CIMIP - Center for Identity Management and Information Protection

November 2009 News Archive



November 30, 2009


State mistake puts personal data at risk


Mishandling of confidential records jeopardizes vulnerable Oregonians' identities


...read full article

Social Security number breach angers alumni



A Penn State professor's online grade book containing 303 Social Security numbers may have been compromised by a computer virus, and some of those affected say they've discussed taking legal action. ...read full article

Secure on-line shopping tips for Cyber Monday



"Cyber Monday", the Monday after Thanksgiving when we begin our holiday online shopping activities in earnest, is upon us. ...read full article

Police crack down on fake ID industry


Charlotte outfit shut down as problem grows. Officials worry about national security, identity theft


...read full article

Gervais pic used in amusingly rubbish failed bank fraud



Crooks tried to impersonate Ricky Gervais by using a picture of The Office character David Brent mounted in a counterfeit passport as part of a comically inept attempt to withdraw a large sum from the comedian's bank account. ...read full article

Latest Microsoft security patches cause black screen of death


The changes to some registry keys can render a PC useless, according to a UK security vendor that has a software fix


...read full article

Identity Theft on the Rise


As our economy wiggles and our standard of living starts to deteriorates, money-rooted crimes like identity theft are now on the rise.


...read full article

Watchdog's warning over fake lottery scams



The Office of Fair Trading is warning the public to beware of fake lottery scams. ...read full article

Holiday Shopping Tips by the Internet Crime Complaint Center (IC3)



This holiday season the Federal Bureau of Investigation ( FBI) is reminding people that cyber criminals continue to aggressively create new ways to steal money and personal information. Scammers use many techniques to fool potential victims including fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, and sale of fraudulent or stolen gift cards through auction sites at a discounted price. ...read full article

NJ VA official admits faking military record



CAMDEN, N.J. — An official in New Jersey's Military and Veterans Affairs Department has admitted he falsely claimed a heroic record in the Vietnam War as a paratrooper and artilleryman. ...read full article

Credit-Card Scammers Drilled Dentists



MANHATTAN (CN) - A man was sentenced to nearly 10 years in prison for leading a credit-card fraud ring that stole the identities of 176 dentists. Michael A. Roseboro and his crew stole $1.75 million from dentists around the country by claiming to be an investigator with Visa or Bank of America who was looking into potentially fraudulent charges on the dentists' credit cards. ...read full article

Searchable database of patient records to go commercial


A plan to make a system developed at the Cleveland Clinic available to other health entities has raised questions about the adequacy of privacy protections.


The Cleveland Clinic is backing a startup company that has built a search engine for electronic databases that would allow research using de-identified patient data. ...read full article

The Root of the Botnet Epidemic



Over the course of a few days in February 2000, a lone hacker was able to bring some of the Web's larger sites to their knees, using just a few dozen machines and some relatively primitive software to cripple Yahoo, eBay, E*trade, Amazon, ZDnet and others for hours at a time. No one knew it at the time, but these attacks would come to be seen in later years as some of the earlier outbreaks of what has become a massive online pandemic. ...read full article

State Goes After Two Collection Agencies Over Identity Theft



A government agency in Minnesota announced actions against two collection agencies and a title company in an ongoing effort to crack down on identity theft in the state. ...read full article

Medical Identity Theft Is On The Rise



"Medical identity theft is on the rise and expected to worsen," The Wall Street Journal reports. "The problem has grown during the recession as more uninsured people use the coverage of a friend, relative or even a stranger to get care. Of particular concern is the fact that most of the fraud is committed by people who pay medical workers for patients' information." ...read full article

Europe extends antiterrorist data-sharing deal with U.S.



IDG News Service - Europe's Council of Ministers today extended a controversial program that sends information on international financial transactions to the U.S. for antiterrorism purposes. ...read full article


November 28, 2009


Metro admits to improper release of criminal history data


Experts say unauthorized access by 12 employees raises privacy, integrity concerns


At least 12 Metro employees have been found since 2005 to be improperly accessing and disseminating criminal history information for reasons unrelated to police work, according to a Metro filing in a recent lawsuit. ...read full article


November 27, 2009


Worm author given a job as an iPhone App Developer



Mogeneration, an Australian software company, has hired the author of the first iPhone worm, Ashley Towns, to develop applications for the iPhone App Store. At the beginning of November, 21 year old Towns circulated the "Ikee" worm via Australian operator Optus's UMTS network. The worm penetrates vulnerable jailbroken iPhones and spreads using open SSH connections. Once logged into a phone, the worm copies itself onto the device, deletes the SSH service and changes the wallpaper to a photo of Rick Astley with the caption "ikee is never going to give you up". It then starts searching for further iPhones to infect. ...read full article

Social Security hopes to expand its data exchange


The move is considered a step in the growth of the nascent National Health Information Network.


fter what it called a successful year testing the National Health Information Network with select hospital systems and regional health information exchanges, the Social Security Administration said its next step will be to exchange data with the Dept. of Veterans Affairs and the Dept. of Justice. ...read full article

China Warns About Return of Destructive Panda Virus



A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee. ...read full article


November 25, 2009


Biegelman and Borgers Bring CFE Expertise to Financial Crisis Inquiry Commission



A bipartisan Congressional commission created to investigate the worst financial crisis since the Great Depression begins its work with two Certified Fraud Examiners serving in key positions: Martin T. Biegelman, CFE, CCEP was appointed Assistant Director for the Financial Crisis Inquiry Commission (FCIC), and Thomas Borgers, CFE, was appointed Senior Investigator. ...read full article

FBI Investigating Whether Hospital Leaked Patient Info to Personal Injury Attorneys



LAS VEGAS (CN) - The FBI is investigating whether the University Medical Center released confidential patient records to personal injury attorneys looking for potential clients. ...read full article

Another Corruption Allegation in New York



MANHATTAN (CN) - A clerk in New York City's Human Resources Administration stole copies of welfare recipients' birth certificates and Social Security numbers and sold them, federal prosecutors said. Michael Wills, 59, faces up to 15 years in prison if convicted of aggravated identity theft. ...read full article


November 24, 2009


ACORN Docs Pulled from Dumpster



As Derrick Roach tells it, it was either luck or Divine intervention. His version of events may be hard to believe for ACORN supporters but the former Republican state assembly candidate believes something drew him to the dumpster behind the ACORN office in National City on the night of Friday, Oct. 9. ...read full article

Social Security, county bank account numbers accidentally made public



Copies of a report into past Anderson County finances, released to the public last week, contained Social Security numbers for two people, business tax identification numbers for two companies and three active county bank account numbers. ...read full article

Hancock Fabrics Linked to Fraud in 3 States


CA, WI and MO Investigators Say Recent Thefts Tied to Retailer's Transactions


...read full article

Men sentenced in University Hospital records theft



A garden-variety car burglary in Kearns caused widespread concern last year when police learned a stolen metal case contained tapes with the personal information of about 1.5 million University Hospital patients. ...read full article

Ralsky jailed for four years over stock fraud spam scam


Godfather of spam sent down


...read full article

Facebookers hit with steamy clickjacking exploit



Facebook administrators have blocked a clickjacking exploit that displayed images of a scantily clad woman on profile pages without first prompting the user for permission. ...read full article

Notre Dame accidentally exposes employee info on the Internet



The university says they're not sure if anyone saw the list, which included social security numbers and birth dates. They also haven't determined how long it was posted online. ...read full article

Missing disk drive puts 1.5 million Health Net members’ info at risk



Officials in Connecticut are investigating the disappearance of a disk drive from an insurer’s office that contains the personal information of 1.5 million members in four states. ...read full article

James The Cash King Charged with Mortgage Fraud



James Benjamin Duncan, 38; Hendrix Moreno Montecastro, 37; Helen Moreno Pedrino, 57; Maurice McLeod, 37; Charlie Sung Muk Choi, 34; Cindi Gayle Kelly, 33; and Thuan Nhan Du, 33; have been charged with 249 counts of securities fraud, grand theft, elder abuse and corporate ID theft against seven people in Riverside County, Califrnia. ...read full article

Drug figure who sparked license furor heads to jail



Drug dealer Eugene N. Cobbs, whose 2004 plane crash yielded West Virginia's largest cocaine haul and whose fake ID led to a grand jury rebuke of PennDOT's driver's licensing system, has admitted his guilt and is headed to prison for at least seven years. ...read full article

Australians detail cybersecurity strategy



Australian attorney general Robert McClelland launched an in-depth national cybersecurity strategy on Monday, supported by a new Computer Emergency Response Team to rival the existing AusCert. ...read full article

Guam Attorney General Warns Island Residents About Identity Theft Scam



Guam- Consumers beware: a group operating out of Hong Kong is looking to steal your identity and your money. ...read full article

3 arrested in identity theft investigation



The Benton County Sheriff's Office announced Monday the arrests of three people in an identity theft case and say that more arrests could follow. ...read full article

Medical identity theft red flags



Identity theft is a nightmare if it happens to you. Cleaning up your credit can take an enormous amount of time and effort. ...read full article

Police link fraud, ID theft to Uniontown woman



A Fayette County woman is accused of identity theft after allegedly obtaining credit in the names of her two young children and those of her parents. ...read full article

At UMC, audits show privacy lapses are not new


Past county audits found shortcomings in HIPAA compliance


...read full article

8 tips to keep your holiday shopping season bright


If you're heading out shopping this weekend, don't forget that a few simple steps can ward off thieves.


...read full article

Jets say someone hacked Clowney's Twitter account



On Monday, it appeared that Jets receiver David Clowney was on the Larry Johnson career path, via a Twitter rant that invited a fan via direct message to "kill yourself" and a string of "F" bombs on his public page. ...read full article

University hands confidential student records to media



The University Observer can exclusively reveal major security flaws within the UCD Registry, which allow an individual to gain access to the detailed academic records of any UCD graduate. ...read full article

Lori Bolsinger pleads not guilty to fraud



The wife of former Ashland Daily Tidings Editor Andrew Scot Bolsinger pleaded not guilty Monday to fraud and theft charges related to the pair's alleged swindling of investors of more than $200,000 through a string of failed downtown Ashland businesses they co-owned while he was the editor. ...read full article

Woman Arrested in $20K Scheme



Police have arrested a Cumberland County woman accused in a $20,000 check and credit card scam against PSECU and a North Middleton Township resident. ...read full article

Third iPhone worm targets jailbroken iPhones


The main visible symptom on the iPhone is intense battery drain as a result of the constantly-running SSH-attacking process that the worm starts


Another week, another worm hitting jailbroken iPhones. As with the previous exploits, which Rickrolled your phone's wallpaper and stole your data, this nasty piece of work burrows its way into your jailbroken device if you haven't changed the password for the iPhone's root account -- you have changed your root password, right? Right? ...read full article

Secure your jailbroken iPhone with a password change



So, you’ve jailbroken your iPhone, for whatever reason—because you want some functionality that’s not available from Apple, or because you’re a rebel—but you’re feeling a little wary after this week’s announcement of not just one but two exploits that affect jailbroken iPhone. ...read full article


November 23, 2009


Five ways to lose your identity (and wallet) this holiday season


How online shoppers can make their systems more attractive to online thieves


Computerworld - The holiday season is almost here, and even in a recession huge numbers of people will likely be shopping online for gifts this year. ...read full article

Global warming research exposed after hack



IDG News Service - An anonymous hacker has posted private e-mails, files and other documents belonging to a noted climate researcher, sparking an international debate between skeptics of global warming and those who see it as an urgent problem. ...read full article

Hackers post new attack code for Internet Explorer


Zero-day flaw is unreliable, but Symantec expects reliable exploits in the 'near future' for code that affects Internet Explorer versions 6 and 7


A hacker has posted attack code that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser. ...read full article

Privacy czar to probe files breach



B.C.'s privacy commissioner has launched his own investigation into how sensitive information from 1,400 income-assistance clients ended up at the home of a government employee. ...read full article

AMA meeting: Better data protection needed from Blues


New AMA policy says the national insurer needs to expand its offer of credit protection for doctors whose information was on a stolen laptop.


...read full article

First malicious iPhone worm slithers into wild



A Dutch internet service provider has identified a worm that installs a backdoor on jailbroken iPhones and makes them part of a botnet. ...read full article

New hacker peril for older IE versions


New species of unpatched bug bites IE6 and 7


...read full article

'Fingerprinting' RFID Tags: Researchers Develop Anti-Counterfeiting Technology



ScienceDaily (Nov. 19, 2009) — Engineering researchers at the University of Arkansas have developed a unique and robust method to prevent cloning of passive radio frequency identification tags. The technology, based on one or more unique physical attributes of individual tags rather than information stored on them, will prevent the production of counterfeit tags and thus greatly enhance both security and privacy for government agencies, businesses and consumers. ...read full article

Teen gets prison term for attack on Scientology Web site


Dmitriy Guzner also ordered to pay $37,500 to church for DDOS attack in 2008


Computerworld - A 19-year-old New Jersey man this week was sentenced to a year and a day in federal prison for attacking the Church of Scientology's Web site in January 2008. ...read full article

Former GEXA employee pleads guilty to computer intrusion



A former database administrator for GEXA Energy has been convicted following his guilty plea to intruding into his former employer’s computer database system. The conviction of Steven Jinwoo Kim, 40, was announced yesterday by United States Attorney Tim Johnson. ...read full article

Employer's DNA test rule raises legal concerns


Genetic checks on job applicants slammed


AKRON, Ohio—The University of Akron is expected to soon rescind a controversial rule that lets the university demand DNA samples from job applicants as part of a criminal background check. ...read full article

Mom accused of using kids' IDs to get credit cards



A Fayette County woman has been jailed on charges she used her father's identity, and those of her two young children, to try to open up dozens of credit card accounts. ...read full article

PayPal agrees to tighten security against money launderers and criminals



AUSTRALIA'S financial transactions regulator has given eBay subsidiary PayPal Australia until May next year to bulletproof its online payment service against money launderers and terrorism financiers. ...read full article

Woman charged with identity theft



A Decatur woman who was scamming Athens-area businesses was arrested at her home Saturday, according to the Winder Police Department. ...read full article

Defeating identity theft in Australia



In a major announcement in Canberra late this afternoon, Attorney General Hon. Robert McClelland launched a new Cyber Security plan and said that the Government had three main goals that "reflect the three elements of individuals, business and government." ...read full article

E-tailers snagged in marketing 'scam' blame customers



First the good news for consumers: the U.S. government's investigation into how dozens of well-known online stores worked with controversial marketers to "deceive" customers out of $1.4 billion has prompted some retailers, including Continental Airlines, to sever ties with the marketers. ...read full article

iPhone worm hjacks ING customers



Updated The second worm to infect jailbroken iPhone users reportedly targets customers of Dutch online bank ING Direct. Surfers visiting the site with infected devices are redirected to a phishing site designed to harvest online banking login details, the BBC reports. ING Direct told the BBC it planned to warn users' of the attack via its website, as well as briefing front line call centre staff on the threat. ...read full article

Facebook Hit With New CSRF Worm


Latest exploit replicates itself through bogus wall postings; security researchers wonder what else is out there.


Security researchers have identified a new worm spreading across Facebook, luring people out to adult Web sites and automatically replicating itself across people's profile pages. ...read full article

Physicians get 4th reprieve from FTC identity theft rule


The postponement until June 2010 comes as lawmakers consider exempting some physician practices from the "red flags" rule. The AMA wants all doctors excluded.


The delay in enforcement of a federal identity theft prevention rule could give physicians the time needed to secure legislative relief from what they say is an overreaching regulation by the Federal Trade Commission. ...read full article

Pennsylvania Police Arrest Woman for Allegedly Stealing Her Children's Identities



UNIONTOWN, Pa. — A southwestern Pennsylvania woman has been jailed on charges she used her father's identity, and those of her two young children, to try to open up dozens of credit card accounts. ...read full article

Defeating identity theft in Australia



Tonight, Attorney General Hon. Robert McClelland launched Australia's Cyber Security Strategy, formalising the roles, responsibilities and policies of the Australian intelligence, cyber and policing agencies. This includes the goals of education, secure operation and resiliency. ...read full article

Bank teller, 5 others charged in identity theft rings



WEST PALM BEACH - Six people, including a bank teller, have been arrested in a federal investigation into identity theft rings in South Florida. ...read full article


November 22, 2009


New state rules seek to prevent theft of customer information


New Massachusetts rules seek to prevent theft of customer info


BOSTON — .Five years ago, identity thieves intercepted wireless transmissions from two Marshalls stores in Miami, opening the floodgates for the biggest data breach in U.S. history. Now Massachusetts businesses are gearing up to comply with new state regulations designed to prevent a repeat of the breach at TJX Cos., the parent company of the Marshalls and T.J. Maxx chains. ...read full article


November 21, 2009


Wheat board couldn't explain to auditor why producers' 'personal data' sent to companies: document



OTTAWA - The Canadian Wheat Board, apparently for no reason, shared "sensitive information" about farmers with companies that handle grain, says a newly released document. ...read full article

Humboldt suspends police chief as DCI starts probe



Humboldt's police chief has been suspended over allegations that he improperly used driver's license and criminal history information available only to law enforcement officials. ...read full article

Winder police catch suspected holiday scammer



Winder police have captured the woman believe to be soliciting donations from local merchants in a fraudulent manner, said police. ...read full article

Increase in mistaken identity landing more innocent people in Collier, Lee jails



NAPLES — When Barron Collier High School assistant football coach Johnny Drummond Smith was arrested Monday on a domestic battery charge, it would take several days to clear his name. ...read full article

So Much Data, So Little Encryption


We surveyed almost 500 business technology professionals and found little end-to-end encryption use. Instead, we're doing only what auditors demand.


If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure--86% of the the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real story. Only 14% of respondents say encryption is pervasive in their organizations. Database table-level encryption is in use by just 26%, while just 38% encrypt data on mobile devices. And 31%--more than any other response--characterize the extent of their use as just enough to meet regulatory requirements. ...read full article

AZ Attorney General to investigate Health Net



A second state’s attorney general is opening an investigation into the Health Net breach that was only recently revealed six months after the data were either lost or stolen. ...read full article

Holmes hospital flags hacked e-mail


Hynes drops re-election bid amid patient privacy worries


A power struggle at Brevard County's largest hospital has taken a serious turn with allegations that the chief of the medical staff pilfered another doctor's e-mail account and violated patient confidentiality laws. ...read full article

Planned medical privacy rules redundant, says commissioner



EDMONTON — A new bill meant to clarify privacy rules for paramedics is redundant and threatens individual privacy, Alberta's information and privacy commissioner said on Friday. ...read full article

Miss. woman gets almost 7 years for identity theft



JACKSON — Bria Danielle Morris was sentenced to nearly seven years Friday for stealing the identity of someone she met at a women’s shelter and using it to rip off a charity, businesses and people. ...read full article


November 20, 2009


House committee passes cyber R&D, standards bill



Two draft bills intended to improve the security of cyberspace were combined into one piece of legislation that was passed Wednesday by the House Committee on Science and Technology. ...read full article

Microsoft denies it built 'backdoor' in Windows 7


Don't worry, company tells users; NSA involved only in security compliance standards


Computerworld - Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. ...read full article

Three indicted for Comcast hack last year



Three hackers have been indicted for redirecting the Comcast.net Web site to a page of their own making in 2008. ...read full article

Report suggests discrepancy between reported and actual data loss incidents



A study released by the Ponemon Institute suggests that the number of reported data loss incidents in the UK is significantly higher than 415 reported to the Information Commissioners' Office. ...read full article

New SSL attack can steal sensitive info from secure Web sites


Security researcher has developed generic attack code that could give hackers a very powerful phishing tool, but is keeping it private


A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack. ...read full article

Webroot reports on fake Verified by Visa phishing scam



IT security vendor Webroot says that a phishing scam purporting to come from Visa, the international card issuer, is scamming internet users as they start their online shopping for Christmas. ...read full article

Cyberattacks on U.S. military jump sharply in 2009



Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday. ...read full article

MS discovers flaw in Google plug-in for IE



Microsoft has helped discover a flaw in the Google Chome Frame plug-in for Internet Explorer users. ...read full article

Twilight ‘New Moon’ fans targeted for scareware and viruses



Twilight fans beware. A viral marketing campaign designed to exploit your anticipation over the New Moon movie coming out tomorrow may look like normal free media you’ve come to expect on the Internet. ...read full article

Database anonymity at risk, warns researcher



People might be more identifiable than previously thought from supposedly anonymised information contained in large databases, according to a technology law expert. New research recommends that privacy practices and even privacy laws need to change. ...read full article

IE8 bug makes 'safe' sites unsafe



The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe. ...read full article

IRS Pilot Program Will Allow Truncated Social Security Numbers on Information Returns



The IRS on Thursday announced a pilot program aimed at deterring identity theft (Notice 2009-93). Under the program, filers of certain paper information returns will be allowed to truncate the payee’s Social Security number on the payee statement. The change affects statements for 2009 and 2010. ...read full article

New IBM Database Flaw Could Affect Several Other Vendors' Products


Denial-of-service (DoS) attack vulnerability in IBM's SolidDB affects HP OpenView


It turns out a newly discovered vulnerability found and reported in HP OpenView was really a bug in an IBM relational database product deployed in OpenView -- and the vulnerability could affect many other applications that also use the so-called IBM SolidDB technology in their products. ...read full article

UMC has patient privacy leak


Without authorization from families, accident victims’ info sent to attorneys’ offices


...read full article

Pre-Paid Legal Services says FTC may sue



Pre-Paid Legal Services Inc., a network of independent law firms, said Thursday that the Federal Trade Commission may sue the company over allegedly misleading representations made by its identity theft prevention program. ...read full article

Inmate Charged with Identity Theft


The investigation revealed that an inmate obtained personal information from other inmates to fraudulently complete more than 50 Internal Revenue Service (IRS) tax refund forms totaling more than $88,000.


The Florida Department of Law Enforcement’s (FDLE) Tallahassee Regional Operations Center, Florida Department of Corrections’ (FDOC) Inspector General’s Office and United States Postal Inspection Service yesterday charged Michael William Joseph, 50, with fraudulent use of personal identification and organized fraud. ...read full article

Identity crisis: The threat of bulk thefts


Small thefts are reported most often, but identities online are still at risk


...read full article

Six arrested in crackdown on South Florida identity theft rings



A bank teller and five other people were arrested this week in a tri-county crackdown on identity theft rings in South Florida, according to the U.S. Attorney's Office. ...read full article

Husband arrested, wife flees in suspected identity theft case



A parolee was charged Thursday with stealing personal information from the mail of South Bay residents to commit identity theft, police said. ...read full article

Students Signing Up For Computer Hacking



The threat of cyber attacks on businesses and governments has led to a rapid increase in the number of universities offering students the chance to learn how to hack computer networks. ...read full article

Local briefs: Ex-Fresno Co. worker convicted of ID theft



A former Fresno County welfare worker was convicted Thursday of three counts of identity theft and four counts of receiving stolen property. ...read full article

2 women face sentencing in identity theft case



(AP) — JACKSON, Miss. - Two women faced federal sentencing Friday in scheme in which one of them stole the identity of someone she met at a women's shelter and used it to rip off people, businesses and charities. ...read full article

TEN MORE OPERATION FELONY LANE DEFENDANTS CHARGED IN TRI-COUNTY BANK FRAUD AND IDENTITY THEFT RING



The defendants are charged in a million dollar bank fraud and identity theft scheme. ...read full article

FORMER VP OF AREA CREDIT UNION CONVICTED OF BANK FRAUD AND AGGRAVATED IDENTITY THEFT



A former Senior Vice President of Area Operations for First Service Credit Union in Houston has pleaded guilty to embezzling more than $30,000 from his former employer, United States Attorney Tim Johnson announced today. ...read full article

Lost laptops shock watchdog


Privacy chief 'stunned' by casual way missing personal data treated


...read full article

Banks on watch after suspected card breach



IDG News Service - An apparent data breach in Spain has caused Visa and MasterCard to warn banks of possible fraudulent credit card transactions. ...read full article

Predictive Policing: A National Discussion



This week in Los Angeles, California, the Justice Department’s National Institute of Justice (NIJ) and Bureau of Justice Assistance (BJA) hosted the Nation’s first symposium on Predictive Policing. Predictive policing is a relatively new law enforcement concept that integrates approaches such as cutting-edge crime analysis, crime fighting technology, intelligence-lead policing and more to inform forward thinking crime prevention strategies and tactics. ...read full article

Notre Dame security breach potentially affects employees



Notre Dame is warning university employees to keep an eye on their bank accounts after a security breach. ...read full article


November 19, 2009


Lawmakers Slam Deceptive Web Marketers


Post-transaction marketing abuses bring calls for stronger oversight.


Three Internet companies -- Affinion, Vertrue, and Webloyalty -- and their hundreds of partners were pilloried by Senate lawmakers and academics on Tuesday for deceptive marketing tactics. ...read full article

Gov't executives cite unstructured data as top concern



More than cloud computing, mobile devices and Web 2.0 applications, unstructured data is the cyberthreat federal government IT executives are most worried about, according to a survey released Wednesday by the Ponemon Institute and IT management software and solutions vendor CA. ...read full article

1.5 Million Medical Files At Risk In Health Net Data Breach



A hard drive with seven years of personal and medical information on about 1.5 million Health Net customers, including 446,000 in Connecticut, was lost six months ago and was first reported Wednesday, state and company officials said. ...read full article

80,000 Mailers Sent Out With Recipients' Social Security Numbers In Plain View



Check your mailbox. Thousands of Pennsylvanians could become victims of identity theft just because a piece of mail has been sent to their homes. ...read full article

Spanish payment breach prompts huge German card recall


Holidaymakers at risk of fraud


...read full article

ISA report reveals email security lapse



The Independent Safeguarding Authority's first annual report reveals that it sent an email with confidential data to the wrong address. ...read full article

Palin claims webmail hack disrupted GOP campaign



Sarah Palin has described the hack of her webmail account as the "most disruptive" event in her campaign to become US vice president last year. ...read full article

NSA role in Windows 7 development raises privacy concerns


Privacy expert says the NSA could build backdoors that enable tracking users and intercepting communications, but security researchers dismiss the idea


The National Security Agency (NSA) worked with Microsoft on the development of Windows 7, an agency official acknowledged this week during testimony before Congress. ...read full article

McAfee, Inc. Warns Consumers about “The Twelve Scams of Christmas,” or Popular Online Attacks This Holiday Season


Cybercriminals Take Advantage of the Holiday Season, Aiming to Steal Consumers’ Money, Identities and Financial Information


...read full article

Many U.S. flights delayed; FAA probing glitch


Delays reported in Atlanta, Boston and New York-area airports


...read full article

NZ: Photos released after death may not be protected by privacy laws



Under U.S. privacy laws, HIPAA protections extend past death. The same does not appear to be true in New Zealand. ...read full article

DNA Testing Firm Goes Bankrupt; Who Gets the Data?



An Icelandic firm that offers private DNA testing to customers has filed for bankruptcy in the U.S., raising privacy concerns about the fate of customer DNA samples and records, according to the Times of London. ...read full article

Dura Identity Theft Investigation



MANCELONA, MI -- Around 300 employees at this Dura plant in Mancelona were handed a pink slip more than a year ago. This time it's a letter in their mailbox from the same company that is causing some concern. ...read full article

NJ men accused of collecting $11.5 million in tax scheme involving identity theft


Franklin, Old Bridge men accused of collecting millions in bogus tax refunds


A Franklin man and an Old Bridge man are among four facing federal charges in an alleged scam to collect nearly $11.5 million in bogus tax refunds using stolen identities, authorities said Wednesday. ...read full article

'Doppelganger' held for fraud



A Zimbabwean national was arrested after the man whose identity he allegedly stole tracked him down, Gauteng police said on Thursday. ...read full article

Security tech co McAfee warns Israel at cyber risk


Israel is among the world's five most vulnerable countries to a cyber attack on critical systems.


...read full article

Internet Check Biz Faces Contempt Order



LOS ANGELES (CN) - A federal judge granted the FTC's request to cite an Internet-based check service for contempt of court. Neovi and its operators violated a 2009 order telling them to stop running their business that lets people create and e-mail checks without verification of users' identities or their authority to draw funds on the accounts they use, the FTC said. It seeks daily fines and imprisonment if it doesn't stop. ...read full article

Class Claims Facebook & Zynga Duped Them



SACRAMENTO (CN) - Facebook and game developer Zynga help to scam customers with misleading ads that dupe them into revealing their telephone and credit card numbers and then bill them for bogus charges, a class action claims in Federal Court. ...read full article


November 18, 2009


Two held in global PC fraud probe



Two suspected computer hackers have been arrested in Manchester in a major inquiry into a global internet scam designed to steal personal details. ...read full article

Classes Seek Millions for DMV Data Grabs



KANSAS CITY, Mo. (CN) - Southwestern Bell is the latest in a series of class-action defendants accused of using misrepresentations to get confidential data from a Department of Motor Vehicles database "for commercial purposes." ...read full article

Credit card security breach fear



Reports are being investigated of a major credit card scam in Spain. ...read full article

How to hack China for just $1,800



IDG News Service - Fraudsters may have a hot deal waiting for them in the form of an obscure Chinese domain name that's for sale on the Internet. ...read full article

Justice, NSC lead review of cyber laws



The Justice Department and the National Security Council are leading a review of all laws that apply or could apply to cyberspace. ...read full article

No jail for ex-cop over sex snooping



A FORMER West Australian detective has escaped a jail term for using the police computer system to access the details of more than a dozen women he fancied. ...read full article

RIM security chief sees smartphone attacks on horizon



TORONTO/BOSTON (Reuters) - Hackers could one day turn ordinary smartphones into "rogue" devices to attack major wireless networks, Research In Motion's security chief warned. ...read full article

Survey finds Mac, PC users are equal cybercrime victims



Because of phishing, operating a Mac yields no more protection from cybercrime than running a Windows machine, according to a survey conducted by security firm ESET. ...read full article

China Defense Ministry Site Fends off Hackers


The Web site of China's defense ministry was attacked 2.3 million times in its first month online, Chinese state media said.


The report is a reminder that Chinese government and military bodies, often accused of cyberespionage against the U.S. and other countries, are also frequently attacked online. ...read full article

Woman sentenced for identity theft



CHARLESTON, W.VA. -- Ramona Mack, 40, of Winfield was sentenced by U.S. District Judge Robert Chambers to 40 months in prison for aggravated identity theft and theft of government benefits. ...read full article

Credit card pickpocketers arrested



Fairfax County police said they have arrested three members of a credit card pickpocketing ring. ...read full article

Smartphones: A Bigger Target for Security Threats



As the iPhone, BlackBerry, and other devices have become more popular, harmful software such as viruses and spyware is emerging to exploit their vulnerability ...read full article

FBI Suspects Terrorists Are Exploring Cyber Attacks



The Federal Bureau of Investigation is looking at people with suspected links to al Qaeda who have shown an interest in mounting an attack on computer systems that control critical U.S. infrastructure, a senior official told Congress Tuesday. ...read full article

UK police reveal arrests over Zeus banking malware



IDG News Service - British police said Wednesday they've made the first arrests in Europe of two people for using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC. ...read full article

ALERT -- Social security numbers found in area library books



TOLEDO, Ohio (WTOL) - Folks have been warned about not giving out personal information, but never knew an old library book could hold clues to their identities. ...read full article

Dover's Wentworth-Douglass Hospital now ID'ing patients



DOVER — Wentworth-Douglass Hospital and all primary and specialty care practices affiliated with the hospital have implemented a new policy where patients must provide photo identification during their next visit, if they haven't done so already. ...read full article

Second-hand ATM trade opens up fraud risk


Craigslist cash machine contains 1,000 card numbers


...read full article

UK cybercops cuff ZeuS Trojan suspect pair


Alleged Bonnie and Clyde of malware


...read full article

Bill would restrict P2P use on government networks


House bill is in response to embarrassing data leaks


Computerworld - House lawmakers introduced a bill that would restrict the use of peer-to-peer technology on government networks in response to several embarrassing data leaks. ...read full article

The uninsured turn to fraud


Uninsured use identity theft to win access to care


Identity theft in health care is rising dramatically as a way for uninsured patients to receive treatment, according to the chief investigator for the state’s largest medical insurer. ...read full article


November 17, 2009


Hackers Breach State Database


Affected Servers Hold Worker's Compensation Information


LINCOLN, Neb. -- A hacker has broken into the Nebraska Worker's Compensation database, prompting an FBI investigation and an effort to contact those who may be affected. ...read full article

Trojans likely to follow Win 7 activation hack



Trojan attacks are likely in the wake of the Windows 7 product activation system cracks developed last week, less than a month after the release of Microsoft's latest operating system. ...read full article

Are nations paying criminals for botnet attacks?



Network World - Nations that want to disrupt their enemies' banking, media and government resources don't need their own technical skills; they can simply order botnet attack services from cybercriminals. ...read full article

Chicago's Camera Network Is Everywhere


Extensive Surveillance System Integrates Nonpolice Video, Raises Concerns About Possible Privacy Abuses


A giant web of video-surveillance cameras has spread across Chicago, aiding police in the pursuit of criminals but raising fears that the City of Big Shoulders is becoming the City of Big Brother. ...read full article

3 charged in identity theft scheme



Federal agents have charged three women in connection with a scheme to allegedly use identity thefts to defraud local banks. ...read full article

The Queen could better manage security of personal information than civil servants are



Her majesty’s servants seem to be lacking any sense of responsibility these days. ...read full article

FAQ: Recognizing phishing e-mails



If you have received an e-mail from the Internal Revenue Service or the Federal Deposit Insurance Corporation, chances are it was a phishing attempt. If you received e-mail from your bank, PayPal, or Facebook urging you to immediately verify information or risk having your account suspended, it was undoubtedly phishing. ...read full article

Nations arming for cyber war, says McAfee


An increasing number of attacks carried out over the internet have explicitly political goals, according to a report by security firm McAfee.


The US, Russia, France, Israel and China are armed with cyberweapons, the report said, with the UK, Germany and North Korea preparing for a future in which conflict is partly conducted through the internet. ...read full article

UK mobile phone company staff sell customer data


The personal data of thousands of mobile phone users has been sold by staff at one of the UK's major mobile phone firms.


The Information Commissioner's Office (ICO) said investigators have been working with the mobile telephone company. It had suggested to the ICO that employees allegedly sold details relating to customers' mobile phone contracts, including when their contracts expire. The ICO investigation revealed that the information has been sold on to several brokers for large sums. ...read full article

Verisign hopes to end phishing attacks


Verisign has begun working with the internet community to deploy DNS Security Extensions (DNSSEC), which could put a stop to phishing scams.


The internet security company is working to roll out the DNSSEC security standard across all .com and .net top-level domain names (TLDs) to protect users against man-in-the-middle-style attacks. ...read full article

ID theft laws stuck in queue


NEW laws aimed at preventing identity theft and giving victims a means of untangling the mess are languishing in federal parliament, 10 months after they were introduced to the Senate by then human services minister Joe Ludwig.


The Identity Crimes Bill adds three identity offences to fill gaps in existing laws: trafficking in identity data (up to five years' imprisonment); possession with intent to commit a crime and possession of equipment for the purpose of identity theft (both a maximum three years). ...read full article

Anti-skimming legislation 'toughest in Australia'


The Western Australian Attorney General, Christian Porter has unveiled legislation which he says will produce the toughest anti-identity theft and card-skimming laws in the country.


Under the proposed laws, anyone caught with another person's identity information or in possession of equipment used to make, supply or transmit the material with intent to commit a crime, will face a maximum five years imprisonment. ...read full article

Laptop with voter details goes missing


A computer with personal data of more than 14,000 voters has gone missing from the offices of a local authority.


The laptop disappeared from offices in St Albans in what is thought to be an opportunistic theft. ...read full article

Sprint customer seeing red over unauthorized payments



So you keep a credit card or debit card on file with a business so that you can call up to conveniently make a payment by phone? One individual found out that the convenience enabled a stranger to authorize $1000 in deductions from his bank account to pay his Sprint account. ...read full article

New HIMSS Analytics Survey Reveals Healthcare 'Business Associates' Are Unprepared for Data Breach



68 Percent of Provider Respondents Indicated that the HITECH Act's Expanded Breach Notification Requirements will Result in More Discovery and Reporting of Incidents ...read full article

Most security products flunk quality tests



Nearly 80 percent of security products that are sent for certification fail to perform as intended during the initial round of tests, and generally require additional two or more cycles of testing before they are certified, said ICSA Labs. ...read full article

US govt to disclose findings in Web 'mystery charge' probe



The so-called mystery charges that have appeared on some of their customers' credit card statements will come under scrutiny at a hearing held by the U.S. Senate Committee on Commerce, Science and Transportation. ...read full article

Federal Regulators Issue Final Model Privacy Notice Form



Eight federal regulatory agencies today released a final model privacy notice form that will make it easier for consumers to understand how financial institutions collect and share information about consumers. Under the Gramm-Leach-Bliley Act (GLB Act), institutions must notify consumers of their information-sharing practices and inform consumers of their right to opt out of certain sharing practices. The model form issued today can be used by financial institutions to comply with these requirements. ...read full article

Vulnerability in Wikipedia Toolbar for Firefox



Security service provider Secunia has discovered a critical vulnerability in the Wikipedia Toolbar extension for Firefox that can be exploited by an attacker to compromise a victim's system. According to the report the cause of the problem is due to the application using invalidated input in a call to eval() which can be exploited to execute arbitrary JavaScript code. ...read full article

FBI Says Hackers Targeting Law Firms, PR Companies


FBI alert says hackers increasingly targeting lawyers offices, public relations firms


Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas. ...read full article

Ex-MI5 agent in memoirs battle sues newspaper for naming him


Lawyers for undercover agent in war on terrorism threaten Guardian with injunction though his name circulates online


A former MI5 secret agent is suing the London Evening Standard for revealing his name, his lawyers say, in an attempt to extend Britain's privacy laws to cover the identity of intelligence officers. ...read full article

T-Mobile investigated for leaking customer data***UPDATE****


Company reveals it is part of ICO investigation


T-Mobile has sensationally revealed it is part of an investigation by the Information Commissioner's Office into a data breach, after it was found that certain staff within the company had allegedly sold on thousands of people's details to competitors. ...read full article

Watchdog raises alarm over security measures


Ottawa is collecting too much information through anti-money laundering agency and failing to regulate no-fly list, Privacy Commissioner says in annual report


OTTAWA – Were you the person who recently cashed a government-issued cheque for under $300 at your local trust company? You probably never expected to be flagged as suspicious, but you were, says Canada's privacy commissioner in a new audit of Canada's financial watchdog agency. ...read full article

Attorney General Eric Holder Speaks at the Financial Fraud Enforcement Task Force Press Conference



Good afternoon. I am joined here by some of my partners in the new effort we are launching today, Secretary of the Treasury Tim Geithner, Secretary of Housing and Urban Development Shawn Donovan, and Robert Khuzami, the Director of Enforcement at the Securities and Exchange Commission, who is here representing SEC Chairwoman Mary Schapiro. ...read full article

President Obama Establishes Interagency Financial Fraud Enforcement Task Force



WASHINGTON – Attorney General Eric Holder, Treasury Secretary Tim Geithner, Housing and Urban Development (HUD) Secretary Shaun Donovan, and Securities and Exchange Commission (SEC) Chairwoman Mary Schapiro today announced that President Barack Obama has established by Executive Order an interagency Financial Fraud Enforcement Task Force to strengthen efforts to combat financial crime. The Department of Justice will lead the task force and the Department of Treasury, HUD and the SEC will serve on the steering committee. The task force’s leadership, along with representatives from a broad range of federal agencies, regulatory authorities and inspectors general, will work with state and local partners to investigate and prosecute significant financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, address discrimination in the lending and financial markets and recover proceeds for victims. ...read full article

Obama administration unsure about new cybersecurity laws



IDG News Service - Current laws addressing cyber crime aren't adequate to address growing attacks on the government and businesses, a representative of U.S. President Barack Obama's administration said Tuesday. ...read full article

Merchants caught in middle of Heartland, VeriFone dispute


Battle over encryption technology could leave thousands with questionable support


Computerworld - Tens of thousands of customers of Heartland Payment Systems are finding themselves caught in the middle of an escalating war between the payment processing vendor and point-of-sale terminal vendor VeriFone Inc. ...read full article

Healthcare Affiliates Unprepared For Data Breaches


Patient privacy is at risk from the companies that healthcare providers do business with, study says.


Companies that do business with healthcare providers, including accounting firms and offshore transcription vendors, are unprepared to meet data breach obligations included in new federal regulation, according to a survey released Tuesday. ...read full article

Thousands of web sites compromised, redirect to scareware



Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware. ...read full article

E.On reveals customer bank data


The personal details of 817 E.On customers have been disclosed in error.


E.On said it was trying to find out how it happened and was in the process of contacting all of those affected. It has apologised for the mistake. ...read full article

Shadowserver to Take Over as Mega-D Botnet Herder



An effort is underway to clean up tens of thousands of computers infected with malicious software known for churning out thousands of spam messages per hour. ...read full article


November 16, 2009


Online gangs cash in on swine flu



LONDON (Reuters) - Criminal gangs are making millions of dollars out of the H1N1 flu pandemic by selling fake flu drugs over the internet, a web security firm said on Monday. ...read full article

Raleigh woman sentenced in ID theft scam



A Raleigh woman has been sentenced to one year and one day imprisonment in an identity theft case in federal court, according to a statement issued by United States Attorney George E.B. Holding. ...read full article

Customers' Info Stolen From Blue Cross Office


68 Computer Hard Drives Contained Social Security Numbers


CHATTANOOGA, Tenn. -- One of Tennessee's largest holders of personal information confirms that an October theft from a Chattanooga office affects about 2 million of its clients. ...read full article

Report: Countries prepping for cyberwar



Major countries and nation-states are engaged in a "Cyber Cold War," amassing cyberweapons, conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee. ...read full article

Union County man is indicted for allegedly stealing Internet domain names



A Union County man who is accused of pilfering an Internet domain name from a Miami-based company and then selling it to a professional basketball player for more than $100,000 was indicted today on theft charges, authorities said. ...read full article

The Botnet Hunters


They're the Internet equivalent of storm chasers, spending endless hours scanning and sleuthing, looking for the telltale signs of botnets. Here's an inside look at the battle against cybercrime's weapons of mass infection.


A self-proclaimed geek from the age of 14, Andre DiMino had always been interested in computers and networking. But it wasn't until he entered his professional life many years later that he became interested in the security side of that world. ...read full article

How Secure Is Cloud Computing?


Cryptography solutions are far-off, but much can be done in the near term, says Whitfield Diffie.


Cloud computing services, such as Amazon's EC2 and Google Apps, are booming. But are they secure enough? Friday's ACM Cloud Computing Security Workshop in Chicago was the first such event devoted specifically to cloud security. ...read full article

HIGH-TECH HEIST


2,100 ATMs Worldwide Hit at Once


It was a highly sophisticated and cleverly orchestrated crime plot. And one unlike any we’ve ever seen before. ...read full article

Real ID program in deep trouble



Computerworld - A decision by lawmakers to slash funding for the unpopular Real ID national driver's license program has put an already struggling initiative on life support. The U.S. Senate recently approved a $43 billion budget for the U.S. Department of Homeland Security for the federal government's 2010 fiscal year, which began Oct. 1. The appropriation called for substantial increases in DHS spending in several key technology areas but slashed Real ID funding by 40%, from $100 million to $60 million. ...read full article

Police probe breach of NHS smartcard security as e-records launched in London


An NHS trust at the forefront of work on the £12.7bn NHS IT scheme has called in police after a breach of smartcard security compromised the confidentiality of hundreds of electronic records.


Patients in Hull have expressed their dismay that an unauthorised NHS employee has accessed their confidential records; and the local primary care trust, NHS Hull, says it is "shocked" at the breach of security by a member of staff who has since left. ...read full article

GMH Issues Notice of Breach of Unsecured Health Information



Guam- Pursuant to the federal Health Information Technology for Economic and Clinical Health Act, Guam Memorial Hospital Authority has issued a notice of breach of unsecured health information after a laptop computer used by the GMHA Employee Health Office was stolen from the Guam Memorial Hospital. A file on the computer contained limited health information on approximately 2,000 employees, volunteers, contractors and physicians. ...read full article

Password theft via vulnerability in SSL/TLS protocol



e vulnerability in the design of the SSL/TLS protocol revealed earlier this month can apparently be used to carry out attacks in practice. On his blog, student Anil Kurmus reports that he was able to steal a Twitter password by using a man-in-the-middle attack. Until now it had been assumed that the problem was largely theoretical and would be made manifest only in very limited scenarios. The design weakness can be exploited by attackers to inject content into secure connections. ...read full article

MasterCard to authenticate online transactions by phone



IDG News Service - In the face of mounting threats from hackers, MasterCard said today it will use mobile phones to improve security for online transactions. ...read full article

Gang sentenced for UK bank trojan



A British court has sentenced four men to prison after they admitted they used sophisticated trojan software to steal almost £600,000 from bank accounts and send it to Eastern Europe ...read full article

Spammers aim to profit from swine flu pandemic



Russian cybercrooks have laid the groundwork needed to build a business cashing in on swine flu panic-buying. ...read full article

Agents sentenced for filing bogus life policies to get commissions



Two California life insurance agents received probation and must pay thousands of dollars in restitution after filing faulty applications in order to receive commissions. ...read full article

Identity fraud increases by third as recession tightens cash flow



CASES of identity fraud across the UK have risen by a third in the first nine months of the year as the recession bites, says fraud prevention agency CIFAS. ...read full article


November 15, 2009


Taxpayers foot bill for employees being sued by ‘Joe the Plumber’



COLUMBUS — Ohio taxpayers are right in the middle of the civil rights lawsuit that Samuel Joseph — “Joe the Plumber” — Wurzelbacher has filed against three former state employees, charging that they illegally accessed his confidential information through state databases. ...read full article


November 14, 2009


N.Y. man charged with identity theft



WALLINGFORD — A sharp-eyed bank teller foiled a man’s attempt Thursday to steal $5,000 from a Bank of America account using fake identification. ...read full article

Microsoft confirms first Windows 7 zero-day bug


Company urges users to block ports until a patch is ready, but the workaround cripples browsers


Microsoft late on Friday confirmed that an unpatched vulnerability exists in Windows 7, but downplayed the problem, saying most users would be protected from attack by blocking two ports at the firewall. ...read full article

Biometrics sparks privacy fears in Ireland



Collecting biometric information could put civil liberties and privacy at risk, despite considerable benefits, says the Irish Council for Bioethics (ICB). ...read full article

The Cyberwar Plan


It's not just a defensive game; cyber-security includes attack plans too, and the U.S. has already used some of them successfully.


In May 2007, President Bush authorized the National Security Agency, based at Fort Meade, Md., to launch a sophisticated attack on an enemy thousands of miles away without firing a bullet or dropping a bomb. ...read full article

Job search scams: Protect yourself against identity theft


Identity theft rings have set their sights on the people who are unemployed and looking for work. Here's how to ensure you don't end up a victim.


As unemployment has increased, so too has the number of job search scams identity theft rings are perpetrating against desperate job seekers. ...read full article


November 13, 2009


Sophisticated parcel mule scam unpicked


Middlemen stung by work-from-home scam


...read full article

Adobe Flash attack vector exploits insecure web design


User-supplied malware upload peril


...read full article

Press Copy to have your Identity Stolen



A Call for Action investigation a year in the making reveals one possible way thieves could get a hold of your personal information. ...read full article

Microsoft defends Hotmail's cookie requirement


Log out block 'good for security'


Microsoft has said its new policy of requiring users to accept third party cookies to log out of Hotmail improves security. ...read full article

Nandan Nilekani's Confidential UID Document Leaked Options



Wikileaks is a website that publishes anonymous submissions and leaks of sensitive governmental, corporate, or religious documents, while attempting to preserve the anonymity and untraceability of its contributors. Wikileaks today published the Confidential plan on UID Wikileaks Tweet Says : Confidential plans for 1.2 billion ID cards: Creating a unique ID for every resident in India ...read full article

The Low-Tech Reality of Identity Theft


Stop worrying so much about that vaguely Eastern European computer hacker and start worrying about that clerk at the DMV.


...read full article

Florida Man Gets Prison for Fraud, Identity Theft in Arizona



A Florida man who worked as car salesman in Southern Arizona has been sentenced to five years in federal prison for bank fraud and identity theft. ...read full article

Online fraudsters use spam campaign to target payment transfer system


Messages warn of an ACH transfer problem and try to get users to install the Zeus malware


A new spam campaign is targeting a financial transfer system that handles trillions of dollars in transactions annually and has proved to be a fertile target of late for online fraudsters. The spam messages pretend to come from the National Automated Clearing House Association (NACHA), a U.S. nonprofit association that oversees the Automated Clearing House system (ACH). ...read full article

Keeping Pacemakers Safe from Hackers


Communicating with ultrasound could help make implantable medical devices safe from attack.


Manufacturers have started adding wireless capabilities to many implantable medical devices, including pacemakers and cardioverter defibrillators. This allows doctors to access vital information and send commands to these devices quickly, but security researchers have raised concerns that it could also make them vulnerable to attack. ...read full article

ID Theft Ringleader Gets 11 Years



ALEXANDRIA, Va. - The man federal prosecutors called the ringleader of a nationwide identity theft ring has been sentenced to more than 11 years in prison. ...read full article

Estonians charged in 'highly sophisticated' hacking case



TALLINN - Five Estonians have been charged in a high-profile computer hacking case that allegedly saw the defendents steal more than 9 million US dollars in just one day. ...read full article

Hackers hit Vancouver Schools



Thousands of Vancouver School District employees could be at risk of identity theft after hackers broke into the district's finance system software last week. ...read full article

15 charged in costumed ID theft ring



NEW YORK -- Prosecutors say a crime ring combined old-fashioned pickpocketing, modern-day identity theft and an array of costumes to steal more than $600,000 from victims' bank accounts. ...read full article

Tech Giants Aim To Master Disaster


Microsoft, Google, Yahoo form alliance to develop software solutions for improving emergency response efforts.


Three of the world's top tech firms, along with the U.S. space agency, have teamed up to develop software they hope will help organizations better prepare for, and respond to, disasters such as natural catastrophes and terrorist strikes. ...read full article

Consumer modems are worsening DNS problem linked to DDoS attacks


As more consumers demand broadband, ISPs are rolling out modems configured to accept DNS queries from all sources, including hackers


Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS, making it easier for hackers to launch DDoS attacks against their victims. ...read full article

Fake Verizon 'balance-checker' is a Trojan



IDG News Service - Cyber-criminals have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a "balance checker" program to review their payments. ...read full article

Teen Decoy a 'Victim' in Sex Offender's Sentencing



CN) - A 14-year-old decoy from an Internet sting operation can be considered a "victim" in sentencing a sex offender as a sexually violent predator, the Colorado Court of Appeals ruled Thursday. ...read full article

Weaknesses in CALEA Wiretaps



This week in Chicago, Micah Sherr, Gaurav Shah, Eric Cronin, Sandy Clark, and I have a paper at the ACM Computer and Communications Security Conference (CCS) that's getting a bit more attention than I expected. The paper, Can They Hear Me Now? A Security Analysis of Law Enforcement Wiretaps [pdf] examines the standard "lawful access" protocols used to deliver intercepted telephone (and some Internet) traffic to US law enforcement agencies. Picking up where our 2004 analysis of wireline loop extender wiretaps [pdf] left off, this paper looks at the security and reliability of the latest communications surveillance standards, which were mandated by the 1994 Communications Assistance for Law Enforcement Act (CALEA). The standards, it turns out, can leave wiretaps vulnerable to manipulation and denial of service by surveillance targets who employ relatively simple technical countermeasures. ...read full article

Amazon called out over cloud security, secrecy


Amazon EC2 lacks many enterprise features, Burton Group says


Amazon's cloud computing service should not be used for applications that require advanced security and availability, the Burton Group analyst firm says in a report accusing Amazon of secrecy regarding its cloud data centers. ...read full article

Boxes of medical files found abandoned



SOUTH BEND — An agent with the Indiana attorney general’s office removed 21 boxes of medical records from a downtown office building Friday that contain the personal information of hundreds of local people. ...read full article

Man-in-the-middle attacks demoed on 4 smartphones



Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones. ...read full article

San Jose man pleads guilty in attempt to buy $760,000 home by fraud



In the following press release the Santa Clara County (CA) District Attorney annouced that at arraignment this week, 42-year old Lawrence Maschino pleaded guilty to charges including writing checks with insufficient funds, using a victim’s personal information without authorization, and grand theft of personal property over $400. In addition, Mr. Maschino has three prior felony convictions for similar offenses. ...read full article

Three plead guilty in Builder Bail-Out / Kickback /ID Theft scheme



n the following press release the United States Attorney’s Office for the Central District of California announced that the former director of sales for a Colorado real estate company that built luxury homes throughout the state agreed in court papers filed today to plead guilty to a federal conspiracy charge, admitting that he and other company officials participated in a $16 million “builder bailout” scheme in which buyers of $1 million-plus homes were paid kickbacks if they purchased homes from the company. ...read full article

Former Missouri resident pleads guilty to obtaining mortgage using mothers ID



In the following press release Michael W. Reap, Acting United States Attorney for the Eastern District of Missouri announced that Susan Feaman, formerly of Perryville, Missouri, has pleaded guilty to charges of interstate transportation of stolen property and identity theft. ...read full article

Personal data of Cal Poly Pomona applicants inadvertently put online



The Social Security numbers, home addresses and phone contacts for at least 300 students who applied for admission to Cal Poly Pomona six years ago were unintentionally disclosed online, the university said today. ...read full article

Data breach could affect 60,000 GIs, civilians



The Corps of Engineers is investigating the recent loss of an external hard drive that could pose identify theft problems for as many as 60,000 soldiers and Army civilians. ...read full article


November 12, 2009


Work-At-Home Company Called a Scam



CHICAGO (CN) - Pacific WebWorks runs a "work-at-home" Internet scam that falsely promises people can earn "thousands of dollars" by buying a "Google Business Kit," then charges outrageous, hidden monthly fees, according to a class action in Cook County Court. It's not the first recent case in which a company is accused of using (nonparty) Google's name to sucker people for money. ...read full article

Health Insurer Violated Privacy, Class Claims



MILWAUKEE (CN) - Aurora Health Care revealed patients' health care records in its bankruptcy filing, a class action claims in Milwaukee Federal Court. The class claims Aurora violated federal court orders by including in its bankruptcy filing Proofs of Claim that disclose policyholders medical treatments and records. ...read full article

Resort worker sentenced for ID theft



A man who worked at a Florida resort received a time-served jail sentence for stealing the identities of more than 100 vacationers, including some from Collegeville and West Norriton, and using the credit card information to pay for his own trips. ...read full article

Barcelona hospital has opened a disciplinary case against the doctor patient details on the street



The inquiry said the information found did not exceed 40 pages, containing a list of monitored cardiac transplant patients - dated March 2007 - and some discharge reports ...read full article

Caltex clerk stole customers' credit cards: police



A Norseman petrol station clerk splurged on mobile phones after stealing credit card details from customers, police claim. ...read full article

UK's cyber warriors go into battle in March



The UK's new cyberwarfare unit will be ready for action on 10 March, according to the government. ...read full article

Indian police arrest company boss accused of selling medical records of British patients



The head of an Indian outsourcing company has been arrested for selling confidential medical records of patients treated at one of Britain's top private hospitals. ...read full article

Gumblar: New Generation of Self-Building Botnets



We've been looking at the infrastructure of the Gumblar malware and found some curious facts on how Gumblar operates which we would like to share to make hosting owners aware of the Gumblar threat. ...read full article

T.O. man sentenced for identity theft



Visanio Eugene Vann, 47, of Thousand Oaks was sentenced last week in Los Angeles to 95 months in federal prison for orchestrating an identity theft scheme in which he used personal identifying information taken from dozens of mortgage and credit files to fraudulently obtain credit cards that were used to purchase more than $1 million in goods and services. ...read full article

Deputy arrested, charged with identity theft, forgery



A Knox County Sheriff's Office deputy was arrested at work Wednesday on charges that she stole a woman's identity and used it to buy thousands of dollars worth of furniture from at least one store, authorities said. ...read full article

Man sentenced for identity theft



Justin Bailey, 21, of Poca was sentenced Monday by United States District Judge Robert C. Chambers to two years in prison for aggravated identity theft. ...read full article

Court Ruling Jeopardizes Credit Card Privacy Law



The California Legislature long ago recognized the dangers associated with collecting and maintaining consumers’ personal identification information, finding that the practice put the physical safety of consumers at risk and jeopardized consumers’ financial security due to identify theft and credit card fraud. In response, the Legislature enacted an amendment to the Song Beverly Credit Card Act in 1990 to protect privacy rights guaranteed to consumers by Article 1, Section 1 of the California Constitution. A recent State Court of Appeal ruling now threatens to open a loophole in this law, enabling retailers to collect detailed personal information on customers who pay with credit cards. ...read full article

Hotmail imposes tracking cookies for logout


And where do you think you're going?


Hotmail users are now unable to log out of their account if the browser they are using does not accept third party cookies. ...read full article

Rhode Island Governor Vetoes Restrictions on RFID


Senate Bill 211 would have prohibited the technology's use to track the locations of students in the state's schools, while also limiting the way in which information from vehicle RFID programs, such as toll collection, is used.


Nov. 12, 2009—Rhode Island's governor, Donald Carcieri (R), has vetoed the latest effort by the state's legislature to pass a bill limiting how RFID technology would be employed to track students at schools and school functions, as well as vehicles as they are tracked by E-ZPass or other toll-collection systems. With his veto of Senate Bill 211 (S. 211) on Monday, Carcieri stated that local school and community officials should be allowed to decide if they need to use RFID to track students. He cited the potential for weather-related natural disasters, terrorist attacks or crimes that might prompt a school district to want to do so. ...read full article

MS Bracing For Malware Attacks From Embedded Fonts



Heads up to all Microsoft Windows users: If you’re running Windows 2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week. ...read full article


November 11, 2009


Possible identity theft reported at Mercy


Patient records may have been left accessible


Baltimore police are investigating a security breach at Mercy Medical Center that left an undisclosed number of patient records open to possible identity theft, according to the Maryland attorney general's office. ...read full article

Anatomy of the RBS WorldPay Hack



The four men whom a federal grand jury indicted this week for their alleged roles in a scam that stole millions of dollars from RBS WorldPay were no fools. The small crew of hackers had a distinct division of labor, operated with skill and efficiency and left one of the world's larger banks holding the bag. ...read full article

Feds Facing Daily Cyber Threats, Tight Budgets


New study highlights shortcomings in federal cybersecurity amid White House policy overhaul


Nearly one-third of federal agencies confront cyber threats every day, with many of the vulnerabilities stemming from foreign attacks and lax internal policies and employee habits, according to a study released today by IT contractor CDW-G. ...read full article

Facebook hit by ‘Control Your Info’ intruder


Social networking site had small number of groups affected, company says


Facebook was hit on Tuesday by a well-meaning intruder who took over some of the site's online groups as a way of sending a message: "Think about the safety in your social media life to the same extent you do in your real life." ...read full article

Burglary and theft account for a third of data security breaches


Fines for reckless data breaches will focus minds at Board level to improve security


...read full article

NSW unveils new ID theft laws



THE NSW government plans to create three new identity offences - trafficking in identity data, possession with intent to commit a crime, and possession of equipment for the purpose of identity theft - in an overhaul of the state's Crimes Act. ...read full article

Woman gets probation for ID theft that netted her free power from PPL



A medical assistant who stole personal information from patients and a co-worker and used it to get free power from PPL has been placed on two years' probation. ...read full article

Drawing Security-Spooked Customers Into the E-Commerce Fold



There's a huge base of potential customers online every day who look but don't buy. ...read full article

2009 Data Breaches: An Interactive Timeline


A Look at the Top Breaches Involving U.S. Financial Institutions


...read full article

The PC Privacy Battle at the Border



Border protection agents have extensive rights to search electronic devices that travelers take with them through U.S. ports of entry.However, relatively few searches are actually conducted. ...read full article

Putnam man gets two years for identity theft



HARLESTON, W.Va. -- A Putnam County man was sentenced Monday in federal court to two years in prison for aggravated identity theft, the U.S. Attorney's Office announced. ...read full article

Hackers Indicted in Widespread ATM Heist



WASHINGTON -- The U.S. Justice Department indicted eight Russian and Eastern European computer hackers, alleging they were part of a crime ring that allegedly broke into ATMs in hundreds of cities world-wide and stole $9 million in a matter of hours. ...read full article

Microsoft patches critical hole in Windows kernel



Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer. ...read full article

How to DDOS a federal wiretap



IDG News Service - Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S. ...read full article

Hackers pillage jailbroken iPhones


Portable attack runs on Windows PCs and Macs, then sniffs out nearby iPhones to plunder


mputerworld - Hackers are plundering personal data from jailbroken iPhones using the tactic demonstrated last week by an Australian programmer's self-described "prank," researchers said today. ...read full article

Survey: Healthcare Companies Not Ready For New Privacy And Security Regulations


Crowe Horwath LLP and Ponemon Institute release findings on HITECH compliance readiness


OAK BROOK, Ill. (Nov. 11, 2009)—A recent survey of healthcare organizations found that 94 percent believe they are not ready to comply with the privacy and security provision of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The new provisions take effect in February. The survey of 77 U.S. healthcare organizations was conducted by the Ponemon Institute and sponsored by Crowe Horwath LLP, one of the largest public accounting and consulting firms in the U.S. ...read full article

Bing hit by costly security loophole



It has spent hundreds of millions of dollars trying to take on Google, but Microsoft's Bing search engine was facing embarrassment today, after it emerged that a security loophole could allow users to skim huge sums of money from the system without its knowledge. ...read full article

Stolen Laptop Contained Social Security Numbers of Students & Alumni



Bloomsburg University of Pennsylvania is notifying current and former students who were enrolled in psychology professor Julie Kontos' classes from spring 2004 through the summer of 2006 about the possible loss of their social security numbers when a laptop was stolen from a campus office. ...read full article

Holiday Shopping Brings Identity Theft Warning



BLOOMINGTON, Minn. (WCCO) ? Like falling leaves, decorations hanging from the Mall of America signal a change of seasons. This is a time when holiday gift buyers will grab for the plastic and give it to the clerk. Holiday shopping is well underway. ...read full article

Stolen USB Drive Puts Tennessee Students at Risk


A purloined USB drive contains thousands of student Social Security Numbers -- exposing 16,000 to potential identity theft.


Roane State Community College in Harriman, Tenn. is the latest institution of higher learning to accidentally divulge sensitive personal information thanks to a stolen USB drive that exposed almost 16,000 student and employee Social Security numbers last month. ...read full article

The AICPA Files Lawsuit Challenging Application of Federal Trade Commission's "Red Flags Rule" to CPAs



HINGTON--(BUSINESS WIRE)--The American Institute of Certified Public Accountants filed a lawsuit in the U.S. District Court for the District of Columbia seeking an injunction barring the Federal Trade Commission from applying its so called Red Flags Rule, which would impose onerous and unnecessary requirements on AICPA members. ...read full article


November 10, 2009


Breach notification laws get green light



The EU has announced that "nothing stands in the way" of its ePrivacy Directive, paving the way for stronger rules surrounding data breaches and other privacy issues. ...read full article

Queensland Police email private details of traffic offenders



AN internal police intelligence document that detailed the private information of up to 12 traffic offenders already dealt with was leaked to as many as 50 people outside the Queensland Police Service. ...read full article

Winnipeg bank customers defrauded



Hundreds of Winnipeggers woke up on the weekend to discover that while they were sleeping, criminals were awake and stealing money from their bank accounts. ...read full article

Vancouver schools' employee data breached


Payroll system compromise imperils workers’ information


...read full article

Rickroll virus attacks iPhones



An Australian has released a virus for the Apple iPhone, 'ikee', which replaces the infected device's background picture with an image of singer Rick Astley. ...read full article

Google fixes risky Chrome bugs



Google has updated its Chrome browser to fix a critical bug that could allow an attacker to execute malicious code on a user's system. ...read full article

Pirates get a taste of Microsoft COFEE


Microsoft's Computer Online Forensic Evidence Extractor (COFEE) software, which helps law enforcement officials grab data from password protected or encrypted sources, has leaked.


Microsoft's Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it quickly for everyone to get a taste. The COFEE application uses common digital forensics tools to help law enforcement officials at the scene of a crime gather volatile evidence of live computer activity that would otherwise be lost in a traditional offline forensic analysis. In other words, it lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people's computers. ...read full article

Apple update tackles domain spoofing, other attacks



Apple on Monday released a large security update for Mac OS X that fixes dozens of vulnerabilities and provides protection against potential attacks exploiting a weakness in the protocol used to verify that a domain is legitimate. ...read full article

MassMutual Warns Of Data Breach


Database may have been compromised via third party vendor


A leak at a third-party service provider may have caused a compromise of employee and customer data at insurance giant MassMutual, the company says. ...read full article

Alleged International Hacking Ring Caught in $9 Million Fraud


Major Credit Card Processor Victimized in Elaborate Theft of Account Numbers


Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person known only as "Hacker 3;" have been indicted by a federal grand jury in Atlanta, Ga., on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland. ...read full article

Car Dealers May Be Held Responsible For Identity Theft



The Harris County District Attorney's Office is cracking down on identity theft used to purchase cars, but the thieves aren't the only targets. ...read full article

Coke given zero penalty for SMS campaign



COCA-COLA says it never intended to spam mobile phone users and will take steps to ensure it doesn't happen again. The Australian Communications and Media Authority (ACMA) has accepted enforceable undertakings from three companies - Vodafone, New Dialogue and Big Mobile - involved in the SMS promotional campaign. ...read full article

W.D. Pa.: Compulsory taking of DNA from pretrial detainee violates Fourth Amendment



Compulsory taking of DNA from a pretrial detainee under 42 U.S.C. § 14135a violates the Fourth Amendment. It cannot be supported under special needs, totality of the circumstances, or a compelling governmental interest. United States v. Mitchell, 2009 U.S. Dist. LEXIS 103575 (W.D. Pa. November 6, 2009) ...read full article

ICO investigates Play.com breach



The Information Commissioner's Office has confirmed it is investigating complaints into Play.com. ...read full article

Pentagon chiefs buy net-security early warning system



US weapons megacorp Raytheon is chuffed to announce that it and allied firms have landed a $28m deal from the Pentagon to provide an early-warning system for defence against cyber attacks on military networks. ...read full article

Firefox flaws make up 44% of all browser bugs?



Firefox flaws accounted for nearly half (44 per cent) of all browser bugs in the first half of 2009 - according to a survey which fails to factor in the seriousness of browser flaws. ...read full article

Next generation spammers rise up in Asia, India and Brazil


High-speed broadband allows worldwide miscreanting


A new generation of spammers is rising up in regions such as Asia Pacific, Japan, and South America, and beginning to outstrip their North American counterparts in junk mail output. ...read full article

Google Reader Koobface spotlights security risk 2.0


Threat-resistant workers bypass Web 2.0 roadblocks


...read full article

Security firm chokes sprawling spam botnet



A botnet that was once responsible for an estimated third of the world's spam has been knocked out of commission thanks to researchers from security firm FireEye. ...read full article

Cops: Social Security numbers stolen from Woodbury company



A former employee broke into a Woodbury financial services company, photocopied customers' Social Security numbers and bank reference numbers and took the photocopied data with him when he left, Nassau police said Tuesday. ...read full article


November 9, 2009


Cenzic Web Application Security Trends Report Shows Increase in Hacker Attacks on Web Sites Exploiting Faults in Popular Web Browsers and Software



SANTA CLARA, CA -- (Marketwire) -- 11/09/09 -- Cenzic Inc., the leading provider of Web application security vulnerability assessment and risk management solutions, today released its report revealing the most prominent types of Web application vulnerabilities for the first half of 2009. The report, which includes a list of the 10 vendors with the most severe Web security vulnerabilities, details the steady rise of attacks by hackers targeting these exploits ultimately costing the U.S. billions of dollars in both IT damage and identity theft. Specifically, the report identified over 3,100 total vulnerabilities, which is a 10 percent increase in Web application vulnerabilities compared to the second half of 2008. ...read full article

Data breaches on the increase


PRIVACY: Sixty-five incidents were reported in 2008, leaving personal information exposed for all to see


...read full article

60 Minutes


Sabotaging The System


Could hackers get into the computer systems that run crucial elements of the world's infrastructure, such as the power grids, water works or even a nation's military arsenal? Steve Kroft reports. ...read full article

NY's Cuomo settles with Tagged.com over emails



NEW YORK (Reuters) - New York's attorney general said the operator of Tagged.com would pay $500,000 and overhaul its practices to resolve charges that the social networking site tricked members into providing personal details to lure new members and send out tens of millions of spam emails. ...read full article

AP IMPACT: Framed for child porn by a PC virus



Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography. ...read full article

Eighth Person Pleads Guilty to Illegally Accessing Confidential Passport Files



eighth individual pleaded guilty today to illegally accessing numerous confidential passport application files. Susan Holloman, 58, of Washington, pleaded guilty before U.S. Magistrate Judge Alan Kay in the District of Columbia to a one-count criminal information charging her with unauthorized computer access. Holloman is scheduled to be sentenced on Jan. 21, 2010. ...read full article

Tagged.com tagged for $250k by Texas



Texas Attorney General Greg Abbott today resolved an enforcement action against Tagged, Inc., a social networking site operator that has an estimated two million Texas users. Under an agreed final judgment obtained by the state, Tagged must implement new privacy features and take additional measures to inform users about how the Web site will utilize their personal information. ...read full article

Online Belford Schools Called a Scam



(CN) - An online high school that falsely claims to be accredited charges students $250 for fake diplomas, according to a RICO class action in Detroit Federal Court. The class claims Belford High School refuses to return tuition to students who realize they have been duped. ...read full article

CT AG “appalled’’ at delay in Anthem data theft



The state attorney general is demanding Anthem Blue Cross Blue Shield of Connecticut provide more answers and identity-theft protection for nearly 19,000 health professionals whose confidential data was on a stolen laptop computer. ...read full article

Nastygram: MySpace Phish Plants Spy Software



A new spam campaign targeting MySpace.com users once again illustrates the blended threat from junk e-mail attacks, experts warn. This latest run tries to lure recipients into giving up their MySpace credentials, and then attempts to trick victims into installing password-stealing malicious software. ...read full article


November 7, 2009


ContactPoint database of 11million children’s details to go ahead despite security fears


Every child in England will have their personal details stored on a controversial database despite fears over security and privacy.


Ministers are pressing ahead with the introduction of ContactPoint to every local authority in the country after claiming that a pilot project has proved a success. ...read full article


November 6, 2009


Grand Jury Indicts 9 in Suspected Identity Theft Ring



A grand jury has indicted five men and four women accused of being part of an identity theft and forgery ring that operated in Jefferson County, the Denver area and Colorado Springs. ...read full article

US to Get Data Breach Notification Laws


Commerce agencies in the US will have to notify anyone whose personal information may have been accessed in a breach, when two bills become law


Two bills that address the handling of data breaches have been approved by a The US Senate Committee - and the country also got a new official body for identity protection. ...read full article

Apology as patients' details lost


A hospital trust in Surrey has apologised and banned the use of unencrypted memory sticks after 76 patients' personal details were lost.


The information was contained on three data sticks lost by Ashford and St Peter's Hospitals NHS Trust. ...read full article

Chaminade posted Social Security numbers of thousands of students online



Chaminade University inadvertently posted confidential information, including Social Security numbers, of thousands of students, on its Web site for months, school officials said today. ...read full article

PD: Man stole from health care patients to buy movie tickets



MESA, AZ -- A Banner Health employee has been accused of stealing personal information from hundreds of patients. ...read full article

Class Claims Gamer Swiped Phone Numbers



SAN FRANCISCO (CN) - A maker of games for the Apple iPhone and iPod Touch collected players' phone numbers without their knowledge, according to a federal class action. The class claims Storm8, creator of "iMobster" and "Vampires Live," wrote its software to collect phone numbers automatically when players download the games. ...read full article

New Scams Center On H1N1, Fake IRS Emails



PITTSBURGH (CBS) ? Lately people have been worried about H1N1 flu and when scam artists see that worry, they also see an opportunity to get your cash. ...read full article


November 5, 2009


Men allegedly broke into computers of former employer



Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer. ...read full article

European 'internet freedom' law agreed


Europe is set to get a major overhaul of its telecoms regulation, after the European Parliament and Council of Telecoms Ministers reached a compromise on the rights of internet users across the continent.


The Telecoms Reform Package is a raft of new laws that tackle issues ranging from data-breach notification to faster number porting. Following an agreement reached on Wednesday night, the package will now become part of national legislation in every EU country, with a deadline of May 2011. ...read full article


November 4, 2009


Agencies: Glitch with foreign SS numbers is fixed



(AP) — CONCORD, N.H. - Two federal agencies that put Americans at risk for identity-theft-like problems have fixed a glitch that linked U.S. Social Security numbers to those issued by three foreign countries, officials said. ...read full article

Woman charged with ID Theft and mortgage fraud



In the following press release Michigan Attorney General Mike Cox today announced that his office has filed charges against a Wyoming, MI woman accused of defrauding the Michigan State Housing Development Authority (MSHDA) by fraudulently obtaining a mortgage, defaulting on that mortgage and leaving taxpayers to pick up the tab. ...read full article

Travelers: ID fraud often starts with stolen wallet



With incidents of identity fraud climbing for the second year in a row, Hartford insurer Travelers Cos. is warning consumers that low-tech theft is the most common entry to this 21st-century crime. ...read full article

Police search for man accused of identity theft



PALM BEACH COUNTY, Fla. (WSVN) -- Detectives need help identifying a man they said is stealing people's identities and passing counterfeit checks across South Florida. ...read full article

ISP warns citizens of jury duty scam



PENDLETON, Ind. (WANE) - The Indiana State Police would like to warn citizens of a jury duty scam that has now been reported in 11 states. ...read full article

DHS approves enhanced tribal ID cards



The Homeland Security Department has entered in to agreements with four Native American tribes to produce enhanced identification cards approved for use at U.S. border crossings. ...read full article

Insurer Says SS Numbers May Be On Stolen Laptop


Blue Cross Blue Shield Warns 10,000 NH Providers


CONCORD, N.H. -- Anthem Blue Cross and Blue Shield is warning 10,000 New Hampshire physicians, dentists and other providers that their Social Security numbers may have been stolen. ...read full article

Corporate Breaches Increase Chances Of Consumer ID Theft, Study Says


When their data is leaked by a business, individuals are four times more likely to suffer identity theft, Javelin study says


Consumers who have received data breach notifications within the past year are at a much greater risk for fraud than typical consumers, according to a new study. ...read full article


November 3, 2009


iHacked: jailbroken iPhones compromised, $5 ransom demanded



Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup. ...read full article

Conficker's first birthday looms - seven million IPs still infected



As Conficker approaches the first anniversary of its appearance in the wild, the Shadowserver Foundation says that at least seven million IP addresses - each representing one or more computers - are now infected by the worm. ...read full article

Britons targeted in new online scam


Sellers of high-value products on sites such as eBay and Gumtree are being duped into sending the items without receiving payment


...read full article

Microsoft Warns Online Gamers Of Worm Attacks



Online gamers are the target of a "pervasive" computer worm which steals personal data, Microsoft has warned ...read full article


November 2, 2009


Lifestyle Hackers


Jim Routh and Gary McGraw examine why twenty-somethings skateboard right past security controls, and what it means for employers (i.e. you!)


The insider threat, the bane of computer security and a topic of worried conversation among CSOs, is undergoing significant change. Over the years, the majority of insider threats have carried out attacks in order to line their pockets, punish their colleagues, spy for the enemy or wreak havoc from within. Today's insider threats may have something much less insidious in mind—multitasking and social networking to get their jobs done. ...read full article

Phishing, worms spike this year, say Microsoft and McAfee



Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee. ...read full article

Military lags in safeguarding officers’ identities



The military is playing catch-up on a year-old complaint that hundreds of thousands of officers’ Social Security numbers have been floating around on the Internet. ...read full article

FDIC: Uptick in 'money mule' scams



The Federal Deposit Insurance Corporation (FDIC) is warning financial institutions about an uptick in scams involving unauthorized funds transfers from hacked online bank accounts to so-called "money mules," people hired through work-at-home scams to help cyber criminals overseas launder money. ...read full article

Former YouSendIt chief accused of DoS attack



A former chief executive of file-transfer service YouSendIt has been accused of launching denial-of-service attacks against the company. ...read full article

Wi-Fi firms put onus on users for hotspot security



Wi-Fi hotspot operators have said security is the responsibility of their customers, after the BBC demonstrated a hack of users' email at public open-access hotspots. ...read full article

Google Voice stats revealed through PDF error



Google Voice may not have made it onto the iPhone yet, but the service has still managed to attract more than 1.4 million users. ...read full article

New Trojan encrypts files but leaves no ransom note



Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee. ...read full article

Bank IT Worker Charged In $1.1 Million Fraud


A computer technician has been indicted for stealing the identities of 150 Bank of New York employees, as well as for grand larceny and money laundering.


Adeniyi Adeyemi, 27, of Brooklyn, New York, was charged last week in a 149-count indictment for allegedly using his position as a computer technician to steal the identities of over 150 employees of the Bank of New York Mellon and to subsequently defraud charities, non-profits, and other organizations for more than $1.1 million over an eight year period. ...read full article

FTC allows eight more months for Red Flags compliance



The Federal Trade Commission again is pushing back the deadline for financial institutions and creditors to comply with the Red Flags Rules. ...read full article


 

Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
315.792.3231
drebovich@utica.edu
Utica College
1600 Burrstone Road
Utica, NY 13502