When you put all your
eggs in one basket, you need to really, really protect that basket!
AFP reports:
The
personal data of at least 20 million bank and credit card users in
South Korea has been leaked, state regulators said Sunday, one of the
country’s biggest ever breaches.
Many
major firms in the South have seen customers’ data leaked in recent
years, either by hacking attacks or their own employees.
In
the latest case, an employee from personal credit ratings firm Korea
Credit Bureau (KCB) has been arrested and accused of
stealing the data from customers of three credit card firms while
working for them as a temporary consultant.
Seoul’s
financial regulators on Sunday confirmed the total number of affected
users as at least 20 million, in a country of 50 million.
The
stolen data includes the customers’ names, social security numbers,
phone numbers, credit card numbers and expiration dates, the
Financial Supervisory Service (FSS) said in a statement.
The
employee later sold the data to phone marketing companies, whose
managers were also arrested earlier this month,
prosecutors and the FSS said.
The
information was taken from the internal servers of KB
Kookmin Card, Lotte
Card and NH
Nonghyup Card.
Read more on AFP.
There is no statement about today’s news on FSS’s website at
this time. On January 13, however, the Financial Supervisory Service
(FSS) had a meeting with financial company executives in charge of
the safety and security of customer data. At the meeting, about 90
Chief Information Security Officers and Chief Privacy Officers were
present (see press
release).
The AFP report also
mentions earlier incidents, including one from last month involving
Citibank Korea that
I was not previously aware of. In researching that one, I found this
article that explains:
The
South Korean prosecutors’ office said in a Dec. 11 statement it
arrested an employee of “Bank C” for leaking information on
34,000 clients, including details of lending contracts.
Citibank
Korea confirmed in an e-mail yesterday that it was “Bank C.” The
Seoul-based unit conducted its own investigation at the FSS’
request following the arrest, it said, without elaborating on the
results of the probe.
And Korea Times
reported:
The
employee at Citibank printed the data of 34,000 customers on 1,100
pieces of paper [Very unusual Bob] and gave them to
private loan service providers in April, while the worker at SC’s
subcontracted IT center accessed the computer files of the lender,
transferred the personal data of about 104,000 customers onto a
portable storage device between November 2011 and February 2012 and
sold it to a broker.
The
prosecution said the leaked information includes customers’ names,
phone numbers, their employers and the amount of any outstanding
loans, which are also suspected of being used in a voice-phishing
scam.
Not many details, but
they will come out eventually.
Even as security
analysts are wading through the issues with the Target breach, new
information is emerging about Neiman Marcus’ woes. According to
the New York Times, hackers infiltrated the luxury retailing giant’s
computer
network as far back as July.
… “In
mid-December, we were informed of potentially unauthorized payment
card activity that occurred following customer
purchases at our stores.
Replace credit and
debit cards and all forms of ID?
CES
2014: Could a palm scanner make transactions safer?
A device called the
Pulse Wallet could create a new and secure way to confirm financial
transactions.
The technology, which
is currently in use in cash machines in
Brazil and Japan, uses an infrared camera to scan the vein pattern in
a person's hand.
While signatures can be
forged and pin codes cracked, vein patterns are thought to be unique
and more difficult to copy.
Dang! I thought
everyone was was protected. Sorry readers.
Eugene
Volokh – Bloggers = Media for First Amendment Libel Law Purposes
by Sabrina
I. Pacifici on January 19, 2014
“So
holds today’s Obsidian
Finance Group v. Cox (9th Cir. Jan. 17, 2014) (in which
[Eugene
Volokh] represented the defendant). To be precise, the Ninth
Circuit concludes that all who speak to the public,
whether or not they are members of the institutional press, are
equally protected by the First Amendment. To quote the court,
The
protections of the First Amendment do not turn on whether the
defendant was a trained journalist, formally affiliated with
traditional news entities, engaged in conflict-of-interest
disclosure, went beyond just assembling others’ writings, or tried
to get both sides of a story. As the Supreme Court has accurately
warned, a First Amendment distinction between the institutional press
and other speakers is unworkable: “With the advent of the Internet
and the decline of print and broadcast media … the line between the
media and others who wish to comment on political and social issues
becomes far more blurred.” Citizens United, 558 U.S. at 352.
In defamation cases, the public-figure status of a plaintiff and the
public importance of the statement at issue — not the identity of
the speaker — provide the First Amendment touchstones.”
Now you can be as
secure as James Bond! Or at least as the British version of the NSA
can make you.
UK
– 10 Steps to Cyber Security
by Sabrina
I. Pacifici on January 19, 2014
“The Government and
intelligence agencies are directly targeting the most senior levels
in the UK’s largest companies and providing them with advice on how
to safeguard their most valuable assets, such as personal data,
online services and intellectual property. The Cyber Security
Guidance for Business, produced by CESG
(the Information Security arm of GCHQ), the Department for
Business Innovation and Skills (BIS) and the Centre for the
Protection of National Infrastructure (CPNI), will help the private
sector minimise the risks to company assets. The guidance includes:
You say FOIA
compliance, I say thoughtless. Either way, I have no say.
Government knows best?
Sometimes what we
typically think of as non-sensitive information can be problematic in
the wrong hands. This case is a useful reminder of that.
J
Allen Carnes who owns about 4000 acres of farmland in Uvalde, Texas,
90 minutes from the Mexican border, today reacted to the
Environmental Protection Agency’s weak apology for releasing
private information on farmers and ranchers across the United States.
Carnes
says he is outraged that the EPA gave farmers’ and ranchers’
personal information, from their home addresses, to email addresses,
telephone numbers, personal notes and more, to environmental
activists under the guise of the Freedom of Information Act putting
the agriculture community at risk for agro-terrorism.
Read more on Fort
Mill Times.
Coming soon to a Health
Care database near you!
Randeep Ramesh reports:
Drug
and insurance companies will from later this year be able to buy
information on patients – including mental health conditions and
diseases such as cancer, as well as smoking and drinking habits –
once a single English database of medical data has been created.
Harvested
from GP and hospital records, medical data covering the entire
population will be uploaded to the repository controlled by a new
arms-length NHS information centre, starting in March. Never before
has the entire medical history of the nation been digitised and
stored in one place.
[...]
Once
live, organisations such as university research departments – but
also insurers and drug companies – will be able to apply to the new
Health and Social Care Information Centre (HSCIC) to gain access to
the database, called care.data.
If
an application is approved then firms will have to pay to extract
this information, which will be scrubbed of some personal
identifiers but not enough to make the information completely
anonymous – a process known as “pseudonymisation”.
Read more on The
Guardian.
Given the NHS’s
repeated failures to adequately secure patient information, this just
seems to be a privacy Chernobyl waiting to happen. And no, I’m not
just talking about the risk of re-identification, which they identify
as a “small, theoretical risk.” I’m thinking of hacks, insider
breaches, and other sources of compromise, too.
Should I file this
under “Humor” or “Branding?” My students thought McDonald
should sell McJoints and McMunchies, but it looks like we were too
slow to copyright our ideas.
Companies
woo the weed crowd with artful, edgy ads
… Fast-food
restaurants such as Jack in the Box have been delicately plying the
pot pitch with ads such as "Jack's Munchie Meal."
… This month,
playing off the approved use and sale of marijuana in the Rocky
Mountain State, Spirit Airlines further nudged that content needle by
dangling discounted fares in Colorado where, its
ad informs, “the no smoking sign is off,"
beckoning flyers to "get mile high."
For my programming
students.
Write
Mobile Apps For Any Platform With Intel XDK
Intel ... just threw
their hat back into the mobile ring again with the Intel
XDK IDE. This free development environment
allows you to write applications using HTML5, Javascript and CSS3 and
then test them against multiple devices. Once finished, you can
publish to a multitude of app stores, including Google Play, Nook,
Kindle, iTunes and the Windows 8 Store. It really is a ‘write
once, run anywhere’ deal.
Not perfect, but
useful. (Should be matched with a pronunciation site)
– is a Google
Translate mashup where you can enter a phrase and then the phrase
is automatically translated and placed over each country. Just
remember, translations are generated automatically, and some may be
inaccurate. Just one translation is provided for each word; watch
out for words with multiple meanings, and if Google Translate cannot
find a translation, it simply shows the English word.
For my nephew, and my
students who appreciate the classics...
15
Free Classic Rock Music Downloads [Sound Sunday]
(Related)
Rdio
Goes Free After Spotify Drops Time Limits
It’s a good time to
be a streaming music fan at the moment, as each of the big players
tries to grab the headlines from the other. The news at the moment
is that Rdio is
now
completely free to users, after Spotify
dropped all remaining time limits with regards to usage.
There are two catches
to the Rdio offer – one, it is only available to US residents, and
secondly, you will have to listen to occasional adverts
… Speaking of
Spotify, … Now you can listen to music for as long as you want for
free – along with the adverts. Upgrading to a paid plan now will
remove those adverts.
No comments:
Post a Comment