfriend began sleeping with a club and Mace. She says she was convinced that “a violent criminal on the run from the police both in England and the United States” was making his way down the California coast to her home.
Duik seeks $10 million in punitive damages for fraud, negligent misrepresentation, deceptive advertising, emotional distress, consumer law violations and other charges.
[From Courthouse News:
The "terror marketing campaign" consisted of a series of emails that purported to come from Sebastian Bowler, a fictional 25-year-old man, created by Saatchi & Saatchi, who loves soccer, drinking, and getting into trouble (www.myspace.com/bowlerbowler).
All it costs you is some privacy...
http://it.slashdot.org/story/09/09/30/1916249/Auto-Detecting-Malware-Its-Possible?from=rss
Auto-Detecting Malware? It's Possible
Posted by timothy on Wednesday September 30, @03:18PM from the would-love-to-see-the-install-prompt-for-this dept.
itwbennett writes
"If antivirus protectors could collect data from machines and users, including geographic location, social networking information, type of operating system, installed programs and configurations, 'it would enable them to quickly identify new malware strains without even looking at the code,' says Dr. Markus Jakobsson. In a recent article, he outlines some examples of how this could work. The bottom line is this: 'Let's ignore what the malware does on a machine, and instead look at how it moves between machines. That is much easier to assess. And the moment malware gives up what allows us to detect it, it also stops being a threat.'"
Speaking of Big Brother tools... An easy “It's for the children” sell, but some real risk of “thought police”
http://www.wired.com/wiredscience/2009/09/domestic-abuse-prediction/
Data-Mining Medical Records Could Predict Domestic Violence
By Frederik Joelving September 30, 2009 3:58 pm
… Now, a group of researchers at Harvard University has created the first computer model to automatically detect the risk that a patient is being abused at home. The results were published Sept. 29 in the British Medical Journal.
“It’s a great concept,” said Debra Houry, an emergency physician at Emory University, who was not involved in the research. Although around one in four women experience domestic violence at some point in their lives, she says, the problem often goes unnoticed at a doctor’s visit. “It’s one of those hidden epidemics where they don’t come up to you and disclose the issue.”
… Using the new system, the researchers were able to predict abuse an average of two years before the doctor made the diagnosis. Presumably, the computer is picking up signs of ongoing maltreatment the patient hasn’t yet revealed.
The researchers also speculate that, in principle, some subtle signal could precede direct abuse. [“You are under arrest citizen for contemplating abusing your spouse.” Bob]
Redefining “Large Datacenter” Also some tips for my Business Continuity class.
http://news.cnet.com/8301-13860_3-10364746-56.html?part=rss&subj=news&tag=2547-1_3-0-20
Microsoft opens Windy City data center
by Ina Fried September 30, 2009 3:38 PM PDT
… But on Wednesday, the company allowed a group of reporters, customers, and partners to tour the 700,000 square foot facility.
… But, for all its strategic import, the ground floor of the Chicago plant looks more like a truck parking lot than a traditional data center. In each parking spot, though, Microsoft can drop off a container packed with up to 2,000 servers.
Improving the stalker toolkit!
http://news.slashdot.org/story/09/09/30/2052258/Google-Wants-to-Map-Indoors-Too?from=rss
Google Wants to Map Indoors, Too
Posted by timothy on Wednesday September 30, @04:55PM from the where's-the-good-silverware dept.
An anonymous reader writes
"Google maps are getting extended indoors next month with a new app called Micello that takes over where conventional navigators leave off — mapping your route inside of buildings, malls, convention centers and other points of interest. You don't get a 'you are here' blinking dot yet — but they do promise to add one next year using WiFi triangulation. At the introduction next month, Micello will only work in California, but they plan to expand to other major US cities during 2010."
(Related) Ain't technology wonderful?
http://yro.slashdot.org/story/09/10/01/1321212/Wireless-Network-Modded-To-See-Through-Walls?from=rss
Wireless Network Modded To See Through Walls
Posted by CmdrTaco on Thursday October 01, @09:30AM from the still-can't-see-through-pants dept.
KentuckyFC writes
"The way radio signals vary in a wireless network can reveal the movement of people behind closed doors, say researchers who have developed a technique called variance-based radio tomographic imaging which processes wireless signals to peer through walls. They've tested the idea with a 34-node wireless network using the IEEE 802.15.4 wireless protocol (the personal area network protocol employed by home automation services such as ZigBee). The researchers say that such a network could be easily distributed by the police or military wanting to determine what's going on inside a building. But such a network, which uses cheap off-the-shelf components, might also be easily deployed by your neighbor or anybody else wanting to monitor movements in your home."
Links to many more resources. Mostly for genealogy...
http://www.bespacific.com/mt/archives/022448.html
September 30, 2009
National Archives and Footnote.com Announce New Digital Holocaust Collection
News release: "The National Archives and Records Administration and Footnote.com announced the release of the internet’s largest Interactive Holocaust Collection. For the first time ever, over one million Holocaust-related records – including millions of names and 26,000 photos from the National Archives – will be available online. The collection can be viewed at: http://www.footnote.com/holocaust...The collection also includes nearly 600 interactive personal accounts of those who survived or perished in the Holocaust provided by the U.S. Holocaust Memorial Museum. The project incorporates social networking tools that enable visitors to search for names and add photos, comments and stories, share their insights, and create pages to highlight their discoveries. There will be no charge to access and contribute to these personal pages."
Global Warming! Global Warming! I knew it wasn't just Al Gore's hot air!
Cosmic Ray Intensity Reaches Highest Levels In 50 years
Posted by samzenpus on Wednesday September 30, @10:13PM from the start-the-mutations dept.
An anonymous reader writes
"A NASA probe found that cosmic ray intensities in 2009 had increased by almost 20 percent beyond anything seen in the past 50 years. Such cosmic rays arise from distant supernova explosions and consist mostly of protons and heavier subatomic particles — just one cosmic ray could disable unlucky satellites or even put a mission to Mars in jeopardy."
(Related) Maybe Osama invented Global Warming. I thought it was Al Gore!
http://www.bespacific.com/mt/archives/022451.html
September 30, 2009
CIA Opens Center on Climate Change and National Security
News release: "The Central Intelligence Agency is launching The Center on Climate Change and National Security as the focal point for its work on the subject. The Center is a small unit led by senior specialists from the Directorate of Intelligence and the Directorate of Science and Technology. Its charter is not the science of climate change, but the national security impact of phenomena such as desertification, rising sea levels, population shifts, and heightened competition for natural resources. The Center will provide support to American policymakers as they negotiate, implement, and verify international agreements on environmental issues. That is something the CIA has done for years."
Related postings on climate change
(Related) Global Warming results in more snow (or at least, more snow jobs), so this is important.
GPS Receiver Noise Can Be Used To Detect Snow Depth
Posted by timothy on Wednesday September 30, @02:12PM from the for-the-journal-of-sensors-and-transducers dept.
cremeglace writes
"Scientists at the University of Colorado at Boulder have found a use for GPS besides finding restaurants or the occasional road-that-doesn't-exist: it can be used to measure snow depth. The new technique, which takes advantage of distortions of the GPS signal after it reflects off the snowpack, may potentially improve weather forecasts by allowing meteorologists to track snowfall patterns. ScienceNOW has the story, which one geophysicist describes as 'a classical case of one person's noise becoming another person's signal.'"
All I want for Christmas...
http://www.techcrunch.com/2009/09/30/bumptop-goes-multi-touch-um-awesome/
BumpTop Goes Multi-Touch. Um, Awesome.
by MG Siegler on September 30, 2009
… BumpTop is adding multi-touch support. And the result is awesome.
… This graphic below shows a list of the gestures BumpTop offers that competitors don’t, including the ones that they apparently have patents on (labeled as “BT”).
How could I resist passing this on to my students. (Any of you lawyers want me to pass on your cards?)
http://www.makeuseof.com/tag/top-5-websites-to-learn-how-to-hack-like-a-pro/
Top 5 Websites To Learn How To Hack Like A Pro
Oct. 1st, 2009 By Ryan Dube
No comments:
Post a Comment