CIMIP - Center for Identity Management and Information Protection

May 2010 News Archive

May 26, 2010

Loma Linda hospital patients' personal information stolen

A thief has stolen personal information regarding more than 500 surgical patients of Loma Linda University Medical Center, according to hospital officials. full article

Facebook to simplify privacy controls Wednesday

Heeding widespread concerns about how much of its users' personal data it shares on the web, Facebook said it will begin implementing simpler privacy settings on Wednesday. full article

Bank, customer settle suit over $800,000 cybertheft

PlainsCapital Bank sued Hillary Machinery after the latter's account was depleted by online thieves

Computerworld - An unusual legal dispute between a Texas bank and a business customer over the online theft of more than $800,000 from the latter's account at the bank has been quietly settled. full article

Webinar: Ready for Data Breaches under the HITECH Act?

Carrying Out Security Breach Incident Risk Assessments Mandated for Covered Entities full article

Lifelock worries after employee data leaked to Web

IDG News Service - It may be OK for identity theft protection vendor Lifelock to publish its CEO's Social Security number, but when it comes to other company employees, that's another story. full article

'Sexting' Suit Tests Search of Student's Cell Phone

The key battle in a high school student's case against school officials who found nude photos of her in her cell phone may be over whether "clearly established law" barred them from rummaging through the contents of the device. full article

May 25, 2010

New Phishing Attack Exploits Tabbed Browsing

Aza Raskin of Mozilla demonstrates a new class of phishing attack in which the attacker is able to use malicious code in one browser tab to completely change the content in another tab on a victim's browser. full article

Answers sought for how man faked way as NCO

DALLAS — A Colorado congressman wants Secretary of Defense Robert Gates to provide answers on how a Texas man apparently tricked the Army into allowing him to enter the reserves as a noncommissioned officer. full article

Google saves, secures Wi-Fi snooping data

But resists more data demands by class-action lawsuit lawyers

Computerworld - Google said that it has secured the data it obtained through its Street View Wi-Fi snooping, but will fight a class-action lawsuit's demand that it turn over more information, court documents showed today. full article

Disbarment Urged for Lawyer Who Billed Fake Clients

The New Jersey Disciplinary Review Board is recommending disbarment for a lawyer who manufactured fake billings for nonexistent clients, first at Fox Rothschild and then at Margolis Edelstein. full article

Queen's speech: Cuts start with ID cards, but broadband still a priority

The Queen has named high-speed broadband roll out and the abolition of the national ID cards project as priorities for the coalition government in the coming 18 months. full article

ID Analytics Secures Identity-Based Fraud Detection Patent

Company Receives Third Patent from U.S. Patent and Trademark Office for New Detection System and Method Using Historical Identity Records

SAN DIEGO, CA, May 25, 2010 –ID Analytics, Inc., the leader in on-demand identity intelligence, announced today that the U.S. Patent and Trademark Office granted the issuance of U.S. Patent Number 7,686,214 for the company’s system and method for fraud detection using multiple historical identity records. This patent recognizes ID Analytics’ innovative technical approach to assembling a consumer identity network and producing highly-predictive insight into a consumer’s behavior over time and across multiple industries. full article


BLOOD samples from millions of newborn babies are being stored without their parents’ knowledge, it emerged yesterday. full article


WASHINGTON, DC, May 25, 2010 –ITAC, the Identity Theft Assistance Center, today offered advice for families and caregivers on detecting the signs of fraud and identity theft against older or vulnerable adults. full article

May 24, 2010

Gang called Avalanche blamed for most phishing attacks

IDG News Service - A new report blames a single Eastern European gang for about two-thirds of all phishing attacks conducted in the second half of 2009. full article

Why people lie about military service

NEW HAVEN, Conn. — U.S. Senate candidate Richard Blumenthal acknowledged he misstated his service in Vietnam, said he made mistakes, regretted them and took responsibility. full article

Rogue Facebook apps launch 'beach babes' attack

Second weekend in a row Facebook users have had to fend off major malware attacks

Computerworld - Another attack using rogue Facebook applications hit users' PCs Saturday in a virtual repeat of last weekend's massive assault, security researchers said. full article

Hackers can delete Facebook friends, thanks to flaw

IDG News Service - A bug in Facebook's Web site lets hackers delete Facebook friends without permission. full article

Facebook fixes bug that allowed friend deletion

IDG News Service - Facebook has fixed a flaw that let hackers delete Facebook friends without permission. full article

Duchess of York apologises after paper sting

LONDON (AFP) – The Duchess of York apologised Sunday for a "serious lapse in judgment" after she was caught in a newspaper sting apparently offering access to ex-husband Prince Andrew in exchange for cash. full article

Regina recycling company loses confidential medical records

REGINA — Brad Smith was a little surprised to discover several pieces of medical information strewn across a city street during his walk to work through an industrial area Thursday morning. full article

Workers concerned over privacy breach

A Saskatoon FedEx worker is concerned about a privacy breach where the addresses of about 25 local employees were leaked from Saskatchewan Government Insurance (SGI) to the union trying to organize the global courier service. full article

New Threat For Wireless Networks: Typhoid Adware

Some users could become "carriers," unknowingly passing infections to others, university researchers say

There's a potential threat lurking in your Internet cafe, say University of Calgary computer science researchers: Typhoid adware. full article

ID Theft Victims Spending Less In Cleanup Aftermath

New Identity Theft Resource Center (ITRC) report shows victims spending less time, money to clear their names

Nearly one-third of all identity theft victims say they are unable to completely clear up damaged credit or criminal records in the aftermath of their identities being abused. But the good news is they're spending much less time and money cleaning up the fraud perpetrated against them in their names, according to a newly released report. full article

May 21, 2010

Astute NJ mom outs Census worker as sex offender

CAMDEN, N.J. -- A New Jersey mother who recognized the face of a Census worker from the state's online database of sex offenders called police, leading to charges that the man used a fake name and Social Security number to get the government job. full article

Strong notifies patients their bills may have gone to other people

About half of the 2,500 patient bills Strong Memorial Hospital mailed on April 19 went to the wrong patients, and this week the hospital sent letters apologizing to affected people and telling them to be alert to any possible misuse of their information. full article

Social networking sites passing on user data to ad agencies

Several social networking sites - including Facebook and MySpace - have apparently been sending users' data to advertising agencies - in spite of all the assurances and promises that this information is not shared with anyone without having previously asked the users for consent and receiving a thumbs-up. full article

Texas man faked way into Army as an NCO

FORT WORTH, Texas — A Texas man with no military experience managed to trick the Army into letting him enter a reserve unit as a noncommissioned officer earlier this year, putting an untrained soldier in a leadership position in a time of war, an Associated Press investigation has found. full article

Five Ways to Keep Online Criminals at Bay

THE Web is a fount of information, a busy marketplace, a thriving social scene — and a den of criminal activity. full article

Calif. Lawyer's Name Stolen for Scam

Mohamed Salem knew something was amiss when his fax machine spit out the foreclosure documents from a Sacramento lawyer. full article

Former Big Firm Lawyer Suspended for 3 Years Over Fake Resume

Illinois authorities have finally come to a conclusion: A lawyer who worked at three Am Law 100 firms will be suspended from practicing law for three years for leaving crucial information out of his law school application -- including having been kicked out of medical school -- and for altering his transcripts to land a summer associate gig at Sidley Austin. full article

May 20, 2010

3,800 vets affected by latest VA data breaches

More than 3,800 veterans had their personal information compromised last month in two data breaches that have led to renewed criticism of the Veterans Affairs Department’s data security. full article

Hacker McKinnon to stay in UK, for now

Self-confessed hacker Gary McKinnon will stay in the UK for the foreseeable future following home secretary Theresa May's decision to adjourn a judicial review of his case due next week. full article

Judge permanently shuts down ISP catering to spam, porn

IDG News Service - A federal judge has ordered the permanent closure of an Internet service provider long accused of hosting and distributing spam, spyware, child pornography and other illegal content, at the request of the U.S. Federal Trade Commission. full article

Microsoft touts Hotmail security adds; users complain of account hacks

Details plans to beef up e-mail service's security; users wish they were in place now

Computerworld - Microsoft will beef up security in the revamped Windows Live Hotmail, including tying a user's account to a specific PC, a company executive said today. full article

Microsoft chases 'click laundering'

IDG News Service - Microsoft said it has uncovered a new kind of click fraud, filing two lawsuits against people it says are using the scam. full article

Heartland, MasterCard settle over data breach

IDG News Service - Heartland Payment Systems has made a third settlement deal, this time with MasterCard, related to a massive data breach two years ago at the card payments processor. full article

LifeLock identity theft service a game changer, insists embattled CEO

Todd Davis defends his company following reports that say he was a victim of ID theft 13 times

Computerworld - As CEO of LifeLock Inc., Todd Davis has been in the news lately for all the wrong reasons. Two months ago, the Federal Trade Commission slammed his company with a $12 million fine for deceptive advertising practices. full article

Former Mass. Assistant AG Charged Over Solicitation of Investors for Ponzi Scheme

A former Massachusetts assistant attorney general, his business partner and their company face a purported class action filed in Massachusetts Superior Court for funneling investors to a man charged with running a Ponzi scheme. full article

May 19, 2010

VA breaches more numerous than we knew

Miami VA Healthcare System wasn’t the only VA center that experienced a breach involving paper records containing protected health information on January 19 of this year. According to OCR’s web site, VA Eastern Colorado Health Care System also experienced a breach involving paper records full article

LifeLock CEO said to be victim of identity theft 13 times

Publicly posting SSN resulted in Todd Davis' identity being misused

Computerworld - A CEO who publicly posted his Social Security number on billboards and TV commercials as part of a campaign to promote his company's credit monitoring services was the victim of identity theft at least 13 times, a news report says. full article

60% of Facebook users consider leaving over privacy

Will changes to Facebook's privacy settings be enough to address user concerns? full article

Phishing page steals prepaid debit card account information

Many people don't have a regular or a big enough income to receive a debit card, but would still like to have one since it can be really handy when settling bills or shopping online. The answer to this problem? Prepaid debit cards. full article

Laptop With Patients’ Information Stolen

OCONEE COUNTY, S.C. -- A laptop containing information on more than 600 patients at an Oconee County physicians’ practice was stolen a week ago -- and now patients are being warned about the theft. full article

Students to see photos snapped in Pa. school 'spying' case

Judge lets students view the nearly 58,000 images before parents get their chance

Computerworld - Students in two suburban Philadelphia high schools will be allowed to view photographs taken by their school-issued laptops, and may preview them first before deciding which images their parents may see, according to a court order issued Friday. full article

Privacy expert: It's good PR to say no to the government

IDG News Service - A leading privacy researcher is urging companies to say no to government requests for data, arguing that it's good for business. full article

Man charged with attack on Web site of Fox News' Bill O'Reilly

Series of DDoS attacks in March 2007 hit conservatives Rudy Giuliani, Anne Coulter and the University of Akron too, prosecutors say full article

Facebook fixing embarrassing privacy bug

Facebook worked with Alert Logic to fix the cross-site request forgery bug

IDG News Service - Facebook is fixing a Web programming bug that could have allowed hackers to alter profile pages or make restricted information public. full article

Research: 1.3 Million Malicious Ads Viewed Daily

The true extent of the malvertizing scourge became much clearer this week with the release of new research by Dasient which shows that about 1.3 million malicious ads are being viewed online everyday, most pushing drive-by downloads and fake security software. full article

May 18, 2010

P2P networks a treasure trove of leaked health care data, study finds

Eight months after passage of HITECH Act, data leaks still a problem in health care industry

Computerworld - Nearly eight months after new rules were enacted requiring stronger protection of health care information, organizations are still leaking such data on file-sharing networks, a study by Dartmouth College's Tuck School of Business has found. full article

FTC asked to investigate Google Wi-Fi 'snooping'

IDG News Service - A consumer group has called on the U.S. Federal Trade Commission to investigate Google after the search company revealed that it had been collecting people's Internet communications from open wireless networks. full article

Huge 'sexiest video ever' attack hits Facebook

'Stunning' attack targeted Internet Explorer users, planted adware on victims' PCs

Computerworld - A huge attack by a rogue Facebook application last weekend infected users' PCs with popup-spewing adware, a security researcher said Monday. full article Owes $535K for Delivering Bad Checks

(CN) - The 9th Circuit upheld an order requiring to hand over profits of more than $535,000 after fraudsters and con artists used the Web site to issue hundreds of thousands of unauthorized checks. full article

Can't Wait That Long, Ponzi Victims Say

PHILADELPHIA (CN) - A class action claims Lizette Morice and her company, Gaddel Enterprises, bilked thousands of people in a $7.3 million Ponzi scam, to which she pleaded guilty, and offered to pay restitution of $25 per quarter, which would allow her to pay it off in 72,000 years. The class sued 106 "winner defendants" who allegedly "reaped enormous profits" from the scheme, in Philadelphia Federal Court. full article

German and US authorities to investigate Google’s collection of private Wi-Fi data

German and US authorities are to investigate Google after the firm admitted that it collected data sent over Wi-Fi networks using mobile units gathering images for Google's Street View service. full article

Justices Rule on Prison Time for Juveniles, Sex Offenders

In a pair of major criminal law decisions on Monday, the U.S. Supreme Court ruled that the Eighth Amendment does not allow sentences of life in prison without parole for juveniles who committed nonhomicide crimes and upheld a federal law permitting sexually dangerous inmates to be confined beyond their prison terms. In the juvenile case, Graham v. Florida (pdf), the Court said, "A state need not guarantee the offender eventual release, but if it imposes the sentence of life, it must provide him or her with some realistic opportunity to obtain release before the end of that term." full article

Prosecutor: Former Harvard student faked prestigious academic career

A former Harvard University student compiled world-class academic credentials -- including perfect grades and two prestigious Harvard prizes -- by fabricating his own history and plagiarizing others' work, according to a Massachusetts prosecutor. full article

Lawyers Suspended for Ignoring 'Warning Signs' of Partner's $17 Million Fraud

An attorney accused of ignoring "multiple warning signs" of a $17 million fraud carried out by his former partner has been suspended from the practice of law for three years. full article

May 17, 2010

Supreme Court: Sex offenders can be held indefinitely

The Supreme Court ruled Monday the federal government has the power to indefinitely keep some sex offenders behind bars after they have served their sentences, if officials determine those inmates may prove "sexually dangerous" in the future. full article

Google says Street View cars collected WiFi data by mistake

Google has admitted that it mistakenly collected data sent over WiFi networks using its Street View cars gathering images for Google's controversial Street View service. full article

Security guard pleads guilty to hacking his employer

IDG News Service - A former security guard has pleaded guilty to charges that he broke into his employer's computers while working the night shift at a Dallas hospital. full article

Phishing scam hits thousands on Twitter

A phishing scam is targeting thousands of Twitter users hoping to increase their number of followers. full article

Double Jeopardy May Apply to Former Adelphia Executives

Two former executives of Adelphia Communications Corp. may be entitled to dismissal on double jeopardy grounds of the conspiracy charges lodged against them in a second indictment now that the 3rd U.S. Circuit Court of Appeals has voted 7-4 in their favor. full article

Smart Money: Is Your Favorite Charity Spying on You?

Whether a patient comes in for a gall-bladder operation or to have a baby, the routine remains the same for staff at Sharp HealthCare hospitals in San Diego. The front desk checks insurance records to make sure the bills get paid on time. Nurses take vitals and tag their charges with a bar-coded wristband. And behind the scenes, fund-raisers scan the assets of each patient -- to find out whether they're "megarich," "wealthy" or merely "comfortable." full article

Release of Random Drug Testing Results Raise HIPAA Challenge

Fire Lieutenant Shawn Baptist was fired last year from the Zephyrhills, Florida Fire Department after he allegedly failed a random drug test on February 23, 2009. He is challenging the termination as well as the results of the test through grievance arbitration. In addition he filed suit last week alleging the public release of his medical tests violated HIPAA and state medical privacy laws. full article

Tyler Perry's Credit Card Number Stolen

ATLANTA -- Atlanta-based movie mogul Tyler Perry isn’t used to producing horror movies, but he’s living the real-life horror of credit card fraud. full article

May 14, 2010

2009 Health Care Fraud Report Released

Today, Attorney General Eric Holder and U.S. Department of Health and Human Services Secretary Kathleen Sebelius announced the results of the 2009 Health Care Fraud and Abuse Control Program Annual Report (HCFAC), which outlines the last fiscal year’s health care fraud prevention and enforcement achievements. full article

Ukrainian arrested in India on TJX data-theft charges

IDG News Service - A Ukrainian national has been arrested in India in connection with the most notorious hacking incident in U.S. history. full article

Facebook adds security tools amid growing privacy storm

Facebook has added new security tools to prevent hacking and held a staff meeting amid a growing storm about privacy at the social networking company. full article

US military considers responses to cyber attack

The US military is to consider a military response in cases of cyber attacks against the US, according to a Pentagon official. full article

Facebook IDs hacker who tried to sell 1.5M accounts

IDG News Service - Facebook has identified the hacker named Kirllos who tried to sell 1.5 million Facebook accounts recently in underground hacking forums. According to the investigators at the social networking site, he's guilty of both hacking and hyperbole. full article

Car hackers can kill brakes, engine, and more

IDG News Service - University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. full article

Sixth Individual Pleads Guilty for Role in $14.5 Million Medicare Home Health Care Fraud Scheme

WASHINGTON – Detroit-area resident Christopher Collins pleaded guilty today for his participation in a $14.5 million fraudulent Medicare home health care scheme, the Departments of Justice and Health and Human Services (HHS) announced. full article

Information on 207,000 Army Reservists Stolen

Laptop Containing Names, Addresses, SSNs Taken from Contractor

A laptop containing the names, address and Social Security numbers of more than 207,000 Army reservists has been stolen from a government contractor in Georgia, the Army Reserves confirmed Thursday. full article

Hospital patients’ data on stolen laptop

THE theft of a laptop containing sensitive patient information from Peterborough District Hospital (PDH) has sparked a major security review. full article

Latvian "Robin Hood" hacker's identity revealed

The identity of the Latvian hacker who, earlier this year, hacked and publicly disclosed tax office data showing that state officials were still getting a enormous salaries in spite of the official government policy of cutting corners, has been revealed by the Latvian police. full article

UCSF employee charged with wire fraud

SAN JOSE -- A UCSF Medical Center employee has been charged in federal court with wire fraud for allegedly using the Social Security numbers of fellow workers to complete online health surveys so that he could receive hundreds of $100 vouchers. full article

SEC Warns About Bogus Operator

WASHINGTON (CN) - The SEC has issued an "Investor Alert" about a company that calls itself the "U.S. Securities and Equities Administration." The company claims to operate out of Boston and operates a Web site in which it claims that, for money in advance, it can remove restrictions on stock or get people government money, the SEC says. full article

Two Headed to Prison in O.C. Ponzi

SANTA ANA, Calif. (CN) - An Orange County man was sentenced to 10 years in federal prison for a Ponzi scheme he ran with an attorney that took $61 million from 140 investors before it crashed. James Halstead, 63, of Tustin, also was ordered to pay $14.5 million in restitution. full article

Money Sought from $900M Ponzi Scheme

PHOENIX (CN) - Two Phoenix-based real estate investment groups defrauded more than 2,000 investors of $900 million, a class action claims in Federal Court. The class claims Mortgages Ltd. and Radical Bunny were aided by law firms Greenberg Traurig and Quarles & Brady, which helped create false and misleading documents to cover up the Ponzi scheme. full article

$2 Billion Fraud Alleged at Iceland Bank

MANHATTAN (CN) - A "cabal of businessmen led by a convicted white collar criminal" drained more than $2 billion from a now-bankrupt Icelandic bank "to fill their pockets and prop up their own failing companies," the bank, Glitnir Banki, claims in New York County Court. full article

UK to kill national ID card program

IDG News Service - The U.K.'s new coalition government plans to cancel the national ID card program, calling it part of a "substantial erosion of civil liberties" that took place under the former Labour government. full article

Latvian police decline to hold database hacker

IDG News Service - Latvian law enforcement officials are close to finishing their investigation of an artificial intelligence researcher who gained access to a government database, releasing sensitive salary information on Twitter. full article

May 13, 2010

Senate OKs military family anti-scam measure

BOSTON — The U.S. Senate has approved legislation designed to help prevent the families of military personnel from falling prey to predatory lenders. full article

Hackers use web servers to deliver more powerful DDoS attacks

Cyber criminals are using a new type of distributed denial of service (DDoS) attack that is more powerful and elusive than any predecessors, says security firm Imperva. full article

Cybercriminals exploit Google Groups

Cybercriminals are using Google Groups to distribute rogue anti-virus software and other malware, according to researchers at security firm eSoft. full article

Report blames 'Avalanche' group for most phishing

IDG News Service - A new report blames a single Eastern European gang for about two-thirds of all phishing attempts conducted in the last half of 2009. full article

$3 Million Complaint for 'Web Scraping'

ALEXANDRIA, Va. (CN) - A corporate event planner claims a competitor used robot "Web scraping" computer programs to rip off its Web site and steal a valuable database of meeting venues around the world. Cvent demands $3 million, plus punitive damages, from Eventbrite, in Federal Court. full article

4 things Facebook doesn't tell you about your privacy and security

Experts say read between the lines of the Facebook experience and you may still discover some unsettling factors full article

9 Indicted In Obama Record Breach

Indictment Claims Workers Checked President's Student Loan Records

DES MOINES, Iowa -- Nine people have been indicated in federal court on charges they accessed President Barack Obama's student loan records while employed for a Department of Education contractor in Iowa. full article

Software Insecurity is Our Biggest Weakness

ST. PAUL, MINN.--If the United States wants to remain competitive in the global economy and prevent widespread penetrations of its strategic, corporate and commercial networks, enterprises and government agencies should stop relying on commercial software and go back to writing more of their own custom code, a security expert said Tuesday. full article

'Tamper evident' CPU warns of malicious backdoors

Like shrink wrap for your microprocessor

Scientists have devised a chip design to ensure microprocessors haven't been surreptitiously equipped with malicious backdoors that could be used to siphon sensitive information or receive instructions from adversaries. full article

PlayStation site hacker avoids jail

A teenage hacker who took the official PlayStation site offline after he was banned from playing for cheating has avoided a jail sentence. full article

May 12, 2010

Update: Senate confirms Alexander as chief of U.S. Cyber Command

Computerworld - The U.S. Senate has approved Lt. Gen. Keith Alexander, director of the National Security Agency, to also head the military's recently created U.S. Cyber Command. full article

Visa fraud alert puts banks, payment processors on guard

It warns of a coming fraudulent batch settlement attempt

Computerworld - Visa Inc. last week sent a fraud alert to banks and payment processors warning them to look out for a "large batch settlement fraud scheme" involving a merchant account in East Europe. full article

Judge won't accept pleas in Jackson Memorial Hospital ID theft case

A husband-and-wife duo charged with running a racket to pilfer patient records from Jackson Memorial Hospital to sell to lawyers for injury claims tried to plead guilty Tuesday in Miami federal court. full article

Storage of newborns’ blood samples raises privacy concerns

It’s a routine test conducted on newborns – a quick needle prick to the heel to test for a range of health disorders and diseases before an infant is discharged. full article

Medicaid clients alerted about security breach

The New Mexico Human Services Department said Tuesday that about 9,600 members of its Salud! Medicaid plan and fee for service members might have had their personal information, including Social Security numbers, compromised. full article

Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With ‘Instant Personalization’

As if Facebook’s Instant Personalization needed another knock against it, tonight comes news of a security issue that makes the feature even more unnerving. Web security consultant George Deglin discovered an exploit that would allow a malicious site to immediately harvest a Facebook user’s name, email, and data shared with ‘everyone’ on Facebook, with no action required on the user’s part. This specific exploit has been patched, and no user data was compromised, but the security problems behind it remain. full article

Settlement reached with Md. payment processor

Firm allegedly failed to properly dispose of consumers' personal information

Maryland's consumer protection division announced Monday that it reached a $20,000 settlement with payment processor MAP, LLC for allegedly failing to properly dispose of consumers' personal information. full article

Goldman Sachs Sued For Illegal Database Access

Employees at Goldman allegedly used misappropriated credentials to grab intellectual property from market intelligence service's database full article

May 11, 2010

Heartland breach expenses pegged at $140M -- so far

That amount includes $42M to fund future settlements

Computerworld - The costs to Heartland Payment Systems Inc. from the massive data breach that it disclosed in January 2009 appear to be steadily adding up. full article

Windows 7 'compatibility checker' is a Trojan

A fake email with the Trojan lifts text from a Microsoft Web site about the real software full article

Law Firm Probed Over 'False' Documents Filed in Foreclosure Cases

Fla. AG's office has received dozens of homeowner complaints about questionable court documents filed by firm's lawyers, according to a source full article

Execs at Faith-Based Bank Charged With Fraud

ATLANTA, Ga. (CN) - Two former executives of a "faith-based bank" are accused of loaning more than $80 million to a hotel developer, despite knowing that he would spend the money on himself, including buying a $1.5 million private island in the Bahamas. The federal indictment accuses former Integrity Bank executives Douglas Ballard, 40, and Joseph Foster, 42, of awarding bogus loans to hotel developer Guy Mitchell, 50, of Coral Gables, Fla. full article

A failure to protect medical privacy

For the third time in recent months, Tampa Bay citizens have found themselves the unwanted recipients of patients' private medical records. What's more, in two cases, the recipients' efforts to restore patients' privacy were rebuffed, suggesting the federal Health Insurance Portability and Accountability Act (HIPAA) is falling far short of its promise to protect and enforce patient privacy. full article

National Bank again targeted in scam

The National Bank of Blacksburg has been the target again of a scam that attempts to obtain confidential account information from residents. full article

New attack tactic sidesteps Windows security software

'Very serious' says one antivirus exec, especially for Windows XP users

Computerworld - A just-published attack tactic that bypasses the security protections of most current antivirus software is a "very serious" problem, an executive at one unaffected company said today. full article

Researcher reveals Safari zero-day bug

Drive-by exploit confirmed in Windows version of Apple's browser

Computerworld - Apple's Safari browser contains a critical, unpatched bug that attackers can use to infect Windows PCs with malicious code, researchers at US-CERT and other security firms said today. full article

Pirates cost software firms $51bn, but less than expected

The world's software industry lost $51bn to piracy in 2009 as the unlicensed software rate rose to 43%, but losses were less than expected, the Business Software Alliance said today. full article

May 10, 2010

Dodgy Facebook pages used to power 'spam a friend' joke scam

Dubious Facebook pages host rogue Javascript code that creates a means for miscreants to spam people on a user’s friends list, security researchers warn. full article

Mass. pair accused of cheating Medicaid out of more than $100,000

Officials in Massachusetts say there is no way a personal care attendant could have offered his services to a local couple who billed Medicaid for those services due to one simple fact: he was incarcerated. full article

May 7, 2010

Bill would require most government docs to be online

IDG News Service - A U.S. senator has introduced legislation that would require U.S. government agencies to post all public documents online in a free, searchable database. full article

Q&A: Facebook exec defends site's privacy policies

Beard talks about Facebook controls, user desires and CEO Zuckerberg's reported privacy beliefs full article

ATM Hacker Arrested, Thanks to Reformed Con Man

Is a reformed con artist really a reformed con artist if he cons another criminal into a federal sting operation? That's the question Thor Alexander Morris must be asking himself after ending up on the wrong side of an undercover FBI investigation. The 19-year-old grocery store worker from North full article

Laval police stop phoney debit-card scam

MONTREAL - Laval police say they have broken up a fraudulant debit-card ring. full article

Spammers ordered to pay tiny ISP whopping $2.6m

A small internet service provider has been awarded nearly $2.6m in a lawsuit it filed against a company that sent just under 25,000 spam messages over an 18-month period. full article

Scammers attempt to cash in on volcanic ash travel chaos

Scammers are hoping to hoodwink travellers who were stranded by the volcanic ash cloud last month as fresh plumes have disrupted flights once more in the UK. full article

May 6, 2010

Facebook security flaw makes private chats public

Facebook is dealing with the fallout of a security hole that gave users the ability to see what their friends were saying to others during private chats full article

Lawmakers consider changes to wiretapping law to protect cloud services

E-mail, cloud app users deserve the same protections from searches as with laptops, witnesses tell House subcommittee full article

The DDoS attack survival guide

How botnets and application vulnerabilities have made DDoS attacks more damaging than ever before, and what you can do to fight back. full article

Hacker develops multi-platform rootkit for ATMs

IDG News Service - One year after his Black Hat talk on Automated Teller Machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference. full article

Hospital Data Breach in Kentucky Affects Thousands

Officials at Our Lady Peace, a 278-bed psychiatric hospital in Louisville, Ky., are racing to notify more than 24,000 patients that a flash drive containing some of their most personal and important information has been missing for more than a month. full article

Disbarred Attorney Draws Prison Sentence for Guardianship Thefts

A former attorney who said he never meant to steal from the guardianship accounts of the mentally disabled and elderly individuals he was entrusted to protect was sentenced Tuesday to five to 15 years in prison. full article

N.Y. Courts Tackle Electronic Defamation

Blogs and personal web pages, such as on MySpace and Facebook, provide a broad stage to spread potentially defamatory statements. Thus, care must be taken when posting content on social media. Postings can take just seconds to compose and frequently little thought is given to what is being stated and its consequences, especially where such communication may reach an audience of millions, virtually instantaneously. full article

7 arrested in O.C. counterfeit credit card case

Seven people have been arrested in connection with the creation and use of fraudulent credit cards around Orange County. full article

Texas life settlement firm, run by ‘recidivist,’ put in receivership

The Texas State Securities Board has been granted receivership of a life settlements firm accused of fraud in collecting $65 million from investors and using deceptive practices in the sale of investments tied to insurance death benefits. full article

China state news agency Web site hit with malware

IDG News Service - A section of the Web site for China's state-run Xinhua news agency was found to be distributing malware last month, according to a Google malware scanning service that is still labeling the site as potentially harmful. full article

May 5, 2010

Cybercriminals trading in large volumes of Facebook accounts, say researchers

Cybercriminals are selling fake and stolen accounts on social networking site Facebook in bulk in the underground economy, according to security researchers. full article

Lawmakers unveil online privacy bill

IDG News Service - Two U.S. lawmakers have released a draft bill that would require companies that collect personal information from customers to disclose how they collect and share that information, but several privacy and consumer groups said the proposal would legalize current privacy violations online. full article

Ponzi Man Preyed on Old-Timers, SEC Says

ALBANY, N.Y. (CN) - A Troy, N.Y. man took $6.5 million from senior citizens by promising "guaranteed" annual returns of more than 9 percent, and many of his victims are still unaware that they've been ripped off, the SEC claims in Federal Court. full article

N.Y. bomb plot highlights limitations of data mining

Like weather forecasting, data mining can predict major storms but not where each drop will fall

Saturday's botched bombing attempt in New York City provides an example of why the use of data mining approaches to uncover potential terrorism plots is a little like weather forecasting. full article

Bank Abetted $35M Ponzi, Investors Say

KANSAS CITY, Mo. (CN) - A "willfully blind" Hillcrest Bank allowed a developer to run a $35 million Ponzi scheme, jilted investors claim in Jackson County Court. The Quintero Community Association and five members or owners say they were victimized by Gary McClung, and that Hillcrest looked the other way as McClung ran the scheme through Hillcrest accounts. full article

$10 Million Ponzi Claim in Upstate N.Y.

NEW CITY, N.Y. (CN) - Six investors say they lost more than $10 million in a Ponzi scheme. Delaware Charter Guarantee & Trust dba Principal Trust was supposed to administer the investors' pension plan, but the securities brokerage reported false gains during the recession and paid off old investors with new money, according to the complaint in Rockland County Court. full article

HHS Requests Comments on HITECH Accounting of Disclosures Requirements

In today’s Federal Register, the Department of Health and Human Services (“HHS”) published a request for information (“RFI”) regarding the HITECH accounting of disclosures provisions. The Department is collecting information to help inform its rulemaking. Building on the current HIPAA accounting of disclosure requirements, HHS is required to issue regulations concerning what information should be collected about disclosures for treatment, payment, and health care operations made through an electronic health record. full article

Health records found in Asda car park

A member of staff has been suspended after medical records belonging to patients at a secure hospital near Falkirk were found in a car park. full article

Patients' medical records stolen at suburban company

May 3, 2010 (CHICAGO) (WLS) -- Health records belonging to patients were stolen in a break-in at a suburban medical billing company. full article

Judge Strikes Down Florida's Police Privacy Law

Federal judge rules publishing addresses and phone numbers is not a crime

A federal judge has struck down a Florida law as unconstitutional and word is spreading quickly among law enforcement officers today. full article

Threat Level Privacy, Crime and Security Online Former Con Man Helps Feds Thwart Alleged ATM Hacking Spree

A North Carolina grocery worker is being held without bail in Houston on attempted computer hacking charges after inadvertently partnering with an undercover FBI agent in an alleged citywide ATM-reprogramming caper. full article

Russian hacker 'Kirllos' not in NZ

Reports that the hacker known as Kirllos was living in New Zealand and attempting to sell the login details of social network website users were wrong and the hacker had no link to New Zealand, Detective Senior Sergeant John van den Heuvel of the National Cyber Crime Centre said on Tuesday. full article

1.5 million 'hacked' Facebook profiles up for sale

A hacker has reportedly put 1.5 million stolen Facebook accounts up for sale on the black market, according to a media report on Wednesday. full article

World Cup set to kick off cyber scams

Security software publisher Symantec has alerted soccer fans to Internet scams relating to the upcoming World Cup, launching a website, http://www.2010net, to detail the dangers. full article

E-crime in Wales 'more than doubled'

The number of victims of cyber crime in Wales has more than doubled since last year, an online safety group says. full article

Criminals using Facebook for identity theft

Over the past few months thousands of Facebook users report receiving messages or friend requests from people they don’t know. full article

FBI Foils Attempted ATM Hack

A North Carolina man was arrested in Houston, TX in April after he tried to hack into an ATM and change its passcode, according to the FBI. Thor Alexander Morris, 19, was arrested at a flea market after trying to enter a default administrative passcode on a Tranax Mini-Bank ATM. full article

Sacramento woman used fake IDs to make 244 hospital visits

J. Alan Cates is the former Chief of California's Medi-Cal Fraud Prevention Bureau and a colleague of mine in the San Francisco chapter of the Association of Certified Fraud Examiners. He's also a highly knowledgeable expert in health-care fraud, most of which, he says, is just another form of identity theft. full article

May 4, 2010

Notorious credit card tactic banned

Shopping online became a little safer this weekend when Visa banned a long-standing practice that Sen. Jay Rockefeller had blasted as “deceptive,” saying it triggered $1.4 billion in unauthorized charges on 30 million Americans' credit card bills. full article

Data breach reports now posted online

Most health care information leaks have involved electronic systems, but some were paper-based. full article

Half of social networkers post risky information, study finds

Consumer Reports survey finds social network use in U.S. doubled over the past year

Computerworld - More than half of all users of social networks in the U.S. are posting information that could put them at risk from cybercriminals, according to a Consumer Reports study. full article

US Treasury Web sites hacked, serving malware

IDG News Service - Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says. full article

New IM Worm Spreading Fast

Aggressive new variant of an older worm circulating around Yahoo Messenger lets attacker take over a victim's machine full article

An information security blueprint, part 1

Symantec's Francis deSouza lays out the requirements for a more practical way of addressing information security threats full article

Latest scams and how to avoid them

Over the years, we have come to rely on the Internet to fulfill many of our needs - the need to keep in touch with our friends and colleagues, the need to save time and our nerves when doing shopping, executing financial transactions, submitting our tax returns, and many other things we did before in person or by phone. full article

UK Cyber Security Challenge holed before launch

In the autumn the Cyber Security Challenge UK web site will allow candidates to register to participate in a programme designed to identify and nurture the future cyber security workforce. Unfortunately the site was found to have an embarrassing XSS vulnerability, just days after launching at InfoSecurity Europe. According to a report by Netcraft it was possible to inject JavaScript into the site's title and h2 elements by appending the injected code to the site's URL. full article

Ponzi Defendant Accused of Duping Autistic Man & Family of $2 Million

(CN) - A man charged in California with running a Ponzi scheme has been sued again, in Cook County, accused of forging a signature to take $2 million from an autistic man and his family. "Defendant John Terzakis was indicted by a federal grand jury in San Jose, California, on Dec. 30, 2009," accused of running a real estate-based Ponzi scheme, according to the new complaint in Chicago. full article

Report blames IT staff for school Webcam 'spying' mess

Pa. school district's former IT head dismissed privacy worries of student intern in '08

Computerworld - The IT department of the Pennsylvania school district accused of spying on students using their school-issued laptops took the brunt of the blame in an independent report released Monday. full article

May 3, 2010

British victim of 'romance fraud' tells of ordeal

Sarah Cook thought she had met someone special. The mother of two children had done what many lonely Britons do, and registered with an internet dating site. full article

Australia to sign international cybercrime treaty

The Federal Government has announced plans to sign an international treaty designed to facilitate the identification, extradition and conviction of cybercriminals around the world full article

Hackensack’s top cop charged with insurance fraud, relieved of duties

One day after being booked on insurance fraud charges, the police chief of Hackensack, N.J., was removed in his role overseeing the department. full article

Hospital fulfills subpoena, gets hit with privacy suit

Patient privacy is no doubt paramount in any physician practice. But when a subpoena suddenly is thrust into the physician-patient relationship, doctors may find themselves caught between the law and their privacy obligations. full article

Who Owns All the Data in the Workplace?

Ten years ago employees wondered if their employers could look through their purses merely because they brought them to work. Today employees ask whether their employers own all electronic data created, viewed, or stored on their work computers and BlackBerrys. full article

Forged checks pass flawed examination process

he recent cases of two Texan women who had their personal information and checking account numbers stolen and used to validate bogus checks, have brought into the spotlight a questionable check processing methodology used by some retailers and banks. According to CBS11TV, the method practically allows identity thieves to shot down any possibility of investigation because of a lack of actual evidence, and makes the retailers and the financial institutions unwitting accomplices in the crime. full article

Fake Amazon "Deal of the Day" emails doing rounds

Fake Amazon newsletters have lately become regular visitors in inboxes around the world, says Trend Micro. full article


And a Warning for Investors

He was living the high life—taking up residence in a Miami Beach mansion worth more than $5 million, cruising around in a million-dollar yacht and his leased Mercedes-Benz, shelling out more than $400,000 for floor seats at Miami Heat basketball games, and donating thousands of dollars to the athletic program of a local university (the school was so appreciative it named a student athlete lounge after him). full article


Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
Utica College
1600 Burrstone Road
Utica, NY 13502