Free Republic

Researchers Say Notification Laws Not Lowering ID Theft Over the past five years, 43 U.S. states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis of data supplied by the U.S. Federal Trade Commission (FTC). "There doesn't seem to be any evidence that the laws actually reduce identity theft," said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors. Romanosky's team took a state-by-state look at FTC identity theft complaints filed...

The push for a national data breach notification is heating up. With more than 160 million data breaches since 2005, legislatures in 35 states have passed laws requiring businesses and government agencies to notify consumers if their personal information has been compromised due to a security breach. Identity theft accounted for a greater percentage (36%) of the 674,354 complaints to the Federal Trade Commission from January 1, through December 31, 2006. As a result, the Cyber Security Industry Alliance this week urged adoption of national standard for consumer protection and notification. "CSIA strongly urges Congress to pass legislation establishing a...

July 26, 2007 (Computerworld) A senior database administrator at a subsidiary of Fidelity National Information Services who was responsible for defining and enforcing data access rights at the firm took data belonging to as many as 8.5 million consumers -- not 2.3 million, as originally disclosed by the company. The new number was disclosed yesterday in filings by Fidelity National with the U.S. Securities and Exchange Commission (SEC). The company warned of the possibility that even more data may have been compromised in the breach. Jacksonville, Fla.-based Fidelity National, which is not connected with the more widely known mutual funds...

OTTAWA–You could say thousands of Calgary residents in Diane Ablonczy's riding who once were members of the Canadian Alliance are lucky. Or not. Their private information, stored along with other sensitive party documents by a party organizer, was left on a laptop computer that was shipped to anyone in North America on eBay. The computer contains names, home addresses, phone numbers, email addresses for party members in Calgary-Nose Hill and it even contains the very agreement that outlines how the confidential data should be protected. "The Parties agree that this system and the information contained in it are confidential and...

A half dozen discs containing the sensitive information of many Chicago voters are missing. They were among more than 100 discs distributed to Chicago aldermen and others with the vital information like Social Security numbers of Chicago voters. Many are wondering why the Chicago Board of Elections ever sent them out in the first place. Critics say this was negligence, or at the very least carelessness at the board of elections, and they wonder how over a million voter Social Security numbers could be released on a computer program without a red flag going up somewhere. The board says two...

A backup drive gone missing leads the Privacy Commissioner of Canada to start its second investigation into the practices of one of the country's largest financial institutions. The bank explains its crisis management strategy. CIBC is facing an investigation by federal Privacy Commissioner Jennifer Stoddart’s office following the loss of a backup drive containing personal and financial data on 470,000 customers of its subsidiary Talvest Mutual Funds. The bank said it had no reason to believe information on the drive, which went missing while in transit between two offices, had been inappropriately accessed so far. The drive contained client names,...

If anyone has sympathy for TJX Companies Inc. in the wake of a massive data breach that may have exposed the credit card data of millions of customers, they're not expressing it in the blogosphere. The Framingham, Mass.-based retail giant acknowledged that an attacker exploited a flaw in a portion of TJX's computer network that handles credit card, debit card, check, and merchandise return transactions for customers of its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico, and its Winners and HomeSense stores in Canada. The intrusion may involve customers of its T.K. Maxx...

WASHINGTON - Over the past five years, the United States Department of Defense has reported 60 laptop computers missing or stolen from their inventory. According to documents obtained by WTOP through a Freedom of Information Act request, the DOD is not alone. Many of other federal agencies have reported similar or even higher numbers. Missing Laptops: National Oceanic and Atmospheric Administration: 319 Department of Interior: 240 Environmental Protection Agency: 60 Department of Labor: 57 National Institute of Standards and Technology: 35 International Trade Administration: 30 Department of Housing and Urban Development: 15 U.S. Patent and Trademark: 9 Troy Allen is...

Theresa Sanchez was expecting a $5,400 tax refund when she opened a letter from the IRS in January 2003. Instead, she got a bill demanding payment of taxes on $120,000 in undeclared wages. Someone using her name and Social Security number had earned the money through a series of jobs dating back to 1996 and had not paid any taxes on the income, the letter said. Sanchez complained to the agency and to the Federal Trade Commission that her identity had been stolen, and was being used by someone to gain employment. Nonetheless, more than two years later, in April...

LOS ANGELES — The University of California, Los Angeles alerted about 800,000 current and former students, faculty and staff on Tuesday that their names and certain personal information were exposed after a hacker broke into a campus computer system. It was one of the largest such breaches involving a U.S. higher education institution.

IT security professionals are struggling to detect and prevent data breaches, according to the results of a recent survey of 853 U.S. security executives conducted by the Ponemon Institute LLC. Nearly two-thirds of security executives said they have no way to prevent a data breach, while most respondents said their organizations lack the accountability and resources necessary to enforce data security policy compliance, according to the Elk Rapids, Mich.-based think tank. The study, conducted in June and July, was sponsored by Palo Alto, Calif.-based security firm PortAuthority Technologies Inc. "I don't think I expected two-thirds to say they can't prevent...

Student loan holders logging on to an Education Department Web site between Sunday night and Tuesday morning exposed their personal identities to others as a result of a glitch in a contractor's efforts to service the site. As first reported in the Boston Globe Wednesday, as many as 21,000 borrowers in the Federal Direct Student Loan Program could have had their personal data, including Social Security numbers, birthdates and addresses, compromised in yet another government agency data breach. This incident follows a string of publicized breaches governmentwide, affecting information systems in more than a dozen federal agencies. Dallas-based Affiliated Computer...

Beaumont Home Care is offering a reward for the recovery of a laptop computer stolen along with a Home Care nurse's vehicle Aug. 5 outside a home in Detroit. The vehicle was later recovered without the laptop. The computer, taken with the car from the 9300 block of Agnes Street near McClellan and Jefferson, contained personal and health information from Home Care patients served during the previous three years. "We have been working with the Detroit police in investigating the theft and attempting to recover the laptop," said Chris Hengstebeck, director of Security, Beaumont, Troy. "We deeply regret that the...

NASHVILLE (AP) -- HCA Inc. (HCA) said 10 computers containing Medicare and Medicaid billing information and records of employees and physicians were stolen from one of the company's regional offices. HCA officials won't say where or when the theft occurred because they believe that might help the thieves, who authorities believe were after computer hardware, not personal identity information. "We don't want to tip them off they may have information that they might use to perpetuate identity theft," said HCA spokesman Jeff Prescott. The Nashville-based for-profit hospital operator reports on its Web site that the Federal Bureau of Investigation is...

Veterans Seek Billions in Data Breach Suit By Roy Mark June 6, 2006 WASHINGTON - Angry veterans aren't waiting for Congress to take action over the recent Veterans Administration loss of 26.5 million personal records of veterans. Tuesday afternoon, a coalition of veterans groups filed a class action lawsuit demanding the VA name those who are at risk for identity theft. The suit seeks $1,000 in damages for each person, a payout that could reach $26.5 billion. According to the lawsuit, the VA's loss of the records violated both the U.S. Privacy Act and the Administrative Procedure Acts. "It...

Security researchers and legal experts have voiced concern this week over the prosecution of an information-technology professional for computer intrusion after he allegedly breached a university's online application system while researching a flaw without the school's permission. Last Thursday, the U.S. Attorney's Office in the Central District of California leveled a single charge of computer intrusion against San Diego-based information-technology professional Eric McCarty, alleging that he used a Web exploit to illegally access an online application system for prospective students of the University of Southern California last June. The security issue--which could have allowed an attacker to manipulate a database...

Testimony of Beth McConnell Director, Pennsylvania Public Interest Group Education Fund On behalf of United States Public Interest Research Group, Consumer Federation of America, National Consumer Law Center Before the Internal Revenue Service Public Hearing, April 4th, 2006 Regarding Notice of Proposed Rulemaking Amendments to Section 7216 Regulations and Revenue Guidance 26 CFR Part 301 [REG-137243-02] RIN-1545-BA96 and Revenue Procedure 2005-93 [Notice 2005-93] Good morning. My name is Beth McConnell, and I’m the director of the Pennsylvania Public Interest Research Group Education Fund (PennPIRG Education Fund). I am also offering comments today on behalf of U.S.PIRG, the National Consumer Law...

The US state of Georgia has allowed a remote attacker to access a database containing the details of 570,000 members of the state’s pension scheme. The cause of the breach has been blamed on an unpatched flaw in one of the state’s security programs, although the supplier of the software has not been disclosed. The attacker is said to have breached the system towards the end of February, using a variety of hacking tools to access the server hosting the database. Georgia said it was in the process of fixing the security flaw in the system, before the hacker got...

MONTPELIER — Thousands of Vermont State Colleges students, faculty and staff learned this week that a VSC laptop computer stolen from a car parked in Montreal on Feb. 28 could have given thieves access to their personal financial information, including Social Security numbers and payroll data. And while system administrators assured the thousands of potential identity-theft victims that they had all but eliminated access to the colleges' computer network from the laptop, some faculty and staff are furious that VSC took three weeks to warn them. "I can share with you that many, many people have come to me to...

(subtitle-Major credit card associations and financial institutions are saying little ) MARCH 09, 2006 (COMPUTERWORLD) - The continued refusal by major credit card associations and financial institutions to identify the source of a data compromise that has resulted in a wave of debit card fraud worldwide is fueling concerns about the scope of the problem. It is also shining a spotlight on what may be growing attempts by criminal gangs to try to compromise PIN-based card transactions, which have until now been considered extremely secure, analysts said. The immediate furor was ignited earlier this week by Citibank, which acknowledged that...

Data Theft Information On Dec. 31, 2005, tapes and disks containing confidential information of 365,000 patients who have received care from Providence Home Services were reported stolen. Please note: This affects Providence Home Services patients only. Other Providence patients who did not receive care through Home Services are not affected. There is no indication that the stolen information has been used for identity theft. Providence recognizes the significance of the personal information that was stolen. We are deeply sorry this has happened and truly apologize to all those affected. Q&A on breach

Guilty Plea in ChoicePoint Data Theft By Martin H. Bosworth ConsumerAffairs.Com December 28, 2005 The alleged culprit behind the ChoicePoint data breach, which compromised the personal information of 145,000 people, has entered a guilty plea to charges of conspiracy and grand theft. Nigerian-born Olatunji Oluwatosin, of Los Angeles, is scheduled to be sentenced on Feb. 10. Oluwatosin is already serving a 16-month prison term for a previous felony count of identity theft, to which he pleaded no contest. Oluwatosin was considered part of a larger conspiracy, one of several individuals who gained access to ChoicePoint's database of consumer records. However,...