Short Data Breach Disclosure Windows, Potentially Damaging to Consumers

We’ve all heard of the mind-blowing cases where it takes companies months and even years to disclose data and security breaches to their customers. They keep the information to themselves, run the investigations and only later release the details to their customers, the direct victims of the breaches. But apparently, blowing the whistle too soon is not a much better idea either, according to security experts.

The debate over which time frame helps customers and which rushed actions actually do more harm was started by the SAFE Data Act data breach law which is now making its way through US committees in an attempt to better regulate what happens when a company is affected by a data breach. The new law requires “companies and other entities that hold personal information to establish and maintain appropriate security policies to prevent unauthorized acquisition of that data.” If passed, it will also make it compulsory for breached companies to inform customers within 48 hours of discovering an incident. Read more

Hackers Target Sony Once More, Thousands of Customer Records Exposed

After the hacking of the PBS network website, Sony’s movie division website was also hacked and at least 50,000 consumer email addresses have published. A group called LulzSec has claimed responsibility for the attack and stated the security breach was made possible by an existing SQL vulnerability.

“What’s worse is that every bit of data we took wasn’t encrypted,” the group wrote in a press release announcing the hack. “Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.” Read more

Plymouth hospital notifies 6000 patients of potential security breach

Last month’s disappearance of a laptop from an employee’s locked car has determined Speare Memorial Hospital in Plymouth officials to send letters to 6000 of their patients, warning them of a potential threat against their private information.

The computer in question contained hospital account numbers, medical record numbers, names, addresses, and other patient and health information. However, no Social Security numbers or other sensitive information like insurance information or credit card information were stored on it. As the laptop and the employee’s desktop computer were synced, technicians were able to determine what exactly was lost. Read more

Data Loss Affects Personal Details of over 24,000 Laredo ISD Students

Thousands of current and former high school students in the Laredo Independent School District could become identity fraud victims after a disk holding the Social Security numbers of 24,903 individuals has gone missing, said the Texas Education Agency.

Suzanne Marchman, TEA spokeswoman stated that the agency first became aware of the situation in January, when sensitive data from Laredo ISS was requested by officials with the University of Texas at Dallas’ Education Research Center .

The CD containing the information requested by TEA, was sent to the William B. Travis Building in Austin, which houses the TEA. It was received and signed for, but never reached its intended recipient. Thus, numbers for thousands of 11th and 12th graders over multiple years have been lost, instead of being delivered to James Van Overschelde, the TEA’s former director of educational research. Read more

Hard drive with private information of nearly 90,000 students missing

The Alaska Department of Education and Early Development issued a warning for school districts across the state announcing that a computer hard drive containing information on 90,000 students was stolen from Juneau.The Juneau Police Department is currently investigating the theft.

“Alaska law requires government agencies that collect personal information to notify you if your information is lost or stolen,” Commissioner Mike Hanley wrote in a news release. “This theft has unfortunately resulted in the release of some of your personal information to an unauthorized third party.”

Personal information such as names, birth dates, id numbers and more could have been accessed with the help of the stolen equipment. Read more

Fraud has decreased in 2010 – crime does not pay anymore?

US identity fraud losses went down last year by 28%, with the total number of 2010 victims going from 11 million a year before to 8.1 million. The estimated amounts also went down from $56 billion in 2009 to $37 billion in 2010, according to an annual study by Javelin Strategy & Research. These figures appear to be the lowest in the last 8 years.

The average loss per victim went down from $5,000 in 2009 to $4,600 in 2010, the drop being directly linked with the decrease in identity fraud, according to Javelin. Research data also shows 26 million records have been exposed in 404 reported breaches during 2010, compared to 221 million records in 604 breaches during 2009. Read more

ID theft scheme unmasked in Texas

Four women living in the Waco area have been charged and arrested as a result of their conspiracy to commit identity theft. They have developed a scheme scheme involving stolen Fingerprint Applicant Services of Texas (FAST) applications required by licensing and certification entities such as the Texas Education Agency.

A seven count federal grand jury indictment, that was unsealed yesterday afternoon, charges 32-year-old Angela Cuellar, 38-year-old Yolanda Ramos, 33-year-old Diane Rivera and 29-year-old Christine Elifritz with one count of conspiracy to commit identity theft. Angela Cuellar has also been charged with six substantive aggravated identity theft counts while Elifritz and Ramos, with only one aggravated identity theft count. Read more

Federal Reserve computers hacked, 400000 credit card numbers stolen

Stolen documents expose 44,000 patients medical details

Court orders one million pay restitution for Citibank credit card accounts theft