Oops?
Columbia
U. notifies faculty and proprietors that their SSN and bank account
numbers were exposed on the Internet for two years
April 30, 2012 by admin
A reader kindly alerted me to the fact
that Columbia University sent out breach notices last week. The
letter, dated April 21, informed recipients that 3,000 current and
former employees, as well as 500 sole proprietors had their names,
addresses, Social Security numbers and bank account numbers exposed
on the Internet. The names of the banks or the routing numbers were
not included in the file.
According to the letter from Jeffrey F.
Scott, Executive Vice President for Student and Administrative
Services, the breach occurred when a programmer
erroneously saved what was supposed to be an internal test file on a
public server in January
2010. [Never test with real data.
It does not contain the errors you are testing for. Bob]
The file remained there until it was discovered because Google had
indexed it. The university said it was informed of the breach on
April 16 and took immediate steps to secure the file and remove it
from Google’s index. The university’s logs
indicate that the file was not accessed between January 2010 and
March 10, 2012, when it was first indexed by Google. [See how
valuable logs can be? Bob]
Columbia is offering affected
individuals a two-year subscription to a credit monitoring service
from Experian.
In a statement to DataBreaches.net, the
university writes:
We deeply regret
that this incident occurred and the imposition it has caused. We
have arranged for affected individuals to receive a two-year
subscription to a credit monitoring system to help ensure they are
protected from the risk of identity theft.
Although an FAQ posted on Columbia’s
web site says that this breach “appears to have been an isolated,
unintentional incident,” it is at least the fourth time the
university has had a breach involving exposure of personally
identifiable information on the Internet. And it is not the first
time data were available on the Internet for quite a while before
being discovered:
- In 2005, an Emergency Management Operations Team Contact List for the School of International and Public Affairs was exposed on the Internet. As a result, 98 individuals associated with SIPA had their names, phone numbers, emergency contact person and Social Security numbers exposed. Although the university believed it had fully corrected the problem, a copy of the list showed up on the Internet again in June 2006.
- In June 2008, 5,000 students’ Social Security numbers were discovered on the Internet. They had been exposed since February 2007, when a student employee had uploaded a database of students’ housing information to a Google-hosted Web site.
- In September 2010, NewYork-Presbyterian Hospital and Columbia University Medical Center disclosed that the names and clinical information of 6,800 patients were exposed on the Internet during the month of July because an employee’s computer was “inadvertently open” to the Internet. For 10 of those patients, Social Security numbers were included.
A fifth exposure incident, in which the
Social Security numbers of some of 993 doctors at Columbia
University’s faculty practice were exposed was not
due to Columbia University’s error but to an error by United
Healthcare.
Related: Breach
FAQ
We have no reason to suspect you are
cheating but we want to come onto your property and check anyway...
UK:
Nottingham textile firm taking a stand against council camera car
April 30, 2012 by Dissent
Good one, but do they really have any
legal leg to stand on? The council says they don’t:
A Nottingham
business is refusing to let the city council’s camera car onto its
premises to check it is obeying the conditions of the workplace
parking levy.
The council has
spent £93,000 on a car [A Toyota at Rolls prices
Bob] that will record the number of
vehicles parked in company car parks [because they couldn't find
anyone who could count? Bob] to enforce the new parking
tax.
But Lenton firm
Nottingham Textile Group, which voiced strong opposition to the levy
before it came into force at the beginning of the month, has
questioned the legal rights of the council to record on private
property.
The company’s
chief operating officer Adrian Wright has written to the Government
Office of Surveillance Commissioners and the Information
Commissioner’s Office, to ask for clarification and guidance. He
says until this is provided they will not allow the car on site.
Read more on This
is Nottingham.
[From the article:
The company's chief operating officer
Adrian Wright ... said: "It's the privacy aspect of it. When
they've recorded the vehicles, what happens to that information?"
… The company has said it
will only use ten of its 50 car parking spaces, which is the maximum
number of spaces before businesses have to pay the levy.
"We've got cars strewn down the road," said Mr Wright.
"A few are beached at the side of the kerb. It looks rather
strange when we have an empty car park, but that's our choice because
we feel we can spend that money in many better ways."
Surely not what the framers intended.
Before you change how the system works, explain why it isn't doing
the job...
"The USPTO is considering a
rather interesting
request straight from lobbyists via congress. That certain
'Economically Significant' patents should be kept
secret during the process (PDF Warning) of being evaluated and
granted. While this does occur at the moment on a very select few
patents 'due to national security' for things like nuclear energy and
the like — this would allow it to go much, much further. 'By
statute, patent applications are published no earlier than 18 months
after the filing date, but it takes an average of about three years
for a patent application to be processed. This period of time
between publication and patent award provides worldwide access to the
information included in those applications. In some circumstances,
this information allows competitors to design around U.S.
technologies and seize markets before the U.S. inventor is able to
raise financing and secure a market.'"
Might make good handouts, if we could
get them printed neatly...
April 29, 2012
New
on LLRX - A Technical Examination of SOPA and PIPA
Via LLRX.com
- A Technical
Examination of SOPA and PIPA - The Stop Online Piracy Act (SOPA)
and Protect IP Act (PIPA) are the subject of this Infographic, by
Spencer Belkofer,
Lumin Consulting. See also his related Infographic on the Cyber
Intelligence Sharing and Protection Act (CISPA).
Who, in their right mind, would want to
impersonate a government official...
April 29, 2012
New
E-Gov Site - Check & Register: Federal Social Media Accounts
Via Howto.gov:
"Do you have an official government social media account? Have
you ever wondered if one you’re following is legit? GSA has built
a federal
social media registry — a government-wide solution that gives
the public a way to verify whether a social media account is
official. It also provides a place for agencies to register their
accounts centrally so they don’t have to build a solution within
each agency. This tool is now available for agencies to use on
HowTo.gov, so they can start
entering and editing their data."
Interesting idea (changes often are)
but who is teaching the employees/bosses how to use these new toys?
The article merely suggests that “big things are happening”
without real examples.
How
Tablets Are Transforming Business Intelligence
… Jeff Cavins, CEO of Fuzebox,
recently wrote
in Business Insider that the explosive uptake of tablet computers
is fueling the growth of what he called the new “iPad economy.”
Cavins said: “The iPad is shifting the way businesses function,
changing how executives interact and transforming the economics of
today’s business operations.”
… Simple RSS readers are used to
condense multiple streams of content from a variety of sources into
single channels, granting users access to diverse content all in one
place. Some applications have further simplified news aggregation by
using innovative search technology that goes beyond the function of
RSS readers to deliver richer streams of highly targeted information
to business users – a critical asset to businesses large and small.
Here's one I clearly don't understand.
Barnes
& Noble, Microsoft ink $300M deal on e-reading
The companies announced today that
Microsoft
has invested $300 million into a new Barnes & Noble subsidiary,
known as Newco until the company can come up with a name. The $300
million investment will give Microsoft 17.6 percent equity stake in
the firm. Barnes & Noble, which assumed a $1.7 billion valuation
on the subsidiary, will retain 82.4 percent ownership.
Newco will combine Barnes & Noble's
digital and College businesses, meaning the retailer's Nook operation
and its Nook Study software for students and educators will be a part
of the operation.
As part of this deal, Barnes &
Noble will bundle its Nook digital bookstore with Windows 8 when it
launches later this year. In addition, the companies have settled
all of their patent litigation related to use of Android
on the Nook tablet,
and have formed a "royalty-bearing license under Microsoft's
patents for its Nook e-reader and Tablet products."
Since most of my Math is online, this
could help my students...
April 29, 2012
Infographic
- The Eye-Opening Effects of Staring at Your Screen
The
Eye-Opening Effects of Staring at Your Screen by JuJu Kim. "It’s
no secret that we spend more than six hours a day on average staring
at digital screens. But what’s lesser known is the toll it can
take on our eyes. Read on for the ailments too much screen-staring
can cause (turns out, “Computer Vision Syndrome” is a thing),
then discover some tips to protect your peepers."
Finding, organizing and presenting
online resources for each of my classes takes time. Tools like this
might help...
There are literally hundreds of
services out there that want to help you keep your bookmarks neat and
tidy. The problem is, most of these are installed to your browser,
and therefore, only work on that specific browser. Fav-Links is
different, because it works with a web app and a Windows-based app,
so it works regardless of what browser you are using.
Fav-Links offers a very elegant
bookmark solution that is easy to use. Once you install the program,
a small icon will appear on your screen. You simply click and drag
the URL you want to add to the icon and it will add it to your
bookmarks. You can add a custom screenshot to the bookmark, so it
looks exactly as you want.
- Similar tools: Pistashio, Rinnku, Wonderpage, Transferr, SpeedTile, Tizmos, Only2Clicks, Linkdoozer, Skloog,SiteHoover and Thumbtack.
- Related article: 5
Excellent Firefox Extensions to Manage your Bookmarks.
No comments:
Post a Comment