Privacy and Identity Theft

Antioch University says one of its computer systems that contained personal information on about 70,000 people was breached by an unauthorized intruder three times last year.

The university says there is no conclusive evidence any personal information has been stolen but law enforcement officials are investigating.

The breached system contains names, Social Security numbers, academic records and payroll documents for current and former students, applicants and employees going back to 1996.

Pittsburgh-based BNY Mellon Shareowner Services has notified about 3,500 individuals that the company lost a box of computer data tapes last month storing personal information including names, Social Security numbers and possibly bank account numbers, a spokesman said Wednesday

A Rhode Island state computer disk containing the Social Security numbers of nearly 1,400 people is missing, the state Department of Administration announced Friday.

Laptop containing sensitive and unencrypted personal data on 51,000 current and former employees of Agilent Technologies was stolen from the car of an Agilent vendor March 1 in San Francisco, the company said in a letter mailed to former employees this week.

The data includes employee names, Social Security numbers, home addresses and details of stock options and other stock-related awards.

In the letter, Agilent blamed the San Jose vendor, Stock & Option Solutions, for failing to scramble or otherwise safeguard the data – “in violation of the contracted agreement.”

Finjan has reported a website, hosted by Google Blogspot, for buying and selling stolen credit card numbers.  The site, SellCVV2, sells premium card data for up to $38, down to as little as $10 for non-premium cards when you buy in lots of 100.  Free trials of data are available. 

These services have in the past been operated over IRC channels, or on russian websites. The use of Google Blogspot for hosting is a new subterfuge technique, designed to make takedown harder.

Just days after they posted the reports of the Corsair Flash Padlock USB drive being cracked, EverythingUSB.com has posted a glowing review of the IronKey.

http://www.everythingusb.com/ironkey-personal-1gb-secure-14486.html

We’ve heard rumours for months, but the news has hit officially that the Corsair Flash Padlock USB drive has been hacked.

Here is the article on Everything USB, and a link to the Dutch website that did the hacks.

Effectively all you have to do is solder in a single resistor, and the device is always unlocked.

A federal judge ordered a Birmingham woman who helped steal thousands of dollars from automatic teller machines to serve one month in prison instead of the 18-month prison term handed down earlier Thursday.

Prosecutors said James Real, 43, stole a database from Compass Bank that contained names, account numbers and customer passwords, while Laray Byrd, 29, bought a credit-card encoder and software to encode the information onto blank cards.

But less widely reported is that James Real allegedly stole the personal data of up to 1 million Compass Bank customers.

I ran into this article today in the Liverpool Daily Post.  No, the Beattles haven’t re-formed. 

Instead, I found a nice running track of patient data loss incidents in the Liverpool UK area.  Many involve lost or stolen USB flash drives, and some involve lost CD-ROMs.  I find it interesting to see that in one case, a flash drive was stolen from a nurse’s desk when she left the area for 10 minutes…. insider job? 

A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years’ worth of clinical trial data, including names, medical diagnoses and details of the patients’ heart scans.

The information was not encrypted, in violation of the government’s data-security policy.An initial effort by information technology personnel failed to encrypt the laptop before it was stolen and Arai neglected to follow up, according to NHLBI spokeswoman Susan Dambrauskas.

The incident is the latest in a number of failures by government employees to properly secure personal information. This month, the Government Accountability Office found that at least 19 of 24 agencies reviewed had experienced at least one breach that could expose people’s personal information to identity theft.