After case after case of data loss relating to social security numbers in the US, the FTC has taken a decision – stop making social security numbers so critical as a form of identification.
Hats off to the FTC, as by this it effectively admits that data theft will always occur, all you can do is try and limit the effects.
Another month, another official getting caught misusing data (with a very low detection rate the concern is how many are not getting caught).
In Columbus Ohio, Erin G. Rosen, who worked as general counsel within the Attorney General offices, has been accused of using the company databases to find information about colleagues.
It appears that this is not the only case to have occurred in the office with another person resigning this year over improper conduct in the office.
The company Express Scripts has, reportedly had its data stolen and is now being blackmails for it.
Express Scripts, which is a US prescription management company, has received a letter threatening to release the records if it does not pay up.
The letter provided evidence of the data theft, by providing samples of records, which contain information about medical records, social security numbers, etc.
Rather than paying up Express Script has called the FBI, and set up an website to try and calm their clients.
The irony is that in 2006 the company pushed for greater use of electronic prescriptions, presumably for higher profits. Electronic data is so much easier to handle than paper so profits go up, as costs go down. Perhaps if the costs had gone up slightly, there would have been greater security of the data.
So far it has not been confirmed how the data was stolen/lost, i.e was it a hack or a data loss, as has happened so many times before. The companies FAQ on the subject states
We believe we have identified where the data involved in this situation was stored in our systems and have instituted enhanced controls. We are continuing our investigation to identify those responsible for any unauthorized access.”
Well, that’s nice and clear!
A federal judge has stopped an Apple Employee working at Apple after an application by IBM.
The employee, a Mark Papermaster the new Vice President of Device Hardware for Apple, only started work last week.
Mark had previously worked at IBM, and had signed an “non compete” agreement in 2006. The agreement stated that when he left IBM he would not work at a competitor for at least a year.
Lockheed Martin (NYSE: LMT - News) announced that the corporation received a Blanket Purchase Agreement (BPA) to continue providing litigation support services to the U.S. Commodity Futures Trading Commission (CFTC). The initial funding, extending a five-year eLaw association between Lockheed Martin and CFTC’s Division of Enforcement, is valued at approximately $2 million.
Computer spying and theft of personal information have risen notably in the past year, costing tens of millions of dollars and threatening U.S. security, the FBI’s cyber division head said on Wednesday.
FBI Assistant Director Shawn Henry told reporters that organized-crime groups are drawn by the ease of reaching millions of potential victims.
He said as many as two dozen countries have taken an “aggressive interest” in penetrating the networks of U.S. companies and government agencies.
He declined to specify countries, but U.S. intelligence agencies have voiced concern over Russia and China’s abilities to electronically spy on the United States and disrupt U.S. computer networks.
As one possible example of Russia’s electronic spying prowess, Georgia accused Moscow in August of conducting “cyber warfare” to shut down Georgian government websites at the same time as it carried out a military offensive.
U.S. federal agents are stepping up efforts to fight computer crime, and working with foreign counterparts where the rising wave of computer attacks has awakened international interest, Henry said.
“Over the past year the malicious activity has become much more prevalent,” Henry said. “The threat continues to increase.”
An attack method growing in popularity is “botnets,” in which malicious software spreads via viruses to computers of unwitting individuals and companies forms networks that can then be used for data theft or shutting down a system,
Hackers have broken in to the e-mail of the US Republican vice-presidential candidate, Alaska Governor Sarah Palin.
The hackers, who targeted a personal Yahoo account, posted several messages and family photos from her inbox.
The campaign of running mate John McCain condemned their action as “a shocking invasion of the governor’s privacy and a violation of the law”.
The hacking comes amid questions about whether Mrs Palin used personal e-mail to conduct state business.
According to law, all e-mails relating to the official business of government must be archived and not destroyed. However, personal e-mails can be deleted.
Mrs Palin is currently under investigation in Alaska for alleged abuse of power while governor.
BBC NEWS | World | Americas | Hackers infiltrate Palin’s e-mail.
TAMPA – A federal judge has approved a settlement in two class-action lawsuits filed against a St. Petersburg check authorizing company that had more than 8.4 million consumer records stolen and sold to direct marketers.
The settlement provides for a range of credit monitoring services and reimbursement of expenses for those whose identity was stolen. The company, Certegy Check Services, also is reimbursing more than $2 million in legal expenses to the law firms involved in the cases.
William G. Sullivan, a former analyst for Certegy, was sentenced in July to four years and nine months in federal prison for stealing the records. A judge also ordered Sullivan to pay $3.2 million in restitution to Certegy.
A federal prosecutor said at the sentencing hearing that Certegy had to spend $3.2 million to notify the 5.9 million customers whose private financial information was stolen. The victims were in all 50 states, the District of Columbia, the Virgin Islands, Puerto Rico and overseas. Some customers had data stolen that was not deemed to be private financial information.
The class covered by the settlement includes anyone in the United States and Puerto Rico whose credit card, debit card, checking or demand deposit account numbers or other information was included in multiple databases. It excludes anyone who decided to opt out of the settlement after being notified it was pending.
Under the settlement, Certegy is required to pay $2.35 million in attorney fees, costs and expenses. Two representative plaintiffs, Linda Beringer and Dana M. Lockwood, were awarded $500 each. Other named plaintiffs were awarded $250 each.
The federal Electronic Communications Privacy Act of 1986 (ECPA) limits employer monitoring of employees’ electronic communications. “Electronic communications” include e-mail, digitized transmissions and video conferencing. The first part of the ECPA prohibits the unlawful intentional interception of wire, oral and electronic communication. The second part of the ECPA prohibits the unlawful intentional access to wire or electronic communication while they are in electronic storage. The Act provides not only criminal penalties, but a civil penalty of $100 per day for each day the Act is violated or a $100,000 penalty, whichever is greater