February 8, 2010
The banking info for 6,000 employees of Ohio, including Governor Ted Strickland, was e-mailed to “dozens of payroll officers of state agencies.” The administration has denied that this is a data breach:
“This was legally and technically not a data breach,” said Ron Sylvester, spokesman for the Department of Administrative Services. “The data did not leave the state firewall. It was sent to state employees who are authorized to have regular access to personal information, such as Social Security numbers and bank accounts.”
Well, it’s debatable whether there was a breach; but ultimately, if the information reached people who were given authorization to access said information…well, it’s hard to call it a breach, right?
It was definitely a mistake, and the administration should definitely look into it so it doesn’t happen in the future (no guarantees that the government will be as lucky the next time around); but to call it a breach?
Posted in North America, USA | Tagged not data security issue, us data law, us law | Leave a Comment »
February 5, 2010
Twitter is warning their users of a scam that uses compromised files in torrent sites to steal user credentials. Usernames and passwords used at compromised torrent sites are tried in multiple sites, including Twitter.
The scam only works because people often use the same username and password for multiple sites. This shouldn’t come as a surprise, though:
A survey of millions of people conducted by the security firm Trusteer, suggests that 73% of people share the passwords which they use for online banking, with at least one nonfinancial website.
Around 47% of users share both their user ID and password with at least one nonfinancial website, it found.
It’s like finding your house key opens your car, your office door, your bank security box, the fourth secret door to the magical Kingdom of Narnya….
Posted in Internet | Tagged identity theft, id fraud, hacker, bank security, password security, p2p, filesharing | Leave a Comment »
February 5, 2010
A February update for Windows will patch a bug that dates all the way back from Windows 3.1. The bug was found by–of all people–a Google security researcher. Way to push that knife deeper.
On the other hand, it’s understandable that Google would be interested in such bugs: their China attack from last month was only possible because of vulnerabilities in MSFT’s Internet Explorler.
This latest vulnerability affects Windows XP, Windows Server 2003 and 2008, Windows Vista, and Windows 7.
Posted in Internet, USA | Tagged hacker, blackhat, malware, data leak | Leave a Comment »
February 4, 2010
Sometimes, I come across a story that needs to be told, be it off-topic or not, because it makes me go slack-jawed.
Apparently, it’s legal to have sex with animals in the Netherlands as long as the animal is not injured. My guess is that this was not by design but because of poor legislative wording. The laws has been amended to take care of the oversight.
The new law bans human sex with animals, including in private situations where the animals are not injured, and prohibits the production or distribution of animal pornography…
…the Dutch newspaper Algemeen Dagblad, in a 2007 survey, found that distributors in the Netherlands were responsible for some 80 percent of bestiality videos worldwide.
Man…it’s like living under sea level does something to your brain….
I definitely want some data security so I can be guaranteed I never come across the above stuff….
Posted in Europe, Scandinavia | Tagged not data security issue | Leave a Comment »
February 4, 2010
The House of Congress passed a bill that will build up the US’s cyber defenses. (If you’re a conspiracy nut, you’re probably thinking all those news stories of China’s hack on the US government and companies was probably targeted raising awareness over the issue. Tsk, tsk.)
The bill requires the president’s administration to assess the current government body when it comes to cybersecurity, and “establishes a scholarship program for undergraduate and graduate students who agree to work as cybersecurity specialists for the government after graduation.”
It sounds like good news for students who are already majoring in something related to computers:
Mr. Arcuri said that the federal government will need to hire between 500 and 1,000 more “cyber warriors” each year to keep up with potential enemies. Troops online “are every bit as important to our security as a soldier in our field,” he said.
It’s about the only specialized field I know of that will guarantee a job for decades to come. This cyberwarfare stuff? Not going away any time soon.
Posted in North America, USA | Tagged blackhat, data security, espionage, hacker, military | Leave a Comment »
February 4, 2010
969 New Yorkers were contacted by the Social Security Administration regarding the loss of a CD that contained “detailed personal information.”
The CD was lost while an employee traveled from Queens to the Bronx in October 2009. The affected New Yorkers were not alerted of the fact until January 22, when letters informing of the breach were sent out.
The agency said it had reviewed the records of all 969 people “and found no inappropriate activity.” It also contracted with the credit monitoring agency Experian to offer each person up to three years of credit monitoring activity
How would the Social Security Administration know if there was inappropriate activity or not? I mean, SSNs are used in a number of transactions, including the activation of cell phones. Are we to understand the SSA has the authorization and resources to check up on those things as well?
No word on whether encryption software was used to protect the contents of the CD.
Posted in North America, USA | Tagged data security, id fraud, identity theft | Leave a Comment »
February 3, 2010
Some 3,000 people are being notified by Highmark health insurance that their personal information may have been breached. This time, though, the incident was non-digital:
In January, the company mailed a premium billing statement to Boscov’s Department Store, a client in Reading, according to Highmark. The envelope arrived damaged and torn and pages were missing.
Nuts. For those who are looking back upon the halcyon days before digital data breaches: there was no such time. Data breaches existed then, and they exist now.
The only difference is that, if it’s true that they happen more easily and frequently now, it’s also true that it’s easier to protect the data as well. For example, the data on a stolen USB drive can be protected if it was encrypted. How can one protect the contents of the lost documents above?
Oddly enough, if people were more data-security aware, they would have sent the above as a digital files saved on an encrypted USB disk, as opposed to printed out pages….
Posted in North America, USA | Tagged document security, id fraud, identity theft, mail theft | Leave a Comment »
February 3, 2010
A doctor at a Long Island (NY) hospital has had to apologize for posting a picture of a cadaver on Facebook.
In three separate e-mails, Erica Katz, who works in the emergency medicine unit at Stony Brook University Medical Center, told faculty members that posting the photo on her Facebook page was a mistake.
“It was absolutely and unquestionably egregious, idiotic, disrespectful and thoughtless for me to ever have taken that picture, and exponentially worse to have posted in on Facebook,” she wrote in one of the letters referring to the photograph she said she took several years ago.
Does Ms. Katz actually feel that way? Or is she just trying to cover her ass?
In the same note, she said, “I had not planned to take pictures of the cadaver, it was a spur of the moment act of idiocy, and I can assure you that no other pictures were ever taken. I had honestly forgotten it existed, let alone that I had posted it online and that it was still there, and I am horrified to think how much trouble and embarrassment I have caused all of you.”
I can understand taking the picture as a “spur of the moment idiocy.” How can one justify putting it up on Facebook, though?
Observers said the incident was a rare ethical breach committed by physicians in training, who are all reminded to treat the human body — whether dead or alive — with dignity.
Right. Rare. Sure. Long hours without sleeping and stress rarely leads to people doing stupid stuff….
Posted in North America, USA | Tagged medical breach, social media sites | Leave a Comment »
February 3, 2010
OACAC, the Ozarks Area Community Action Corporation, is involved in a data security breach of Social Security numbers. The non-profit group mailed the wrong tax forms, with roughly half the members receiving their forms and someone else’s.
According to an interviewee to KSPR.com, the information that was revealed to the wrong parties included names, addresses, account numbers, federal ID numbers, and SSNs.
OACAC’s director, Carl Rosenkranz, says the organization printed two 1099 forms on one piece of paper. They were supposed to separate them and send each to the rightful owner. Instead one person got both.
This kind of stuff happens. It’s kind of a cold hearted thing to say, but this is not a new problem; it’s been around ever since national IDs were created. And, while I can appreciate OACAC’s director saying that it won’t happen again…well, it was a mistake to begin with, so how can he guarantee that it won’t happen again? He cannot.
That’s why it’s called a mistake. Like getting shot in the face by Dick Chaney (which really was a mistake).
Posted in North America, USA | Tagged data leak, data security, document security | Leave a Comment »
February 3, 2010
Laptop computers with patient information were stolen from two Greensburg medical complexes. The use of disk encryption data protcetion software has not been revealed.
One of the breaches occurred at Dr. Barry Bupp’s dental practice at Medical Commons One. The other was at Dr. Elie Abdallah’s office at the Medical Arts Building. The stolen information was listed as “patient information” and “confidential patient information” in police reports.
Police believe the same suspects may be involved in both cases. They cited the close proximity of the buildings — they are less than 200 yards apart — that both incidents occurred about the same time and there were no signs of forced entry in either theft. At Abdallah’s office, a code must be entered on a key pad to gain access, police said.
“It seems like the same person, the same group of people are involved,” said Greensburg police Capt. George Seranko. “Somehow, they got in. There’s no forced entry into the buildings.”
Uh-oh. Insider jobs? Those are the hardest to control, but also possibly the easiest to resolve once the clues fall in place.
Posted in North America, USA | Tagged data security, HIPAA, internal attacks, password security, physical security | Leave a Comment »
