Apparently (we need a better
translation) this includes airline tickets and the passport numbers
that “prove” you aren't a terrorist.
CheapTickets.nl
database with 715,000 customers’ personal information and 80,000
passport numbers leaky due to “stale” security
October 24, 2011 by admin
The following is via Google’s
translation of what Brenno de Winter reported:
… leaked
CheapTickets.nl a database of 715,000 customers. Attackers did not
just names but also tickets and passport numbers.
It found a source
that reported on condition of anonymity. He discovered that the
Windows Server 2003 environment, not all patches were rotated.
Because the area was vulnerable to a weakness
published in 2009, he was able to access the system
containing the database with customer data.
Lot of personal
information
In the database,
the personal information of 715,000 customers, including full name,
address, telephone number and meal preferences. Together, these
customers took more than 1.2 million tickets away. For
flights to destinations including the United States give their
passengers through passport. 80,000 of them are certainly
in the database.
[...]
CheapTickets.nl
will not respond to questions from Macworld. But Raymond Vrijenhoek,
CEO CheapTickets.nl will come later today in a statement
Read more on Webwereld.
In reading translations of other news stories on the breach, I
chuckled over one translation of outdated/unpatched as “stale.”
That seems about right.
Another
Privacy Damages article. Would this apply to individuals?
Replacing credit/debit cards is a cost to the banks. Credit
monitoring or insurance is often paid for by the breachee, not the
individual victims. If you do purchase insurance after notification
of a breach where the organization breached claims there is no risk
of identity theft, would the court see that as a breach-related
expense, or an individual whim?
Federal
Appeals Court Holds Identity Theft Insurance/Credit Monitoring Costs
Constitute “Damages” in Hannaford Breach Case
October 24, 2011 by admin
I posted something on this decision
earlier today, but David Navetta has such a helpful
analysis of the ruling that I wanted to mention it here. His
commentary begins:
In a significant
development that could materially increase the liability risk
associated with payment card security breaches (and personal data
security breaches, in general), the U.S.
Court of Appeals 1st Circuit (the “Court of Appeals”) held
that payment card replacement fees and
identity theft insurance/credit monitoring
costs are adequately alleged as mitigation damages for purposes of
negligence and an implied breach of contract claim. For some time,
the InfoLawGroup has been carefully
tracking data breach lawsuits that, for the most part, have been
dismissed due to the plaintiffs’ inability to allege a cognizable
harm/damages. In fact, we have been tracking the legal twists and
turns of the Hannaford case with great interest (see e.g. here,
here,
here,
here,
here
and here).
The decision in Hannaford could be a game changer
in terms of the legal risk environment related to personal data
breaches, and especially payment card breaches where fraud has been
perpetrated. In this post, we summarize the key issues and holdings
of the Court of Appeals.
Read more on InformationLawGroup.
(Related) The 'earlier post'
Appeals
court decision in Hannaford data breach case could signal new
approach
October 24, 2011 by admin
Judy Greenwald reports that at least
one lawsuit against Hannford Bros following their
2007 breach is still alive:
An appeals court’s
decision to permit negligence and contract putative class action
litigation to proceed in a grocery store chain data breach because of
the alleged damages incurred could signal a change in courts’
approach to this issue, says an expert.
[...]
Twenty-six
separate suits were filed against Hannaford arising from the breach
and were consolidated into one suit. Plaintiffs said they
experienced more than 1,800 unauthorized charges to their accounts
and suffered several categories of losses as a result of the breach.
“Plaintiffs’
claims for identify theft insurance and replacement card fees involve
actual financial losses from credit and debit card misuse,” a
three-judge appeals court panel said in its Oct. 20 ruling. “Under
Maine contract law, these financial losses are recoverable as
mitigation damages as long as they are reasonable,” the court ruled
in partly affirming and partly reversing a lower court ruling.
Read more on BusinessInsurance.com
Is there a central repository of
privacy laws and regulations Google would need to comply with in each
country? (It doesn't pop up on the first few pages of a Google
search) NOTE: The big audit firms would likely call on one another
to conduct “independent” audits of their clients, so it is likely
they each have this expertise.
FTC
Gives Final Approval to Settlement with Google over Buzz Rollout
October 24, 2011 by Dissent
Following a public
comment period, the Federal Trade Commission has accepted as final a
settlement
with Google, and authorized the staff to provide responses to the
commenters of record. The settlement resolves charges that Google
used deceptive tactics and violated its own privacy promises to
consumers when it launched its social network, Google Buzz, in 2010.
The agency alleged that the practices violate the FTC Act. The
settlement bars the company from future privacy misrepresentations,
requires it to implement a comprehensive privacy
program, and calls for regular, independent
privacy audits for the next 20 years.
The Commission
vote approving the final settlement was 4-0. (FTC File No. 102-3136;
the staff contact is Katherine Race Brin, Bureau of Consumer
Protection, 202-326-2106; see press
release dated March 30, 2011.)
Source: FTC
“It is illegal to be young and
ignorant!” In “Ye Olde (Pre-Internet) Days” no one knew you
were playing Doctor. Now teens have portable “x-ray machines” to
better equip their examination rooms and they can send the images out
for a “consultation.”
MI:
Prosecutor to seek cell records in ‘sexting’ probe
October 25, 2011 by Dissent
Associated Press reports a story
originally reported by WCSR in Michigan:
A prosecutor plans
to subpoena cell phone records of students in Hillsdale and Branch
counties as part of an investigation into widespread sharing of
sexually explicit photos.
Assistant
Hillsdale County Prosecutor Megan Stiverson told WCSR for a story
Friday (http://bit.ly/oxUWS1 )
that the original “sexting” incident involved two female students
at Hillsdale High School and a male student at Quincy High School.
She said at least
a dozen others are involved with some students taking explicit photos
of themselves and sending them with their cell phones.
[...]
Stiverson
said sending a nude photo of a minor is a felony, even if the minor
is sending it.
Is a subpoena the right requirement
here, or should it be a warrant to search their cell phones? And are
we (again) criminalizing youthful indiscretions?
The cases I mentioned earlier this week
from Baltimore
raise different issues – including uploading material to the
Internet of people who neither knew they were being taped nor
consented to it. In this case, if teens are voluntarily sharing nude
photos of themselves, then however stupid or dangerous we think such
behavior might be, do we really want this all handled as a criminal
investigation? This is where we should try education. What
have the schools in Michigan been doing to teach teens about privacy?
[Or schools anywhere? Bob]
They should learn from Internet
companies. “We'll give you a dollar a month. To receive more,
sign up for our fun “fingerprinting & DNA” social network!”
Judge
Orders Injunction On Florida’s Welfare Drug Testing Law
October 24, 2011 by Dissent
David Taintor reports:
A U.S. district
judge on Monday ordered
an injunction on a Florida law requiring welfare applicants to
pass a drug test before receiving state benefits.
An ACLU lawsuit
filed in September claimed
the Florida law violates the Fourth Amendment by requiring welfare
applicants to submit to a “suspicionless” drug test. The suit
was filed on behalf of Luis Lebron, a 35-year-old Orlando resident
and Navy veteran who applied for welfare benefits but refused to take
the drug test.
Read more on TPMmuckraker.
Something to mention to all my
students...
Privacy-protecting
Facebook Disconnect app is downloaded 152,000 times
October 24, 2011 by Dissent
Rob Waugh reports:
Facebook’s
reassurances about its privacy policies don’t seem to have calmed
people’s fears of the internet giant – as users flock to shield
their browsing histories from its all-seeing eye.
Facebook openly
admits to tracking your use of other websites while you are logged in
to the site. But the site’s attempts to reassure people that its
use of their web browsing information is innocent don’t seem to
have had the desired effect.
Facebook
Disconnect – a browser extension which prevents Facebook ‘seeing’
which other sites you visit online – has been downloaded 152,000
times.
Read more on Daily
Mail
So we know that there are at least
152,000 privacy-conscious people in the world. That’s nice.
[...until you remember
that Facebook has over 700 million users. Bob]
If you saw this coming, where do you
now stash your millions?
Swiss
Banks Said Ready to Reveal Clients
… “The Swiss would like to get
out of this by paying money, and they’ve done that with other
countries,” said tax attorney H. David Rosenbloom of Caplin &
Drysdale Chartered in Washington, who isn’t involved in the talks.
“For the U.S., it’s not primarily a money question. It’s a
matter of making sure the laws apply fairly among taxpayers.”
… UBS, which isn’t one of the 11
banks now under scrutiny, avoided prosecution in 2009 by paying $780
million, admitting it fostered tax
evasion and handing over details on 250 secret accounts. It
later disclosed another 4,450 accounts.
Because Infographics get the point
across (usually)
INFOGRAPHIC : How SMS Messaging Is
Changing The World
For my geeks
3
Websites To Help You Find The Best Software
Looking for software online has
actually become easier these days. Do you want to see a comparison
of all similar software for a specific task? There’s an app for
that. Do you want to see all alternatives to a specific program?
There’s an app for that too. You probably knew this from using the
many rich repositories of software available on FileHippo,
SourceForge, etc. However, there are other more recently
developed applications with interesting approaches to listing
software that might just help you find what you need quickly and
painlessly.
CatchFree
is a brilliant site that offers a very useful approach to software.
You simply type the task you’re trying to accomplish on the site’s
search bar, and you’ll be presented with software suitable for your
specified task. What makes it stand out from other software
repository sites is that it lists several products at once and
displays in a nice comparison chart all the common features of the
products so you’ll know exactly which ones can perform additional
tasks or not.
AlternativeTo.
You can use this site by first typing in the name of the software
you’re trying to find an alternative for. After that, you’ll see
a list of similar software sorted by user “likes”. You can
filter by platform
… If you’re interested in more
sites that can show you what other users prefer, check out the social
network Wakoopa,
Apps & Oranges,
iusethis, FilePig,
etc.
http://www.makeuseof.com/
There are plenty of resourceful lists on our site that will point
you to some of the best applications and services for a variety of
platforms.
No comments:
Post a Comment