In the company’s defence, the employee was probably “former” and “disgruntled”. Who sells corporate hardware without authorization?! You’d think after previous debacles of data loss and personal information issues banks would pay more attention to this kind of security leak. I’m just happy I don’t bank with them.
“American Express and NatWest/RBS said they were investigating, but would need to establish how many clients were involved before deciding on a course of action. Graphic Data said it was trying to recover the computer. (link)
Published August 14, 2008
censorship , Identity Theft , news , technology
Tags: crime, data, email, exchanges, government, information, uk
The Government will store “a billion incidents of data exchange a day” as details of every text, email and browsing session in the UK are recorded under new proposals published yesterday.
The information will be made available to police forces in order to crack down on serious crime, but will also be accessible by local councils, health authorities and even Ofsted and the Post Office.
One example of crime prevention using the data given in the consultation document is that of the Child Exploitation and Online Protection agency, which targets sexual abuse of children.
“The vast majority of CEOP’s work is by resolution of IP addresses, e-mail addresses and increasingly mobile phone numbers. (link)
Published August 6, 2008
crime , Identity Theft , news , technology
Tags: card, computer, credit, debit, hacked, information, maxx, numbers, systems, theft, tj
The US authorities have charged 11 people in connection with the theft of credit-card details in the country’s largest-ever identity theft case.
They are accused of stealing more than 40 million credit and debit card numbers before selling the information.
They allegedly hacked into the computer systems of several major US retailers and installed software to access account details and passwords.
Prosecutors said the alleged fraud was an “international conspiracy”.
Three of those charged are US citizens. The others come from Estonia, Ukraine, Belarus and China.
The 11 suspects are alleged to have obtained card numbers, account information and password details by driving around neighbourhoods and hacking into wireless equipment. (link)
Published June 19, 2008
crime , Data Recovery , Identity Theft , news , technology
Tags: data, information, it, professionals, snooping, spy, survey, technology
One in three information technology professionals abuses administrative passwords to access confidential data such as colleagues’ salary details, personal emails or board-meeting minutes, according to a survey.
U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role.
“All you need is access to the right passwords or privileged accounts and you’re privy to everything that’s going on within your company,” Mark Fullbrook, Cyber-Ark’s UK director, said in a statement released along with the survey results on Thursday.
“For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those ‘in the know’ they are the keys to the kingdom,” he added. (link)
Published June 17, 2008
censorship , news
Tags: act, bush, email, emails, federal, freedom, house, information, judge, lawsuit, white
A federal judge today sided with the Bush administration in a Freedom of Information Act (FOIA) lawsuit related to missing White House e-mails. Judge Colleen Kollar-Kotelly, who is probably most familiar to Ars readers for her role in the Microsoft antitrust case, held that the White House’s Office of Administration was not a federal agency as that term is defined by the FOIA and was therefore not obligated to respond to FOIA requests.
The ruling represents a setback for the plaintiff, Citizens for Responsibility and Ethics in Washington (CREW), which was also behind the White House e-mail lawsuit we covered in April. That lawsuit was heard by a different judge, was directed at a different federal agency, and was filed under different federal statutes: the Federal Records Act and the Presidential Records Act. The White House has denied wrongdoing in that case, and the case is still being litigated. (link)
Published June 9, 2008
crime , Data Recovery , Identity Theft , news
Tags: breach, data, enforcement, identity, information, law, security, theft
Over the past five years, 43 US states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis of data supplied by the US Federal Trade Commission (FTC).
“There doesn’t seem to be any evidence that the laws actually reduce identity theft,” said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper’s authors.
Romanosky’s team took a state-by-state look at FTC identity theft complaints filed between 2002 and 2006 to see whether there was a noticeable impact on complaints in states that had adopted data breach notification laws such as California’s SB 1386, which compels companies and institutions to notify state residents when their personal information has been lost or stolen. Their paper is set to be presented at a conference on Information Security Economics held at Dartmouth College later this month.
Since 1999 the FTC has invited identity theft victims to log information about their cases on its Web site. The data are then made accessible to law enforcement, which uses the information to help analyze crime trends. A lot of people complain, but it represents only a subsection of all identity theft cases. In 2006, for example, the FTC logged 246,035 identity theft complaints, while a Javelin Strategy survey estimated that there were 8.9 million ID theft victims that year. (link)