« July 2006 | Main | September 2006 »
ConsumerAffairs.com reports on this one.
A security breach on MySpace that enabled users to view other users' private pictures and postings went unattended for several months, according to news reports.
A Wells Fargo contractor had a disk stolen from their car, containing sensitive personal data on employees, including social security numbers and prescription drugs. No news on the number of people effected. numbrX Security Beat blog has this story—and a photo of the letter employees received from Wells Fargo.
Wells Fargo sent a letter to its employees early this week warning “that a computer and data disk containing some of your personal information has been stolen” from an employee of an independent public accounting firm. The firm was hired to review Wells Fargo’s health and welfare plans.
Update: Watch out, this browser looks like it might be bad news. Read more here.
Update 2: Yep, stay away from Browzar. At best, it doesn’t really do much and is an annoyance. It’s not even a new browser, it’s a “wrapper” around Internet Explorer.
There’s a new web browser, believe it or not. It’s designed to not leave a trail behind and provide complete privacy; CNET has a story or just visit their web site. Oh, just because I linked there doesn’t mean I vouch for it. It may not be the best idea to install software you aren’t familiar with. And there are many tools available that will wipe away all the little footprints you leave behind when you browse the web. Go to http://www.download.com or http://downloads.zdnet.com and you will find quite a few. The idea behind browzar is that it does it automatically.
SunHerald reports that a college employee was mugged and the thief took his notebook computer.
A laptop computer that contained the Social Security numbers of roughly 300 Belhaven College employees was stolen during a robbery on campus, officials say.
Belhaven College President Roger Parrott said Tuesday that the robbery took place on July 19 when a school employee was walking to his car after work. A man approached him from behind. The man took the employee's wallet and laptop computer then fled.
Experian is going public on or about October 11. Manchester (UK) Evening News has a detailed story and background. According to this report, Experian might have a market cap of US$9 billion.
Hackers broke into an AT&T online store web site and accessed personal data including credit card information from “few than 19,000 customers”. AT&T said it alerted the major credit card companies and would provide credit monitoring. AT&T has been getting a lot of flack lately around privacy and data breaches. So it appears they did the right thing here from a PR perspective. Although it’s very disconcerting when a company like AT&T falls victim like this.
But allow me to ask a question. Was it just credit cards leaked or did customer SSN’s get breached too? If it’s just credit cards, then credit monitoring services, while a nice thing to provide for free, would be useless in the context of this fraud case. If all the accounts are closed, and all the hackers have are credit card numbers, then they can’t open new accounts and that is what credit monitoring can help detect. It’s a bit like giving antibiotics to someone who has the flu.
Read more here from the SF Chronicle.
A new survey of technology professionals reports that 63 percent of respondents don't believe they can prevent such breaches. The survey can be found here. More from PC World:
"This group came out much, much more negative than I ever expected," said Larry Ponemon, the founder and chairman of the Ponemon Institute, an Elk Rapids, Michigan-based firm that looks at information and privacy management practices in business and government. "They said they're bad at detecting [breaches], but even worse at preventing [breaches]."
The 11-page study, "National Survey on the Detection and Prevention of Data Breaches," which was released Monday, is based on responses from 853 IT professionals, including senior executives, information security managers, and others. The study was sponsored by PortAuthority Technologies, a Palo Alto, California-based vendor of information leak prevention software.
The study also found that 41 percent of respondents said their companies are not effective in enforcing data security policies because of a lack of corporate resources.
If you ever take a laptop with you while traveling by air, watch out for this scam.
The Federal Aviation Authority has warned about a common scam to steal laptops at airport security. Basically, what happens is that a team of scammers (probably 2 or 3) get between you and your laptop at the metal detector at airport security. They look for people carrying laptops. One of the scammers gets in front of the mark, while one or two more wait on the other side of security. After you put your laptop down to go through the conveyor, the scammer in front of you purposely sets of the metal detector and delays while your laptop goes through the detector.
Your laptop comes out the while you are still waiting way back behind the scammer who is still delaying, emptying pockets, and probably distracting security. A scammer on the other side grabs your laptop, makes off with it, and may hand it off to a third team member to make it harder to find.
Tip: If you are traveling with a laptop or notebook computer, be very careful at security checkpoints. Wait as long as possible before putting your laptop onto the conveyor belt. And keep an eye on your laptop the entire time. If you are being delayed and can’t see your computer, don’t be afraid to speak up (politely) and tell a security person that you fear your laptop might be stolen and ask that they keep an eye on it.
This bill SB1390 was introduced by Sen. Chuck Poochigian (R- Fresno). It passed the Senate in May and the Assembly in August and was signed into state law today. The entire bill is 33 words long! It requires the CA Department of Justice to include data on identity theft crimes statistics in their annual report. Here’s the bill text from the California Senate web site.
SECTION 1. Section 13012.6 is added to the Penal Code, to read:
13012.6. The annual report published by the department under Section 13010 shall include information concerning arrests for violations of Section 530.5.
Have you ever seen an employment verification from Choicepoint? This is something that a prospective employer might use to confirm that your employment background is as you told them. I have one in my hands right now. It has the person’s full name, social security number, and date of birth. It arrived in the mail today.
I assume that Choicepoint does over a million of these a year. I don’t know how many are mailed to former employers, but I bet it’s in the hundreds of thousands.
This is another example of how your sensitive data flies around, unprotected, all the time. The counter point is this: What if the former employer is large and needs your SSN and DOB to confirm it has the correct person? But couldn’t they just send the SSN with all but 4 digits redacted? And give the recipient the option of confirming the SSN by telephone. Why is the default always to send our SSN? Because it’s easier.
