Wednesday, July 06, 2011

Not only did they lose data, they apparently lost a backup drive right in the middle of doing backups! (The drive would be in a safe when not in use, right?) Well, at least they “noticed.”

http://www.databreaches.net/?p=19444

Missing Plymouth State University backup drive contained Social Security Numbers of 1,509 students

July 5, 2011 by admin

On May 18, Plymouth State University noticed that an external hard drive that they used for backup purposes was missing.

One of the files on the drive was a spreadsheet that contained the names and Social Security numbers of 1,509 students enrolled in the teacher education and certification program between 2005 and 2010.

As the university explained in their June 28 letter to the New Hampshire Attorney General’s Office, they needed to collect Social Security Numbers so they could forward teacher candidates to the state licensing board for approval.

Unfortunately, New Hampshire is not the only state that still requires Social Security Numbers for licensing or certifying professionals, and I’m somewhat surprised that there haven’t been more hacks of state licensing board databases. Or maybe there have been and we’re just not hearing about them….



“Hey, we're a bank! What do we know about security?” Maybe the State of NY stole it!

http://www.databreaches.net/?p=19429

Morgan Stanley investors notified that lost CDs contained their personal and financial data

July 5, 2011 by admin

Christopher Maag reports:

Personal information belonging to 34,000 investment clients of Morgan Stanley Smith Barney has been lost, and possibly stolen, in a data breach. According to two letters sent to clients, and obtained by Credit.com, the information includes clients’ names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and—for some clients—Social Security numbers.

The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted. ['cause it's much more expensive to spend a dollar to encrypt a CD than to provide credit reports for 34,000 customers... Bob]

[...]

The company mailed the CDs containing information about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. It appears the package was intact when it reached the department, but by the time it arrived on the desk of its intended recipient the CDs were missing, Wiggins said.

The state notified Morgan Stanley Smith Barney about the lost data on June 8. The company took two weeks to conduct an “exhaustive search” of all the facilities the package passed through, Wiggins said, and then mailed the letters to clients on June 24.

Read more on Credit.com.

Earlier coverage on BusinessInsider.com



The breach may have compromised 645,000, but the lawsuit was because of “failure to report promptly”

Indiana Attorney General reaches settlement with WellPoint in consumer data breach

By Dissent, July 5, 2011

Health insurer WellPoint Inc. will pay the State a $100,000 settlement [Suit asked for 300,000 Bob] over a data breach where the personal information of thousands of WellPoint customers was potentially accessible via the Internet. The settlement resolves a lawsuit that Indiana Attorney General Greg Zoeller’s office filed under a new data-breach notification law passed in 2009.

“This case should be a teaching moment for all companies that handle consumers’ personal data: If you suffer a data breach and private information is inadvertently posted online, then you must notify the Attorney General’s Office and consumers promptly. Early warning helps minimize the risk that consumers will fall victim to identity theft,” Zoeller said.

The data breach occurred when applications for individual insurance policies submitted to WellPoint – containing social security numbers, financial information and health records — were potentially accessible through an unsecured web site from October 23, 2009, to March 8, 2010. The records of 32,051 people in Indiana were potentially accessible through the online application tracker website operated by companies owned by or affiliated with WellPoint for potentially anyone to see.

A notification to WellPoint was made by a consumer February 22, 2010, and again on March 8, 2010, that records containing personal information were potentially accessible. Upon notification, WellPoint immediately secured the site. [Upon the second notification? Bob]

Consumers were notified of the data breach beginning June 18, 2010. Although required by law to also simultaneously notify the Attorney General’s Office of a data breach, WellPoint did not immediately do so. News reports of the data breach prompted the Attorney General’s Office to initiate the contact to WellPoint on July 30, 2010, and launch an inquiry.

Under a recent state law, House Enrolled Act 1121-2009, companies that experience data breaches must notify both their consumers and the Attorney General “without unreasonable delay.” Prompt notice allows consumers to take precautions to mitigate the risk of identity theft.

“The requirement to notify the Attorney General ‘without unreasonable delay’ is not fulfilled by having me read about the breach in the newspaper,” Zoeller noted.

… During the breach, consumers’ private data was accessible online for approximately 137 days, and one consumer lodged a complaint about possible identity theft as a result of it. Approximately 645,000 consumers nationwide eventually were notified about the breach.

… The Attorney General’s Office has issued warning letters to 47 companies that delayed in issuing notice of security breaches. Those included warning letters issued to 39 companies for delays in notifying both consumers and the Attorney General’s Office. Warning letters also were sent to five companies for delays in notifying the AG’s Office only and to three companies for delays in notifying consumers only, records show.

NOTE: A copy of the settlement agreement and dismissal order is attached. An audio sound bite of the Attorney General’s comment on the case is attached.

Source: Attorney General Greg Zoeller

Previous coverage of this case on this blog can be found here.



This could be amusing. Watch to see if law enforcement follows this lead. If true, how fast can they move?

http://www.thetechherald.com/article.php/201127/7364/LulzSec-members-revealed-by-rival-hacking-group-A-Team

LulzSec members revealed by rival hacking group A-Team

… the New York Times reports that a hacking group known as the A-Team has this week launched an open attack on LulzSec by publishing the names, aliases, email addresses, phone numbers and other personal details of its members.

According to the A-Team, its overt slapping of a fellow hacking group has come about because LulzSec apparently “lack the skill to do anything more than go after the low-hanging fruit.”



Ubiquitous surveillance – it's the law! (Or will be shortly)

http://www.pogowasright.org/?p=23609

E-Verify and the Emerging Surveillance State

July 5, 2011 by Dissent

Tom Deweese writes:

The rush is on to force into law mandatory use of the E-Verify system that will mandate that all businesses use this hand-me-down from the Social Security Administration in order to hire anyone. Republican Representative Lamar Smith has introduced HR 2164 and House action is expected at any time. Say proponents, E-Verify is necessary to stop illegals [and anyone else we don't like Bob] from getting jobs. Many freedom-loving Conservatives are supporting the idea in a desperate attempt to control illegal immigration. Is this the right way to protect America?

To answer that, it’s necessary to ask another question. If government won’t do its job, is that a reason for Americans to surrender their liberty? Do you think that is a funny question? Well, it is actually what a number of Conservative activist groups are now advocating in the name of stopping illegal immigration through enforcement of E-Verify.

Read more on Canada Free Press.

EFF has also denounced the proposal:

Congress is considering a bill that would federalize E-Verify, creating a single, government-controlled database of highly sensitive, detailed information about every legal worker in the United States. EFF joined the ACLU, the National Center for Transgender Equality, the Liberty Coalition, and dozens of other civil liberties and labor groups in urging Congress to uphold worker privacy and reject the Legal Workforce Act.

The Legal Workforce Act (H.R. 2164) would require all employers to use an Internet-based program called E-Verify to check every worker against an error-prone database. In letters sent to both houses of Congress, the coalition of advocacy groups decried the implementation of a nationwide system that could lead to downstream abuses by intelligence and law enforcement groups. The proposed bill could create a bureaucratic nightmare for American businesses while trampling on the privacy rights of workers.

Read more on EFF.



As usual, Gary Alexander finds the most interesting articles. Let's hope this means that we won't have a major security breach involving all that top secret lawyer-client communication.

http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202499174206

Top Encryption Techniques for Lawyers

For Kubs Lalchandani, managing partner of Miami-based Lalchandi Law, document encryption has become like the lock on his office door: a routine and essential security tool. "The importance of encryption software for law firms cannot be quantified," he says. "Clients are demanding encryption, especially for classified documents that reside on laptops."

… Many PC and Macintosh users aren't aware that their desktop and laptop operating systems come with built-in encryption capabilities. Tools included on both systems provide high-quality AES protection and are relatively easy to activate. On both platforms, internal encryption tools can be used to safeguard an array of documents, including notes, correspondence, and contracts.


(Related) Lawyers are recognizing that technology beyond the quill pen exists and clients are using it! There may be hope for them yet!

http://www.bespacific.com/mt/archives/027692.html

July 05, 2011

American Bar Association - Initial Draft Proposals on Lawyers' Use of Technology and Client Development

Jamie S. Gorelick and Michael Traynor, Co-Chairs - ABA Commission on Ethics 20/20 - Re: For Comment: Initial Draft Proposals on Lawyers' Use of Technology and Client Development. Date: June 29, 2011

  • "The Commission is pleased to release its initial proposals relating to lawyers’ use of technology-based client development tools. As the accompanying report explains, the Commission concluded that no new restrictions are necessary in this area, but that lawyers would benefit from more guidance on how to use new client development tools in a manner that is consistent with the profession’s core values. To that end, the Commission is proposing amendments to Rules 1.18 (Duties to Prospective Clients), 7.2 (Advertising), and 7.3 (Direct Contact with Prospective Clients) that would clarify how lawyers can use new technology to disseminate important information about legal services and develop clients."


(Related) On the other hand, they may soon be a dime a dozen. (Can they should sue the Law Schools for false advertising?)

http://www.bespacific.com/mt/archives/027688.html

July 05, 2011

Economic Modeling Specialists - New Lawyers Glutting the Market

EMSI: "Just how bad is the job outlook for lawyers? According to our quick analysis, every state but Wisconsin, Washington, D.C., and Nebraska produced more — in some cases, far more — bar exam passers in 2009 than the estimated yearly openings for lawyers in those states. The same glut holds true when comparing law school grads, via IPEDS from the National Center for Education Statistics, to the same opening estimates. And when you take into account nuances with the D.C. bar and how Wisconsin operates, there might not be any states with a shortage."



Enough to make a Geek giggle! Microsoft's head tech weenie cooks as a hobby and here he talks about food tech and how he illustrated his cookbook and the “30 hour hamburger recipe”

http://www.ted.com/talks/nathan_myhrvold_cut_your_food_in_half.html#024994938954550183865

Nathan Myhrvold: Cooking as never seen before



Could be handy...

File2PDF.com - Convert Files Into PDFs

As its name implies, File2PDF is an online conversion system that can take different files such as images and Word documents and have them all mixed and combined into a single PDF. The way the site works, you are allowed to use a simple interface to upload what you want to have converted, and a download link will be produced for you to retrieve the finished file after a very short while. The individual files that you upload must be no larger than 10 MB. And you can both upload the documents to be used one by one, or as a part of a single ZIP file.

The service can be used for free to begin with, but if you want some meatier features (such as uploading files larger than 10 MB, having your PDFs stored for longer on the server, and converting large batches of files) then you can sign up for a VIP account. A one time payment of $ 10 will give you access to one.

Supported Formats

Our system support the conversion of rtf, doc, odt, docx, ppt, xml and txt documents to PDF. if you try to upload any other format it will fail.

http://www.file2pdf.com/


No comments: