How long does it take to settle all aspects of an Identity Theft case? I wonder if I could find enough detail to set my statistics students on the question?
http://www.databreaches.net/?p=3955
New deal backed for ID theft case
May 12, 2009 by admin Filed under: Financial Sector, Hack, U.S.
Virgil Larson of World-Herald News Service reports on the tentative approval of a settlement in the class action lawsuit against TD Ameritrade resulting from a hack in 2006 and 2007 that affected customer contact information on 6.3 million clients.
The settlement will not result in any money for class members but the lawyers get almost $2 million. Indeed, it’s not clear to me that the class members get anything at all out of this settlement. I guess we’ll have to wait and see the actual terms when the deal is approved.
Related
http://www.databreaches.net/?p=3987
Most of Hannaford breach lawsuit tossed out by judge
May 13, 2009 by admin Filed under: Breach Reports, Business Sector, Hack, U.S.
Trevor Maxwell of The Portland Press Herald reports that Judge D. Brock Hornby of the U.S. District Court in Maine has dismissed nearly all of the claims filed again Hannaford Bros. for the massive breach they suffered in 2007 and early 2008. Only consumers who were not reimbursed by their banks for fraudulent charges on their accounts will be allowed to proceed with their claims. Maxwell quotes the ruling (which is not yet available online):
“There is no way to value and recompense the time and effort that consumers spent in reconstituting their bill-paying arrangements or talking to bank representatives to explain what charges were fraudulent,” Hornby wrote.
“Those are the ordinary frustrations and inconveniences that everyone confronts in daily life with or without fraud or negligence. Maine law requires that there be a way to attach a monetary value to a claimed loss. These fail that requirement.”
Related
http://www.databreaches.net/?p=3982
Impact of Heartland Payment Systems breach continues to emerge
May 13, 2009 by admin Filed under: Breach Reports
Yesterday, Marc Stewart of WSMV reported on how a number of Tennessee banks had been affected by the Heartland Payment Systems breach. Today, Todd Wallack of The Boston Globe has some data and figures on banks in Massachusetts affected by the Heartland Payment Systems breach.
Some of the figures may be a bit surprising to those who anticipated even larger numbers. Wallack reports:
For instance, Rockland Trust Co. told the state it was forced to reissue nearly 19,000 MasterCard debit cards and 64 Visa credit cards to customers this spring, while East Boston Savings Bank said it replaced the debit cards for as many as 7,600 customers. Salem Five Cents Savings Bank said the debit cards for 7,200 of its customers, mostly Massachusetts residents, were “compromised” by the breach and issued new cards to customers with active accounts earlier this year.
Many of the banks included in these two recent news stories do not appear on bankinfosecurity.com’s list, which had already identified over 625 financial institutions affected by the breach. Visa gave financial institutions until May 19 Visa to file claims for reimbursement for part of any losses. It would be nice if they released some numbers after that deadline, even some simple figures such as the number of institutions that filed claims based on the breach.
In the interim, reports of actual fraud as a result of the breach continue to be relatively sparse for a breach of this supposed magnitude, but given what happened in the aftermath of the RBS WorldPay breach, any statements about little fraud might be very premature. Hopefully, those financial institutions that decided to just “monitor” card numbers will not regret their decision.
Too much? Perhaps all DA's should take this approach (because the expansion of the prison system would be an economic stimulus?)
http://www.databreaches.net/?p=3993
Prosecutor will seek life sentence for ID theft
May 13, 2009 by admin Filed under: Commentaries and Analyses, ID Theft, U.S.
As a follow-up to a case reported in a recent “Bits ‘n Pieces” post: Jim Dooley of The Honolulu Advertiser reports that the prosecutor will be seeking a life sentence for Susan Shaw, who is charged with stealing some $160,000 from at least 11 victims from January 2008 through last month.
Dooley quotes prosecutor Christopher Van Marter: “We will be seeking a life term in prison based on the sheer magnitude (of the scheme) and the harm she has caused her victims.”
A life sentence? Shaw reportedly had a prior felony conviction for theft in 1994, and I deplore ID theft as much as the next advocate, but even so, a life sentence seems disproportionate. But then again, what should sentencing guidelines look like for recidivists?
Global companies will have a global impact. Nation wide card processors will impact nationally.
http://www.databreaches.net/?p=3975
Report: ATM/Debit Card Fraud On The Rise
May 12, 2009 by admin Filed under: Breach Reports, Financial Sector
This will be no surprise to anyone who really reads all the breaches reported on this site, but Kelly Jackson Higgins of Dark Reading reports:
[...]
Nearly 70 percent of the [161 financial services] respondents to the survey, conducted by antifraud firm Actimize, said they had experienced an increase in ATM/debit card fraud claims in 2008 compared to 2007.
Around 23 percent said those claims jumped by 5 to 9 percent;
around 16 percent, by 10 to 14 percent;
17.5 percent, by 15 to 19 percent;
nearly 9 percent, by 20 to 24 percent;
11 percent, by 25 to 49 percent; and
5 percent, by a whopping 50 to 74 percent.
Half of the institutions had been hit with fraud complaints that came out of some of the major data breaches, with more than 30 percent saying they had seen fraud incidents as a result of the TJX hack, and 30 percent out of the Heartland Payment Systems hack.
From the “Allow us to demonstrate stupidity” department: “Our security is so good, we don't even bother to listen to anyone who says otherwise...”
http://www.databreaches.net/?p=3980
Woman Finds Credit Card Statements Unprotected Online
May 12, 2009 by admin Filed under: Breach Reports, Exposure, Financial Sector, U.S.
From TheIndyChannel.com:
A major credit card company is investigating how more than a hundreds statements were made available online after an Indiana woman alerted them to the problem.
Constance Wilson had logged in to pay her Aspire Visa card bill when she instantly had access to 120 other statements from people in Indiana and 31 other states.
[...]
When Wilson called CompuCredit, the Atlanta-based company that manages the Aspire card, they told her what she was describing wasn’t possible.
Company officials changed their tune when Call 6 contacted them regarding the breach.
For those into self-inflicted surveillance... Several tools listed.
http://www.makeuseof.com/tag/record-your-skype-calls-on-windows-and-mac/
Record Your Skype Calls On Windows and Mac
May. 12th, 2009 By Simon Slangen
Everyone ought to record their incoming and outgoing calls, as well as keep chat logs. Why should we let homeland security have all the fun?
That's not what the WI court said last week (http://www.pogowasright.org/article.php?story=20090507150902758&query=gps ). Perhaps we could have a debate? (The main dissent is interesting.)
http://www.pogowasright.org/article.php?story=20090512102250905
NY: GPS monitoring a vehicle's movements without exigent circumstances violates state constitution
Tuesday, May 12 2009 @ 10:22 AM EDT Contributed by: PrivacyNews
The New York Court of Appeals today decided Weaver v. People, No. 53 (May 12, 2009), holding that the NY Constitution prohibits the use of GPS transmitters on vehicles without a warrant, following other state courts analyzing the issue under their constitutions.
Source - FourthAmendment.com Related - Newsday
[From the article:
"The massive invasion of privacy entailed by the prolonged use of the GPS device was inconsistent with even the slightest reasonable expectation of privacy," Chief Judge Jonathan Lippman wrote.
Be aware. This is another “If you're innocent, you have nothing to worry about” arguments. That means they don't want to put the real reasons on record. (“We want the ability to overrule our political opponents.)
http://www.pogowasright.org/article.php?story=20090513045818851
Government in secret: Lisa Madigan targets privacy exemption in Illinois' public-records law
Wednesday, May 13 2009 @ 04:58 AM EDT Contributed by: PrivacyNews
Illinois Atty. Gen. Lisa Madigan wants to force public agencies throughout Illinois -- from town halls to school boards -- to report to her office every time they cite privacy as an excuse to withhold public records.
"It is by far the most broadly abused exemption to the state records law," said Cara Smith, Madigan's deputy chief of staff. "We think that is far less likely to happen if they know they have to report it to us every time they use it. If they have a valid reason, then they will have nothing to worry about."
Source - Chicago Tribune
Related?
http://www.bespacific.com/mt/archives/021343.html
May 12, 2009
CDT Recommends Standards for Use of Analytics Tools on Federal Web Sites
News release: "The Center for Democracy & Technology (CDT) and the Electronic Frontier Foundation (EFF) today released a report examining the use of analytics tools on federal agency Web sites. The report analyzes existing policy and makes recommendations for how federal agency Web sites can use analytics – a useful tool in developing open government strategies – while protecting citizen privacy... Recommendations for federal agencies include crafting robust policies to ensure that data collected for measurement purposes is adequately protected and updating current federal policy on persistent tracking technologies, such as cookies. Current federal policy requires, among other things, that the agency head authorize each use of these technologies. This has resulted in a near prohibition of persistent tracking technologies. While the policy should remain extremely protective of privacy, it should also allow federal agencies to take advantage of advances in Web technology."
It's not getting on the list, it's downloading all you want while staying off the list!
http://torrentfreak.com/mit-harbors-the-most-p2p-pirates-090513/
MIT Harbors The Most P2P Pirates
Written by Ernesto on May 13, 2009
College students have always been prime targets for anti-piracy outfits such as the RIAA. Despite inundating students with mountains of threats and legal action, the number of copyright infringements committed by them have not declined. What did change though is the positioning of various universities in the list of most infringing establishments.
There are many school selection guides on the Internet, but none of them lists universities ranked by the number of recorded copyright infringements. Thanks to the copyright infringement “Trends & Insights” report published by BayTSP today, we can construct such a list.
In the United States, MIT is leading the list for the second year in a row, followed by the newcomer University of Washington. Purdue University dropped 4 spots and is now ranked 8th, but this could be due to the fact that students at Purdue launched their own private P2P network.
EU wide notification rules... Guidance or contrast?
http://www.databreaches.net/?p=3970
Pointer: European Parliament Adopts Position on Data Breach Notification Requirement for Telecoms and ISPs
May 12, 2009 by admin Filed under: Breach Laws, Business Sector, Commentaries and Analyses, Non-U.S
The Privacy and Security Law Blog has a nice article by Hunton & Williams LLP on the new European Parliament position on data breach notification requirement for telecoms and ISPs.
As the authors note, “For the first time in EU law the amendments [to the e-Privacy Directive] introduce a definition of “personal data breach” and a data breach notification requirement.”
The full article is here, and the position paper can be found here.
Sweat equity and high speed Internet...
http://arstechnica.com/tech-policy/news/2009/05/norwegian-isp-dig-your-own-fiber-trench-save-400.ars
Norwegian ISP: dig your own fiber trench, save $400
Lyse has become the largest fiber-to-the-home provider in Norway thanks to an innovative business model that asks customers to preregister before any fiber is dug, then offers them a $400 savings if they dig their own trench from the street to the home. So far, 80 percent of Lyse's customers have broken out the shovels.
By Nate Anderson | Last updated May 11, 2009 12:22 PM CT
… Only when 60 percent of the people in an area sign up in advance for the service does Lyse start the actual fiber install.
Sixty percent sounds like a tough threshold, but the company says that it has been "very successful" so far by offering people far greater Internet speeds for the same price they are currently paying. Lyse's Altibox service offers 10Mbps, 30Mbps, or 50Mbps connections—all of them fully symmetrical (upload and download speeds are identical). In many areas, the uptake rate tops 80 percent, though competitors have boosted speeds and started deploying fiber of their own in an effort to retain customers.
Oh look, they're from Nigeria, Maybe they will send me $20,000,000...
http://singlefunction.com/geoiptool/
GeoIPTool
http://www.geoiptool.com/
GeoIPTool is a useful tool to lookup the geolocation of an IP address. The use of the tool is straight forward, simply enter an IP address, and you will get the location of that IP on a Google map. Other relevant info such as host name, country, city, postal code, calling code, and latitude/longitude coordinates, are displayed on the left of the map.
From one of the blogs I follow...
http://teachingcollegemath.com/?p=923
100 Innovative Blogs for Education
This blog is honored to be included in the list (at #57) of 100 Most Inspiring and Innovative Blogs for Educators, especially because I’ve been kind of bad about posting during my dissertation writing.