CIMIP - Center for Identity Management and Information Protection

May 2010 News Archive



May 26, 2010


Loma Linda hospital patients' personal information stolen



A thief has stolen personal information regarding more than 500 surgical patients of Loma Linda University Medical Center, according to hospital officials. ...read full article

Facebook to simplify privacy controls Wednesday



Heeding widespread concerns about how much of its users' personal data it shares on the web, Facebook said it will begin implementing simpler privacy settings on Wednesday. ...read full article

Bank, customer settle suit over $800,000 cybertheft


PlainsCapital Bank sued Hillary Machinery after the latter's account was depleted by online thieves


Computerworld - An unusual legal dispute between a Texas bank and a business customer over the online theft of more than $800,000 from the latter's account at the bank has been quietly settled. ...read full article

Webinar: Ready for Data Breaches under the HITECH Act?



Carrying Out Security Breach Incident Risk Assessments Mandated for Covered Entities ...read full article

Lifelock worries after employee data leaked to Web



IDG News Service - It may be OK for identity theft protection vendor Lifelock to publish its CEO's Social Security number, but when it comes to other company employees, that's another story. ...read full article

'Sexting' Suit Tests Search of Student's Cell Phone



The key battle in a high school student's case against school officials who found nude photos of her in her cell phone may be over whether "clearly established law" barred them from rummaging through the contents of the device. ...read full article


May 25, 2010


New Phishing Attack Exploits Tabbed Browsing



Aza Raskin of Mozilla demonstrates a new class of phishing attack in which the attacker is able to use malicious code in one browser tab to completely change the content in another tab on a victim's browser. ...read full article

Answers sought for how man faked way as NCO



DALLAS — A Colorado congressman wants Secretary of Defense Robert Gates to provide answers on how a Texas man apparently tricked the Army into allowing him to enter the reserves as a noncommissioned officer. ...read full article

Google saves, secures Wi-Fi snooping data


But resists more data demands by class-action lawsuit lawyers


Computerworld - Google said that it has secured the data it obtained through its Street View Wi-Fi snooping, but will fight a class-action lawsuit's demand that it turn over more information, court documents showed today. ...read full article

Disbarment Urged for Lawyer Who Billed Fake Clients



The New Jersey Disciplinary Review Board is recommending disbarment for a lawyer who manufactured fake billings for nonexistent clients, first at Fox Rothschild and then at Margolis Edelstein. ...read full article

Queen's speech: Cuts start with ID cards, but broadband still a priority



The Queen has named high-speed broadband roll out and the abolition of the national ID cards project as priorities for the coalition government in the coming 18 months. ...read full article

ID Analytics Secures Identity-Based Fraud Detection Patent


Company Receives Third Patent from U.S. Patent and Trademark Office for New Detection System and Method Using Historical Identity Records


SAN DIEGO, CA, May 25, 2010 –ID Analytics, Inc., the leader in on-demand identity intelligence, announced today that the U.S. Patent and Trademark Office granted the issuance of U.S. Patent Number 7,686,214 for the company’s system and method for fraud detection using multiple historical identity records. This patent recognizes ID Analytics’ innovative technical approach to assembling a consumer identity network and producing highly-predictive insight into a consumer’s behavior over time and across multiple industries. ...read full article

BABIES' DNA IN SECRET VAULTS



BLOOD samples from millions of newborn babies are being stored without their parents’ knowledge, it emerged yesterday. ...read full article

GOLDEN YEARS TARNISHED WHEN FRAUD, IDENTITY THEFT STRIKES SENIORS



WASHINGTON, DC, May 25, 2010 –ITAC, the Identity Theft Assistance Center, today offered advice for families and caregivers on detecting the signs of fraud and identity theft against older or vulnerable adults. ...read full article


May 24, 2010


Gang called Avalanche blamed for most phishing attacks



IDG News Service - A new report blames a single Eastern European gang for about two-thirds of all phishing attacks conducted in the second half of 2009. ...read full article

Why people lie about military service



NEW HAVEN, Conn. — U.S. Senate candidate Richard Blumenthal acknowledged he misstated his service in Vietnam, said he made mistakes, regretted them and took responsibility. ...read full article

Rogue Facebook apps launch 'beach babes' attack


Second weekend in a row Facebook users have had to fend off major malware attacks


Computerworld - Another attack using rogue Facebook applications hit users' PCs Saturday in a virtual repeat of last weekend's massive assault, security researchers said. ...read full article

Hackers can delete Facebook friends, thanks to flaw



IDG News Service - A bug in Facebook's Web site lets hackers delete Facebook friends without permission. ...read full article

Facebook fixes bug that allowed friend deletion



IDG News Service - Facebook has fixed a flaw that let hackers delete Facebook friends without permission. ...read full article

Duchess of York apologises after paper sting



LONDON (AFP) – The Duchess of York apologised Sunday for a "serious lapse in judgment" after she was caught in a newspaper sting apparently offering access to ex-husband Prince Andrew in exchange for cash. ...read full article

Regina recycling company loses confidential medical records



REGINA — Brad Smith was a little surprised to discover several pieces of medical information strewn across a city street during his walk to work through an industrial area Thursday morning. ...read full article

Workers concerned over privacy breach



A Saskatoon FedEx worker is concerned about a privacy breach where the addresses of about 25 local employees were leaked from Saskatchewan Government Insurance (SGI) to the union trying to organize the global courier service. ...read full article

New Threat For Wireless Networks: Typhoid Adware


Some users could become "carriers," unknowingly passing infections to others, university researchers say


There's a potential threat lurking in your Internet cafe, say University of Calgary computer science researchers: Typhoid adware. ...read full article

ID Theft Victims Spending Less In Cleanup Aftermath


New Identity Theft Resource Center (ITRC) report shows victims spending less time, money to clear their names


Nearly one-third of all identity theft victims say they are unable to completely clear up damaged credit or criminal records in the aftermath of their identities being abused. But the good news is they're spending much less time and money cleaning up the fraud perpetrated against them in their names, according to a newly released report. ...read full article


May 21, 2010


Astute NJ mom outs Census worker as sex offender



CAMDEN, N.J. -- A New Jersey mother who recognized the face of a Census worker from the state's online database of sex offenders called police, leading to charges that the man used a fake name and Social Security number to get the government job. ...read full article

Strong notifies patients their bills may have gone to other people



About half of the 2,500 patient bills Strong Memorial Hospital mailed on April 19 went to the wrong patients, and this week the hospital sent letters apologizing to affected people and telling them to be alert to any possible misuse of their information. ...read full article

Social networking sites passing on user data to ad agencies



Several social networking sites - including Facebook and MySpace - have apparently been sending users' data to advertising agencies - in spite of all the assurances and promises that this information is not shared with anyone without having previously asked the users for consent and receiving a thumbs-up. ...read full article

Texas man faked way into Army as an NCO



FORT WORTH, Texas — A Texas man with no military experience managed to trick the Army into letting him enter a reserve unit as a noncommissioned officer earlier this year, putting an untrained soldier in a leadership position in a time of war, an Associated Press investigation has found. ...read full article

Five Ways to Keep Online Criminals at Bay



THE Web is a fount of information, a busy marketplace, a thriving social scene — and a den of criminal activity. ...read full article

Calif. Lawyer's Name Stolen for Scam



Mohamed Salem knew something was amiss when his fax machine spit out the foreclosure documents from a Sacramento lawyer. ...read full article

Former Big Firm Lawyer Suspended for 3 Years Over Fake Resume



Illinois authorities have finally come to a conclusion: A lawyer who worked at three Am Law 100 firms will be suspended from practicing law for three years for leaving crucial information out of his law school application -- including having been kicked out of medical school -- and for altering his transcripts to land a summer associate gig at Sidley Austin. ...read full article


May 20, 2010


3,800 vets affected by latest VA data breaches



More than 3,800 veterans had their personal information compromised last month in two data breaches that have led to renewed criticism of the Veterans Affairs Department’s data security. ...read full article

Hacker McKinnon to stay in UK, for now



Self-confessed hacker Gary McKinnon will stay in the UK for the foreseeable future following home secretary Theresa May's decision to adjourn a judicial review of his case due next week. ...read full article

Judge permanently shuts down ISP catering to spam, porn



IDG News Service - A federal judge has ordered the permanent closure of an Internet service provider long accused of hosting and distributing spam, spyware, child pornography and other illegal content, at the request of the U.S. Federal Trade Commission. ...read full article

Microsoft touts Hotmail security adds; users complain of account hacks


Details plans to beef up e-mail service's security; users wish they were in place now


Computerworld - Microsoft will beef up security in the revamped Windows Live Hotmail, including tying a user's account to a specific PC, a company executive said today. ...read full article

Microsoft chases 'click laundering'



IDG News Service - Microsoft said it has uncovered a new kind of click fraud, filing two lawsuits against people it says are using the scam. ...read full article

Heartland, MasterCard settle over data breach



IDG News Service - Heartland Payment Systems has made a third settlement deal, this time with MasterCard, related to a massive data breach two years ago at the card payments processor. ...read full article

LifeLock identity theft service a game changer, insists embattled CEO


Todd Davis defends his company following reports that say he was a victim of ID theft 13 times


Computerworld - As CEO of LifeLock Inc., Todd Davis has been in the news lately for all the wrong reasons. Two months ago, the Federal Trade Commission slammed his company with a $12 million fine for deceptive advertising practices. ...read full article

Former Mass. Assistant AG Charged Over Solicitation of Investors for Ponzi Scheme



A former Massachusetts assistant attorney general, his business partner and their company face a purported class action filed in Massachusetts Superior Court for funneling investors to a man charged with running a Ponzi scheme. ...read full article


May 19, 2010


VA breaches more numerous than we knew



Miami VA Healthcare System wasn’t the only VA center that experienced a breach involving paper records containing protected health information on January 19 of this year. According to OCR’s web site, VA Eastern Colorado Health Care System also experienced a breach involving paper records ...read full article

LifeLock CEO said to be victim of identity theft 13 times


Publicly posting SSN resulted in Todd Davis' identity being misused


Computerworld - A CEO who publicly posted his Social Security number on billboards and TV commercials as part of a campaign to promote his company's credit monitoring services was the victim of identity theft at least 13 times, a news report says. ...read full article

60% of Facebook users consider leaving over privacy



Will changes to Facebook's privacy settings be enough to address user concerns? ...read full article

Phishing page steals prepaid debit card account information



Many people don't have a regular or a big enough income to receive a debit card, but would still like to have one since it can be really handy when settling bills or shopping online. The answer to this problem? Prepaid debit cards. ...read full article

Laptop With Patients’ Information Stolen



OCONEE COUNTY, S.C. -- A laptop containing information on more than 600 patients at an Oconee County physicians’ practice was stolen a week ago -- and now patients are being warned about the theft. ...read full article

Students to see photos snapped in Pa. school 'spying' case


Judge lets students view the nearly 58,000 images before parents get their chance


Computerworld - Students in two suburban Philadelphia high schools will be allowed to view photographs taken by their school-issued laptops, and may preview them first before deciding which images their parents may see, according to a court order issued Friday. ...read full article

Privacy expert: It's good PR to say no to the government



IDG News Service - A leading privacy researcher is urging companies to say no to government requests for data, arguing that it's good for business. ...read full article

Man charged with attack on Web site of Fox News' Bill O'Reilly



Series of DDoS attacks in March 2007 hit conservatives Rudy Giuliani, Anne Coulter and the University of Akron too, prosecutors say ...read full article

Facebook fixing embarrassing privacy bug


Facebook worked with Alert Logic to fix the cross-site request forgery bug


IDG News Service - Facebook is fixing a Web programming bug that could have allowed hackers to alter profile pages or make restricted information public. ...read full article

Research: 1.3 Million Malicious Ads Viewed Daily



The true extent of the malvertizing scourge became much clearer this week with the release of new research by Dasient which shows that about 1.3 million malicious ads are being viewed online everyday, most pushing drive-by downloads and fake security software. ...read full article


May 18, 2010


P2P networks a treasure trove of leaked health care data, study finds


Eight months after passage of HITECH Act, data leaks still a problem in health care industry


Computerworld - Nearly eight months after new rules were enacted requiring stronger protection of health care information, organizations are still leaking such data on file-sharing networks, a study by Dartmouth College's Tuck School of Business has found. ...read full article

FTC asked to investigate Google Wi-Fi 'snooping'



IDG News Service - A consumer group has called on the U.S. Federal Trade Commission to investigate Google after the search company revealed that it had been collecting people's Internet communications from open wireless networks. ...read full article

Huge 'sexiest video ever' attack hits Facebook


'Stunning' attack targeted Internet Explorer users, planted adware on victims' PCs


Computerworld - A huge attack by a rogue Facebook application last weekend infected users' PCs with popup-spewing adware, a security researcher said Monday. ...read full article

Qchex.com Owes $535K for Delivering Bad Checks



(CN) - The 9th Circuit upheld an order requiring Qchex.com to hand over profits of more than $535,000 after fraudsters and con artists used the Web site to issue hundreds of thousands of unauthorized checks. ...read full article

Can't Wait That Long, Ponzi Victims Say



PHILADELPHIA (CN) - A class action claims Lizette Morice and her company, Gaddel Enterprises, bilked thousands of people in a $7.3 million Ponzi scam, to which she pleaded guilty, and offered to pay restitution of $25 per quarter, which would allow her to pay it off in 72,000 years. The class sued 106 "winner defendants" who allegedly "reaped enormous profits" from the scheme, in Philadelphia Federal Court. ...read full article

German and US authorities to investigate Google’s collection of private Wi-Fi data



German and US authorities are to investigate Google after the firm admitted that it collected data sent over Wi-Fi networks using mobile units gathering images for Google's Street View service. ...read full article

Justices Rule on Prison Time for Juveniles, Sex Offenders



In a pair of major criminal law decisions on Monday, the U.S. Supreme Court ruled that the Eighth Amendment does not allow sentences of life in prison without parole for juveniles who committed nonhomicide crimes and upheld a federal law permitting sexually dangerous inmates to be confined beyond their prison terms. In the juvenile case, Graham v. Florida (pdf), the Court said, "A state need not guarantee the offender eventual release, but if it imposes the sentence of life, it must provide him or her with some realistic opportunity to obtain release before the end of that term." ...read full article

Prosecutor: Former Harvard student faked prestigious academic career



A former Harvard University student compiled world-class academic credentials -- including perfect grades and two prestigious Harvard prizes -- by fabricating his own history and plagiarizing others' work, according to a Massachusetts prosecutor. ...read full article

Lawyers Suspended for Ignoring 'Warning Signs' of Partner's $17 Million Fraud



An attorney accused of ignoring "multiple warning signs" of a $17 million fraud carried out by his former partner has been suspended from the practice of law for three years. ...read full article


May 17, 2010


Supreme Court: Sex offenders can be held indefinitely



The Supreme Court ruled Monday the federal government has the power to indefinitely keep some sex offenders behind bars after they have served their sentences, if officials determine those inmates may prove "sexually dangerous" in the future. ...read full article

Google says Street View cars collected WiFi data by mistake



Google has admitted that it mistakenly collected data sent over WiFi networks using its Street View cars gathering images for Google's controversial Street View service. ...read full article

Security guard pleads guilty to hacking his employer



IDG News Service - A former security guard has pleaded guilty to charges that he broke into his employer's computers while working the night shift at a Dallas hospital. ...read full article

Phishing scam hits thousands on Twitter



A phishing scam is targeting thousands of Twitter users hoping to increase their number of followers. ...read full article

Double Jeopardy May Apply to Former Adelphia Executives



Two former executives of Adelphia Communications Corp. may be entitled to dismissal on double jeopardy grounds of the conspiracy charges lodged against them in a second indictment now that the 3rd U.S. Circuit Court of Appeals has voted 7-4 in their favor. ...read full article

Smart Money: Is Your Favorite Charity Spying on You?



Whether a patient comes in for a gall-bladder operation or to have a baby, the routine remains the same for staff at Sharp HealthCare hospitals in San Diego. The front desk checks insurance records to make sure the bills get paid on time. Nurses take vitals and tag their charges with a bar-coded wristband. And behind the scenes, fund-raisers scan the assets of each patient -- to find out whether they're "megarich," "wealthy" or merely "comfortable." ...read full article

Release of Random Drug Testing Results Raise HIPAA Challenge



Fire Lieutenant Shawn Baptist was fired last year from the Zephyrhills, Florida Fire Department after he allegedly failed a random drug test on February 23, 2009. He is challenging the termination as well as the results of the test through grievance arbitration. In addition he filed suit last week alleging the public release of his medical tests violated HIPAA and state medical privacy laws. ...read full article

Tyler Perry's Credit Card Number Stolen



ATLANTA -- Atlanta-based movie mogul Tyler Perry isn’t used to producing horror movies, but he’s living the real-life horror of credit card fraud. ...read full article


May 14, 2010


2009 Health Care Fraud Report Released



Today, Attorney General Eric Holder and U.S. Department of Health and Human Services Secretary Kathleen Sebelius announced the results of the 2009 Health Care Fraud and Abuse Control Program Annual Report (HCFAC), which outlines the last fiscal year’s health care fraud prevention and enforcement achievements. ...read full article

Ukrainian arrested in India on TJX data-theft charges



IDG News Service - A Ukrainian national has been arrested in India in connection with the most notorious hacking incident in U.S. history. ...read full article

Facebook adds security tools amid growing privacy storm



Facebook has added new security tools to prevent hacking and held a staff meeting amid a growing storm about privacy at the social networking company. ...read full article

US military considers responses to cyber attack



The US military is to consider a military response in cases of cyber attacks against the US, according to a Pentagon official. ...read full article

Facebook IDs hacker who tried to sell 1.5M accounts



IDG News Service - Facebook has identified the hacker named Kirllos who tried to sell 1.5 million Facebook accounts recently in underground hacking forums. According to the investigators at the social networking site, he's guilty of both hacking and hyperbole. ...read full article

Car hackers can kill brakes, engine, and more



IDG News Service - University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. ...read full article

Sixth Individual Pleads Guilty for Role in $14.5 Million Medicare Home Health Care Fraud Scheme



WASHINGTON – Detroit-area resident Christopher Collins pleaded guilty today for his participation in a $14.5 million fraudulent Medicare home health care scheme, the Departments of Justice and Health and Human Services (HHS) announced. ...read full article

Information on 207,000 Army Reservists Stolen


Laptop Containing Names, Addresses, SSNs Taken from Contractor


A laptop containing the names, address and Social Security numbers of more than 207,000 Army reservists has been stolen from a government contractor in Georgia, the Army Reserves confirmed Thursday. ...read full article

Hospital patients’ data on stolen laptop



THE theft of a laptop containing sensitive patient information from Peterborough District Hospital (PDH) has sparked a major security review. ...read full article

Latvian "Robin Hood" hacker's identity revealed



The identity of the Latvian hacker who, earlier this year, hacked and publicly disclosed tax office data showing that state officials were still getting a enormous salaries in spite of the official government policy of cutting corners, has been revealed by the Latvian police. ...read full article

UCSF employee charged with wire fraud



SAN JOSE -- A UCSF Medical Center employee has been charged in federal court with wire fraud for allegedly using the Social Security numbers of fellow workers to complete online health surveys so that he could receive hundreds of $100 vouchers. ...read full article

SEC Warns About Bogus Operator



WASHINGTON (CN) - The SEC has issued an "Investor Alert" about a company that calls itself the "U.S. Securities and Equities Administration." The company claims to operate out of Boston and operates a Web site in which it claims that, for money in advance, it can remove restrictions on stock or get people government money, the SEC says. ...read full article

Two Headed to Prison in O.C. Ponzi



SANTA ANA, Calif. (CN) - An Orange County man was sentenced to 10 years in federal prison for a Ponzi scheme he ran with an attorney that took $61 million from 140 investors before it crashed. James Halstead, 63, of Tustin, also was ordered to pay $14.5 million in restitution. ...read full article

Money Sought from $900M Ponzi Scheme



PHOENIX (CN) - Two Phoenix-based real estate investment groups defrauded more than 2,000 investors of $900 million, a class action claims in Federal Court. The class claims Mortgages Ltd. and Radical Bunny were aided by law firms Greenberg Traurig and Quarles & Brady, which helped create false and misleading documents to cover up the Ponzi scheme. ...read full article

$2 Billion Fraud Alleged at Iceland Bank



MANHATTAN (CN) - A "cabal of businessmen led by a convicted white collar criminal" drained more than $2 billion from a now-bankrupt Icelandic bank "to fill their pockets and prop up their own failing companies," the bank, Glitnir Banki, claims in New York County Court. ...read full article

UK to kill national ID card program



IDG News Service - The U.K.'s new coalition government plans to cancel the national ID card program, calling it part of a "substantial erosion of civil liberties" that took place under the former Labour government. ...read full article

Latvian police decline to hold database hacker



IDG News Service - Latvian law enforcement officials are close to finishing their investigation of an artificial intelligence researcher who gained access to a government database, releasing sensitive salary information on Twitter. ...read full article


May 13, 2010


Senate OKs military family anti-scam measure



BOSTON — The U.S. Senate has approved legislation designed to help prevent the families of military personnel from falling prey to predatory lenders. ...read full article

Hackers use web servers to deliver more powerful DDoS attacks



Cyber criminals are using a new type of distributed denial of service (DDoS) attack that is more powerful and elusive than any predecessors, says security firm Imperva. ...read full article

Cybercriminals exploit Google Groups



Cybercriminals are using Google Groups to distribute rogue anti-virus software and other malware, according to researchers at security firm eSoft. ...read full article

Report blames 'Avalanche' group for most phishing



IDG News Service - A new report blames a single Eastern European gang for about two-thirds of all phishing attempts conducted in the last half of 2009. ...read full article

$3 Million Complaint for 'Web Scraping'



ALEXANDRIA, Va. (CN) - A corporate event planner claims a competitor used robot "Web scraping" computer programs to rip off its Web site and steal a valuable database of meeting venues around the world. Cvent demands $3 million, plus punitive damages, from Eventbrite, in Federal Court. ...read full article

4 things Facebook doesn't tell you about your privacy and security



Experts say read between the lines of the Facebook experience and you may still discover some unsettling factors ...read full article

9 Indicted In Obama Record Breach


Indictment Claims Workers Checked President's Student Loan Records


DES MOINES, Iowa -- Nine people have been indicated in federal court on charges they accessed President Barack Obama's student loan records while employed for a Department of Education contractor in Iowa. ...read full article

Software Insecurity is Our Biggest Weakness



ST. PAUL, MINN.--If the United States wants to remain competitive in the global economy and prevent widespread penetrations of its strategic, corporate and commercial networks, enterprises and government agencies should stop relying on commercial software and go back to writing more of their own custom code, a security expert said Tuesday. ...read full article

'Tamper evident' CPU warns of malicious backdoors


Like shrink wrap for your microprocessor


Scientists have devised a chip design to ensure microprocessors haven't been surreptitiously equipped with malicious backdoors that could be used to siphon sensitive information or receive instructions from adversaries. ...read full article

PlayStation site hacker avoids jail



A teenage hacker who took the official PlayStation site offline after he was banned from playing for cheating has avoided a jail sentence. ...read full article


May 12, 2010


Update: Senate confirms Alexander as chief of U.S. Cyber Command



Computerworld - The U.S. Senate has approved Lt. Gen. Keith Alexander, director of the National Security Agency, to also head the military's recently created U.S. Cyber Command. ...read full article

Visa fraud alert puts banks, payment processors on guard


It warns of a coming fraudulent batch settlement attempt


Computerworld - Visa Inc. last week sent a fraud alert to banks and payment processors warning them to look out for a "large batch settlement fraud scheme" involving a merchant account in East Europe. ...read full article

Judge won't accept pleas in Jackson Memorial Hospital ID theft case



A husband-and-wife duo charged with running a racket to pilfer patient records from Jackson Memorial Hospital to sell to lawyers for injury claims tried to plead guilty Tuesday in Miami federal court. ...read full article

Storage of newborns’ blood samples raises privacy concerns



It’s a routine test conducted on newborns – a quick needle prick to the heel to test for a range of health disorders and diseases before an infant is discharged. ...read full article

Medicaid clients alerted about security breach



The New Mexico Human Services Department said Tuesday that about 9,600 members of its Salud! Medicaid plan and fee for service members might have had their personal information, including Social Security numbers, compromised. ...read full article

Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With ‘Instant Personalization’



As if Facebook’s Instant Personalization needed another knock against it, tonight comes news of a security issue that makes the feature even more unnerving. Web security consultant George Deglin discovered an exploit that would allow a malicious site to immediately harvest a Facebook user’s name, email, and data shared with ‘everyone’ on Facebook, with no action required on the user’s part. This specific exploit has been patched, and no user data was compromised, but the security problems behind it remain. ...read full article

Settlement reached with Md. payment processor


Firm allegedly failed to properly dispose of consumers' personal information


Maryland's consumer protection division announced Monday that it reached a $20,000 settlement with payment processor MAP, LLC for allegedly failing to properly dispose of consumers' personal information. ...read full article

Goldman Sachs Sued For Illegal Database Access



Employees at Goldman allegedly used misappropriated credentials to grab intellectual property from market intelligence service's database ...read full article


May 11, 2010


Heartland breach expenses pegged at $140M -- so far


That amount includes $42M to fund future settlements


Computerworld - The costs to Heartland Payment Systems Inc. from the massive data breach that it disclosed in January 2009 appear to be steadily adding up. ...read full article

Windows 7 'compatibility checker' is a Trojan



A fake email with the Trojan lifts text from a Microsoft Web site about the real software ...read full article

Law Firm Probed Over 'False' Documents Filed in Foreclosure Cases



Fla. AG's office has received dozens of homeowner complaints about questionable court documents filed by firm's lawyers, according to a source ...read full article

Execs at Faith-Based Bank Charged With Fraud



ATLANTA, Ga. (CN) - Two former executives of a "faith-based bank" are accused of loaning more than $80 million to a hotel developer, despite knowing that he would spend the money on himself, including buying a $1.5 million private island in the Bahamas. The federal indictment accuses former Integrity Bank executives Douglas Ballard, 40, and Joseph Foster, 42, of awarding bogus loans to hotel developer Guy Mitchell, 50, of Coral Gables, Fla. ...read full article

A failure to protect medical privacy



For the third time in recent months, Tampa Bay citizens have found themselves the unwanted recipients of patients' private medical records. What's more, in two cases, the recipients' efforts to restore patients' privacy were rebuffed, suggesting the federal Health Insurance Portability and Accountability Act (HIPAA) is falling far short of its promise to protect and enforce patient privacy. ...read full article

National Bank again targeted in scam



The National Bank of Blacksburg has been the target again of a scam that attempts to obtain confidential account information from residents. ...read full article

New attack tactic sidesteps Windows security software


'Very serious' says one antivirus exec, especially for Windows XP users


Computerworld - A just-published attack tactic that bypasses the security protections of most current antivirus software is a "very serious" problem, an executive at one unaffected company said today. ...read full article

Researcher reveals Safari zero-day bug


Drive-by exploit confirmed in Windows version of Apple's browser


Computerworld - Apple's Safari browser contains a critical, unpatched bug that attackers can use to infect Windows PCs with malicious code, researchers at US-CERT and other security firms said today. ...read full article

Pirates cost software firms $51bn, but less than expected



The world's software industry lost $51bn to piracy in 2009 as the unlicensed software rate rose to 43%, but losses were less than expected, the Business Software Alliance said today. ...read full article


May 10, 2010


Dodgy Facebook pages used to power 'spam a friend' joke scam



Dubious Facebook pages host rogue Javascript code that creates a means for miscreants to spam people on a user’s friends list, security researchers warn. ...read full article

Mass. pair accused of cheating Medicaid out of more than $100,000



Officials in Massachusetts say there is no way a personal care attendant could have offered his services to a local couple who billed Medicaid for those services due to one simple fact: he was incarcerated. ...read full article


May 7, 2010


Bill would require most government docs to be online



IDG News Service - A U.S. senator has introduced legislation that would require U.S. government agencies to post all public documents online in a free, searchable database. ...read full article

Q&A: Facebook exec defends site's privacy policies



Beard talks about Facebook controls, user desires and CEO Zuckerberg's reported privacy beliefs ...read full article

ATM Hacker Arrested, Thanks to Reformed Con Man



Is a reformed con artist really a reformed con artist if he cons another criminal into a federal sting operation? That's the question Thor Alexander Morris must be asking himself after ending up on the wrong side of an undercover FBI investigation. The 19-year-old grocery store worker from North ...read full article

Laval police stop phoney debit-card scam



MONTREAL - Laval police say they have broken up a fraudulant debit-card ring. ...read full article

Spammers ordered to pay tiny ISP whopping $2.6m



A small internet service provider has been awarded nearly $2.6m in a lawsuit it filed against a company that sent just under 25,000 spam messages over an 18-month period. ...read full article

Scammers attempt to cash in on volcanic ash travel chaos



Scammers are hoping to hoodwink travellers who were stranded by the volcanic ash cloud last month as fresh plumes have disrupted flights once more in the UK. ...read full article


May 6, 2010


Facebook security flaw makes private chats public



Facebook is dealing with the fallout of a security hole that gave users the ability to see what their friends were saying to others during private chats ...read full article

Lawmakers consider changes to wiretapping law to protect cloud services



E-mail, cloud app users deserve the same protections from searches as with laptops, witnesses tell House subcommittee ...read full article

The DDoS attack survival guide



How botnets and application vulnerabilities have made DDoS attacks more damaging than ever before, and what you can do to fight back. ...read full article

Hacker develops multi-platform rootkit for ATMs



IDG News Service - One year after his Black Hat talk on Automated Teller Machine security vulnerabilities was yanked by his employer, security researcher Barnaby Jack plans to deliver the talk and disclose a new ATM rootkit at the computer security conference. ...read full article

Hospital Data Breach in Kentucky Affects Thousands



Officials at Our Lady Peace, a 278-bed psychiatric hospital in Louisville, Ky., are racing to notify more than 24,000 patients that a flash drive containing some of their most personal and important information has been missing for more than a month. ...read full article

Disbarred Attorney Draws Prison Sentence for Guardianship Thefts



A former attorney who said he never meant to steal from the guardianship accounts of the mentally disabled and elderly individuals he was entrusted to protect was sentenced Tuesday to five to 15 years in prison. ...read full article

N.Y. Courts Tackle Electronic Defamation



Blogs and personal web pages, such as on MySpace and Facebook, provide a broad stage to spread potentially defamatory statements. Thus, care must be taken when posting content on social media. Postings can take just seconds to compose and frequently little thought is given to what is being stated and its consequences, especially where such communication may reach an audience of millions, virtually instantaneously. ...read full article

7 arrested in O.C. counterfeit credit card case



Seven people have been arrested in connection with the creation and use of fraudulent credit cards around Orange County. ...read full article

Texas life settlement firm, run by ‘recidivist,’ put in receivership



The Texas State Securities Board has been granted receivership of a life settlements firm accused of fraud in collecting $65 million from investors and using deceptive practices in the sale of investments tied to insurance death benefits. ...read full article

China state news agency Web site hit with malware



IDG News Service - A section of the Web site for China's state-run Xinhua news agency was found to be distributing malware last month, according to a Google malware scanning service that is still labeling the site as potentially harmful. ...read full article


May 5, 2010


Cybercriminals trading in large volumes of Facebook accounts, say researchers



Cybercriminals are selling fake and stolen accounts on social networking site Facebook in bulk in the underground economy, according to security researchers. ...read full article

Lawmakers unveil online privacy bill



IDG News Service - Two U.S. lawmakers have released a draft bill that would require companies that collect personal information from customers to disclose how they collect and share that information, but several privacy and consumer groups said the proposal would legalize current privacy violations online. ...read full article

Ponzi Man Preyed on Old-Timers, SEC Says



ALBANY, N.Y. (CN) - A Troy, N.Y. man took $6.5 million from senior citizens by promising "guaranteed" annual returns of more than 9 percent, and many of his victims are still unaware that they've been ripped off, the SEC claims in Federal Court. ...read full article

N.Y. bomb plot highlights limitations of data mining


Like weather forecasting, data mining can predict major storms but not where each drop will fall


Saturday's botched bombing attempt in New York City provides an example of why the use of data mining approaches to uncover potential terrorism plots is a little like weather forecasting. ...read full article

Bank Abetted $35M Ponzi, Investors Say



KANSAS CITY, Mo. (CN) - A "willfully blind" Hillcrest Bank allowed a developer to run a $35 million Ponzi scheme, jilted investors claim in Jackson County Court. The Quintero Community Association and five members or owners say they were victimized by Gary McClung, and that Hillcrest looked the other way as McClung ran the scheme through Hillcrest accounts. ...read full article

$10 Million Ponzi Claim in Upstate N.Y.



NEW CITY, N.Y. (CN) - Six investors say they lost more than $10 million in a Ponzi scheme. Delaware Charter Guarantee & Trust dba Principal Trust was supposed to administer the investors' pension plan, but the securities brokerage reported false gains during the recession and paid off old investors with new money, according to the complaint in Rockland County Court. ...read full article

HHS Requests Comments on HITECH Accounting of Disclosures Requirements



In today’s Federal Register, the Department of Health and Human Services (“HHS”) published a request for information (“RFI”) regarding the HITECH accounting of disclosures provisions. The Department is collecting information to help inform its rulemaking. Building on the current HIPAA accounting of disclosure requirements, HHS is required to issue regulations concerning what information should be collected about disclosures for treatment, payment, and health care operations made through an electronic health record. ...read full article

Health records found in Asda car park



A member of staff has been suspended after medical records belonging to patients at a secure hospital near Falkirk were found in a car park. ...read full article

Patients' medical records stolen at suburban company



May 3, 2010 (CHICAGO) (WLS) -- Health records belonging to patients were stolen in a break-in at a suburban medical billing company. ...read full article

Judge Strikes Down Florida's Police Privacy Law


Federal judge rules publishing addresses and phone numbers is not a crime


A federal judge has struck down a Florida law as unconstitutional and word is spreading quickly among law enforcement officers today. ...read full article

Threat Level Privacy, Crime and Security Online Former Con Man Helps Feds Thwart Alleged ATM Hacking Spree



A North Carolina grocery worker is being held without bail in Houston on attempted computer hacking charges after inadvertently partnering with an undercover FBI agent in an alleged citywide ATM-reprogramming caper. ...read full article

Russian hacker 'Kirllos' not in NZ



Reports that the hacker known as Kirllos was living in New Zealand and attempting to sell the login details of social network website users were wrong and the hacker had no link to New Zealand, Detective Senior Sergeant John van den Heuvel of the National Cyber Crime Centre said on Tuesday. ...read full article

1.5 million 'hacked' Facebook profiles up for sale



A hacker has reportedly put 1.5 million stolen Facebook accounts up for sale on the black market, according to a media report on Wednesday. ...read full article

World Cup set to kick off cyber scams



Security software publisher Symantec has alerted soccer fans to Internet scams relating to the upcoming World Cup, launching a website, http://www.2010net threat.com, to detail the dangers. ...read full article

E-crime in Wales 'more than doubled'



The number of victims of cyber crime in Wales has more than doubled since last year, an online safety group says. ...read full article

Criminals using Facebook for identity theft



Over the past few months thousands of Facebook users report receiving messages or friend requests from people they don’t know. ...read full article

FBI Foils Attempted ATM Hack



A North Carolina man was arrested in Houston, TX in April after he tried to hack into an ATM and change its passcode, according to the FBI. Thor Alexander Morris, 19, was arrested at a flea market after trying to enter a default administrative passcode on a Tranax Mini-Bank ATM. ...read full article

Sacramento woman used fake IDs to make 244 hospital visits



J. Alan Cates is the former Chief of California's Medi-Cal Fraud Prevention Bureau and a colleague of mine in the San Francisco chapter of the Association of Certified Fraud Examiners. He's also a highly knowledgeable expert in health-care fraud, most of which, he says, is just another form of identity theft. ...read full article


May 4, 2010


Notorious credit card tactic banned



Shopping online became a little safer this weekend when Visa banned a long-standing practice that Sen. Jay Rockefeller had blasted as “deceptive,” saying it triggered $1.4 billion in unauthorized charges on 30 million Americans' credit card bills. ...read full article

Data breach reports now posted online



Most health care information leaks have involved electronic systems, but some were paper-based. ...read full article

Half of social networkers post risky information, study finds


Consumer Reports survey finds social network use in U.S. doubled over the past year


Computerworld - More than half of all users of social networks in the U.S. are posting information that could put them at risk from cybercriminals, according to a Consumer Reports study. ...read full article

US Treasury Web sites hacked, serving malware



IDG News Service - Three Web sites belonging to the U.S. Department of the Treasury have been hacked to attack visitors with malicious software, security vendor AVG says. ...read full article

New IM Worm Spreading Fast



Aggressive new variant of an older worm circulating around Yahoo Messenger lets attacker take over a victim's machine ...read full article

An information security blueprint, part 1



Symantec's Francis deSouza lays out the requirements for a more practical way of addressing information security threats ...read full article

Latest scams and how to avoid them



Over the years, we have come to rely on the Internet to fulfill many of our needs - the need to keep in touch with our friends and colleagues, the need to save time and our nerves when doing shopping, executing financial transactions, submitting our tax returns, and many other things we did before in person or by phone. ...read full article

UK Cyber Security Challenge holed before launch



In the autumn the Cyber Security Challenge UK web site will allow candidates to register to participate in a programme designed to identify and nurture the future cyber security workforce. Unfortunately the site was found to have an embarrassing XSS vulnerability, just days after launching at InfoSecurity Europe. According to a report by Netcraft it was possible to inject JavaScript into the site's title and h2 elements by appending the injected code to the site's URL. ...read full article

Ponzi Defendant Accused of Duping Autistic Man & Family of $2 Million



(CN) - A man charged in California with running a Ponzi scheme has been sued again, in Cook County, accused of forging a signature to take $2 million from an autistic man and his family. "Defendant John Terzakis was indicted by a federal grand jury in San Jose, California, on Dec. 30, 2009," accused of running a real estate-based Ponzi scheme, according to the new complaint in Chicago. ...read full article

Report blames IT staff for school Webcam 'spying' mess


Pa. school district's former IT head dismissed privacy worries of student intern in '08


Computerworld - The IT department of the Pennsylvania school district accused of spying on students using their school-issued laptops took the brunt of the blame in an independent report released Monday. ...read full article


May 3, 2010


British victim of 'romance fraud' tells of ordeal



Sarah Cook thought she had met someone special. The mother of two children had done what many lonely Britons do, and registered with an internet dating site. ...read full article

Australia to sign international cybercrime treaty



The Federal Government has announced plans to sign an international treaty designed to facilitate the identification, extradition and conviction of cybercriminals around the world ...read full article

Hackensack’s top cop charged with insurance fraud, relieved of duties



One day after being booked on insurance fraud charges, the police chief of Hackensack, N.J., was removed in his role overseeing the department. ...read full article

Hospital fulfills subpoena, gets hit with privacy suit



Patient privacy is no doubt paramount in any physician practice. But when a subpoena suddenly is thrust into the physician-patient relationship, doctors may find themselves caught between the law and their privacy obligations. ...read full article

Who Owns All the Data in the Workplace?



Ten years ago employees wondered if their employers could look through their purses merely because they brought them to work. Today employees ask whether their employers own all electronic data created, viewed, or stored on their work computers and BlackBerrys. ...read full article

Forged checks pass flawed examination process



he recent cases of two Texan women who had their personal information and checking account numbers stolen and used to validate bogus checks, have brought into the spotlight a questionable check processing methodology used by some retailers and banks. According to CBS11TV, the method practically allows identity thieves to shot down any possibility of investigation because of a lack of actual evidence, and makes the retailers and the financial institutions unwitting accomplices in the crime. ...read full article

Fake Amazon "Deal of the Day" emails doing rounds



Fake Amazon newsletters have lately become regular visitors in inboxes around the world, says Trend Micro. ...read full article

ANOTHER PONZI CASE


And a Warning for Investors


He was living the high life—taking up residence in a Miami Beach mansion worth more than $5 million, cruising around in a million-dollar yacht and his leased Mercedes-Benz, shelling out more than $400,000 for floor seats at Miami Heat basketball games, and donating thousands of dollars to the athletic program of a local university (the school was so appreciative it named a student athlete lounge after him). ...read full article


 

Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
315.792.3231
drebovich@utica.edu
Utica College
1600 Burrstone Road
Utica, NY 13502