PogoWasRight -- Privacy News Headlines

SC: House panel to consider requiring DNA samples after arrests

2008-05-13T16:58:40-04:00

Anyone charged with a felony punishable by at least five years in prison would be required to provide DNA samples to the state under a bill sent to the House floor.

The House Judiciary Committee approved the bill on a voice vote Tuesday.

The state already takes DNA samples from people convicted of felonies. But under the measure, DNA samples would be taken from people upon their arrest.

Source - WIS10

Reddit It | Digg This | Add to del.icio.us

MN: Senate passes bill rejecting federal ID program

2008-05-13T16:57:10-04:00

A bill barring Minnesota's commissioner of public safety from taking any steps to implement the federal Real ID Act cleared the state Senate today on a 50-16 vote.

The bill, which Gov. Tim Pawlenty opposes, now goes to the House. Earlier this session, Pawlenty vetoed a major transportation policy bill because it contained a provision preventing the state from complying with the act.

Source - TwinCities.com

Reddit It | Digg This | Add to del.icio.us

Statement from Dave & Buster's (follow-up)

2008-05-13T13:21:50-04:00

Dave & Buster's has learned that theUnited States Department of Justice has charged and will prosecute theindividuals responsible for the theft of credit and debit card numbers from11 of our locations. These thefts occurred on an intermittent basis fromMay through August of 2007. Although the stolen data was never retained orstored by Dave & Buster's, the data was illegally accessed from the Dave &Buster's computer systems during the card verification and transmissionprocess. No personal information such as names, addresses, phone numbers,bank account numbers, pin numbers, or social security numbers was stolen.The data that was captured consists of "track 2" data that includes thecredit or debit card number and expiration date, but no other identifyingdata.

Dave & Buster's was alerted to the potential data intrusion in lateAugust 2007, and immediately contacted the United States Secret Service.Dave & Buster's worked closely with both the Secret Service and Departmentof Justice and assisted them in their investigation. In addition, Dave &Buster's immediately retained outside security experts who identified thesource of the data compromise. As a result the Company has implementedadditional security measures to prevent any such incident from occurring inthe future. The stores that were compromised were: Westminster, CO;Islandia and West Nyack, NY; Utica, MI; Downtown Chicago, IL; Columbus, OH;Jacksonville, FL; Frisco, Dallas (2) and Austin, TX.

Source - PR Newswire

Reddit It | Digg This | Add to del.icio.us

NY: Upstate jail inmate charged with identity theft scam

2008-05-13T13:10:46-04:00

... Cayuga County authorities are charging 24-year-old Eddie Camacho with conspiracy, criminal impersonation and unlawful possession of personal identification information.

.Camacho is accused of telephoning people from the jail and impersonating members of the district attorney�s office to obtain personal information, including Social Security numbers. Deputies say Camacho used the information to obtain credit and services in the names of six victims.

Source - pressconnects.com

Reddit It | Digg This | Add to del.icio.us

GPS tracking of truants: privacy vs. practicality

2008-05-13T13:09:04-04:00

A story from The New York Times has focused attention on the role that remote monitoring equipment can play in keeping track of school children with a history of cutting classes. Overall, the story has a feel-good vibe, describing how the monitoring helped bring some discipline to students that were otherwise interested in graduating and helped identify a few students that needed more significant interventions. But it also raises questions about various privacy issues that are worth exploring in more detail.

Source - Ars Technica

Reddit It | Digg This | Add to del.icio.us

Perdue signs consumer protection legislation

2008-05-13T13:08:10-04:00

Today at a bill signing event at Georgia Bureau of Investigation (GBI) headquarters, Gov. Sonny Perdue signed three pieces of legislation to protect Georgia�s consumers and prosecute identity thieves: House Bill 130, Senate Bill 388 and Senate Bill 24.

Source - The Daily Citizen

Reddit It | Digg This | Add to del.icio.us

Charter To Begin Tracking Users' Searches And Inserting Targeted Ads

2008-05-13T13:04:51-04:00

Charter Communications is sending letters to its customers informing them of an "enhanced online experience" that involves Charter monitoring its users' searches and the websites they visit, and inserting targeted third-party ads based on their web activity. Charter, which serves nearly six million customers, is requiring users who want to keep their activity private to submit their personal information to Charter via an unencrypted form and download a privacy cookie that must be downloaded again each time a user clears his web cache or uses a different browser.

Source - The Consumerist

Reddit It | Digg This | Add to del.icio.us

Bob Barr, a former GOP congressman, is running for president as a Libertarian

2008-05-13T06:39:44-04:00

Bob Barr, a onetime Republican congressman from Georgia, on Monday announced his plan to run for president as a Libertarian, promising to rein in federal spending and limit military involvement abroad.... Barr, who left the Republican Party two years ago, is expected to win the Libertarian Party's nomination during its convention this month in Denver.

Source - Los Angeles Time

Related - National Review: Interview

Reddit It | Digg This | Add to del.icio.us

EDITORIAL: A price on privacy

2008-05-13T06:37:52-04:00

If you have an unlisted phone number, you may have noticed that the monthly cost for this "service" jumped last year from 28 cents to $1.25 on your AT&T bill. It's still cheaper than Verizon, which charges $1.75 a month for an unlisted landline.

Regardless of your phone company, you might wonder whether the cost is justified and whether you can do something about it.

You can.

Sen. Sheila Kuehl, D-Santa Monica, working with consumer and privacy advocates, has been pushing legislation that would prohibit phone companies from charging an extra fee for an unlisted number. Consumer advocates argue that the costs of data processing for an unlisted number are minuscule. Privacy groups suggest it is unfair to impose a surcharge on customers who don't want their phone number or addresses exposed to telemarketers and other strangers.

The phone companies are arguing that it's inappropriate for state legislators to regulate "specific features on a phone," as Verizon spokesman Jon Davies put it, adding that there are costs associated with maintaining separate databases for listed and unlisted customers.

Source - San Francisco Chronicle

Reddit It | Digg This | Add to del.icio.us

AU: ACS supports privacy laws, calls for e-mail safeguards

2008-05-13T06:34:44-04:00

The Australian Computer Society (ACS) has called on government to enforce rigid privacy laws on organizations which intercept employee e-mails.

Under new legislation, businesses may be given powers to intercept e-mails sent and received by staff without notification. The changes remove the need for disclosure in employee contracts, required by existing law, under the guise of counter-terrorism and national security.

ACS President Kumar Parakala said tough privacy laws are essential for interception provisions because staff often send personal e-mails from work.

Source - IDG.no

Reddit It | Digg This | Add to del.icio.us

Domestic spying far outpaces terrorism prosecutions

2008-05-13T06:30:08-04:00

The number of Americans being secretly wiretapped or having their financial and other records reviewed by the government has continued to increase as officials aggressively use powers approved after the Sept. 11 attacks. But the number of terrorism prosecutions ending up in court -- one measure of the effectiveness of such sleuthing -- has continued to decline, in some cases precipitously.

The trends, visible in new government data and a private analysis of Justice Department records, are worrisome to civil liberties groups and some legal scholars. They say it is further evidence that the government has compromised the privacy rights of ordinary citizens without much to show for it.

Source - Los Angeles Times

Reddit It | Digg This | Add to del.icio.us

ICO publishes data protection officer conference findings

2008-05-13T06:28:30-04:00

The Information Commissioner�s Office (ICO) has published the findings of its Data Protection Officer Conference

Source - Findings

Reddit It | Digg This | Add to del.icio.us

Josef Fritzl: Legal action to be taken over violation of Elisabeth Fritzl's privacy

2008-05-13T06:14:16-04:00

The Austrian incest victim Elisabeth Fritzl will today be exposed to the media coverage of her case from which she has been shielded since she was released from captivity, as her lawyer announced legal action for violation of privacy against newspapers.

... In the past two weeks Austrian media law experts have criticised the publication of private documents such as Elisabeth�s letter to a school friend and private pictures of the family and her children, some of whom are underage.

Source - Telegraph

Reddit It | Digg This | Add to del.icio.us

TJX credit card heist suspect, 2 others, accused of new scam

2008-05-12T20:12:34-04:00

Three men - one of them suspected of playing a role in the heist of 45.6 million credit cards from retailer TJX Companies - have been accused of hacking into cash register terminals belonging to a restaurant chain and installing software that sniffed credit card numbers.

According to a 27-count indictment unsealed Monday, the scheme was carried out in part by Maksym Yastremskiy. In July, the Ukrainian was arrested in a Turkish resort town for allegedly selling large quantities of credit card numbers, many of which were siphoned out of TJX's rather porous network. He remains incarcerated in Turkey, where an application for extradition to the US is pending. Yastremskiy also went by the name Maksik.

Source - The Register

Reddit It | Digg This | Add to del.icio.us

Homeland Security: Privacy Officer Report

2008-05-12T15:10:46-04:00

In support of Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007, The Privacy Officer will submit a report covering all privacy protection activities of the Department.

Source - Quarterly Report, December 2007 - March 2008 (PDF, 5 pages - 40 KB) - contains 2nd quarter findings for 2008.

Reddit It | Digg This | Add to del.icio.us

Hackers Indicted for Stealing Credit and Debit Card Numbers From National Restaurant Chain

2008-05-12T14:25:09-04:00

Three defendants havebeen charged in a federal grand jury indictment and complaint withillegally accessing the computer systems of a national restaurant chain andstealing credit and debit card numbers from that system, Assistant AttorneyGeneral Alice S. Fisher of the Criminal Division and U.S. Attorney for theEastern District of New York Benton J. Campbell announced today.

According to the indictment and complaint, Maksym Yastremskiy, a/k/a"Maksik," Aleksandr Suvorov, a/k/a "JonnyHell," and Albert Gonzales, a/k/a"Segvec," engaged in a scheme in which they hacked into cash registerterminals at 11 Dave & Buster's Inc. (D&B) restaurants at various locationsaround the United States in order to acquire "track 2" credit and debitcard information. The defendants then sold the stolen data to others whoused it to make fraudulent purchases or re-sold it to make such purchases,causing losses to financial institutions that issued the credit and debitcards. Track 2 data includes the customer's account number and expirationdate, but not the cardholder's name or other personally identifiableinformation.

The indictment alleges that in or about May 2007, Yastremskiy andSuvorov gained unauthorized access to the cash register terminals andinstalled at each restaurant a "packet sniffer," a malicious piece ofcomputer code designed to capture communications between two or morecomputer systems on a single network. The packet sniffer was configured tocapture track 2 data as it moved from the restaurant's point-of-sale serverthrough the computer system at the company's corporate headquarters to thedata processor's computer system. At one restaurant location the packetsniffer captured track 2 data for approximately 5,000 credit and debitcards, eventually causing losses of at least $600,000 to the financialinstitutions that issued the credit and debit cards.

Source - PR Newswire

Reddit It | Digg This | Add to del.icio.us

UK companies: Leaking like a sieve?

2008-05-12T13:11:57-04:00

Most UK companies are losing data every month a survey has found.

The majority of UK businesses, 79 per cent, are losing data at least once per month, according to the survey of 250 senior IT staff at businesses larger than 1,000 staff.

More than a quarter, 28 per cent, suffered data loss on a weekly or more frequent basis the report by IT management company CA found.

Source - Silicon.com

Reddit It | Digg This | Add to del.icio.us

'Bonnie and Clyde' Jet-Setters Sign Plea Deal in Massive ID Theft Case

2008-05-12T13:08:17-04:00

A young couple accused of stealing the identities of more than 16 people to live expensively and travel the world in style have agreed to plead guilty to federal charges, an attorney said Monday.

Jocelyn Kirsch, 22, will plead guilty to six counts, including two counts of aggravated identity theft, one count of bank fraud and one count of money laundering, the lawyer, Ronald Greenblatt, told The Associated Press.

Source - FOXNews

Reddit It | Digg This | Add to del.icio.us

Another Laptop Stolen from Pfizer, Employee Information Compromised (updated)

2008-05-12T12:59:21-04:00

About 13,000 employees at Pfizer Inc., including about 5,000 from Connecticut, had their personal information compromised when a company laptop and flash drive were stolen, the pharmaceutical giant confirmed today.

The data breach, which occurred about a month ago, was the second this year affecting Pfizer Inc. employees and the sixth made public in a one-year span dating back to May 2007. More than 65,000 data-breach notifications have been sent out by Pfizer over the past year, including more than 10,000 to employees from Connecticut

Source - The Day

Updated 5-13-08: The Day

Reddit It | Digg This | Add to del.icio.us

FTC Approves New Rule Provision Under The CAN-SPAM Act

2008-05-12T12:53:29-04:00

The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the Act). The provisions are intended to clarify the Act�s requirements. The provisions and the Commission�s Statement of Basis and Purpose (SBP) will be published in the Federal Register shortly.The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of �sender� was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act�s opt-out requirements; (3) a �sender� of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act�s requirement that a commercial e-mail display a �valid physical postal address�; and (4) a definition of the term �person� was added to clarify that CAN-SPAM�s obligations are not limited to natural persons.

Source - FTC

Reddit It | Digg This | Add to del.icio.us

UK: Crooks access NHS database

2008-05-12T12:20:27-04:00

THE �12billion NHS computer system lay in tatters last night � as it emerged CROOKS may have accessed patient records.

A security card flaw has left the system open to abuse for two years.

Sensitive medical details, addresses and National Insurance numbers of every patient in the country could have been seen by ANYONE in a GP surgery or hospital without using the special swipe card.

.... the controversial Choose and Book system allows GPs to view patient records online, book appointments and order medicines through their computer.

But a GP in Hornchurch, Essex, found he could log on to the system without inserting his "smart card" into the reader device.

Source - The Sun

Reddit It | Digg This | Add to del.icio.us

Ie: Another BoI laptop was stolen in 2001

2008-05-12T12:13:32-04:00

... Bank of Ireland says it is investigating an allegation that a laptop was stolen. The development comes as the bank faces two separate investigations following the disclosure that laptops with details of 31,000 customers were stolen last year.

The theft happened in Bank of Ireland's Newbridge branch in 2001. The laptop was used by an official from Bank of Ireland's life assurance division, but the computer contained details of life assurance customers from branches in Newbridge, Kilcullen and Athy.

The laptop was not encrypted - so the information could be easily accessed by hackers. Its theft was reported to line management in the bank, sources have told RT� News. But customers were not informed.

The laptop had details of up to 4,000 Bank of Ireland customers. These included dates of birth addresses, bank account details, medical histories and investments held by customers.

Source - RT� News

Reddit It | Digg This | Add to del.icio.us

West Virginia Class Action Lawsuit Filed Against LifeLock Alleging Deceptive Marketing Practices

2008-05-12T12:12:33-04:00

Marks & Klein, LLP today filedits third class action lawsuit against LifeLock, Inc., a provider ofidentity theft protection services, and its CEO Richard "Todd" Davis. Thelawsuit was filed in the Circuit Court of Jackson County, West Virginia(Docket No. 08-C-69), on behalf of Kevin Gerhold of Falling Rivers, as wellas all other LifeLock subscribers in West Virginia.

This latest action followed suits filed by the firm in April on behalfof Dr. and Mrs. Gerald Falke of Hagerstown, Md., as well as all otherLifeLock subscribers in Maryland; and in March on behalf of Dr. and Mrs.Warren Pasternack of East Brunswick, N.J., as well as all other New JerseyLifeLock subscribers.

Source - PR Newswire

Reddit It | Digg This | Add to del.icio.us

U.K. defence department adopts encryption after data breaches

2008-05-12T12:11:01-04:00

Following a spate of high profile data breaches, the U.K. Ministry of Defence is set to install encryption software on 20,000 of its laptops.

It will install BeCrypt's Disk Baseline software across Royal Airforce, Army and Navy laptops, and users will need to be authenticated before they can access encrypted data. The MoD said the new BeCrypt software would be easily integrated with future technology too.

It will protect data across a range of levels, from 'Classified' to 'Secret' levels, and in some cases 'Top Secret' data.

Source - InterGovWorld.com

Reddit It | Digg This | Add to del.icio.us

AU: IT body wants internet 'snoop' safeguards

2008-05-12T08:03:27-04:00

Australia's IT industry group is calling on the federal government to adopt guidelines surrounding the use of workplace internet records.

The Australian Computer Society (ACS) has made its submission as part of the government's review of the country's privacy laws.

... Among the list of recommendations, the ACS wants to see the mandatory publishing of an employer's email and web use policy, guidelines on who can authorise the accessing of employee emails, a logging system to identify when email records are accessed, and random auditing of those logs.

Source - Sydney Morning Herald

Thanks to Brian Honan for the link.

Reddit It | Digg This | Add to del.icio.us

UK: Outrage in UK over staff blacklisting database

2008-05-12T08:01:53-04:00

Last week the announcement that several UK retailers were collaborating on compiling a database of employees dismissed over suspicion of theft or fraud caused furore amongst the public, trade unions and civil liberties groups.The database is the brainchild of Action Against Business Crime (AABC), the national organisation for Business Crime Reduction Partnerships in the UK, and is due to go live later this month.

Employees who are dismissed for dishonesty or who resign before they can be dismissed will be added to the National Staff Dismissal Register (NSDR), which can be searched by prospective employers when conducing a background check on a job candidate.

Source - Silicon Republic

Thanks to Brian Honan for the link.

Reddit It | Digg This | Add to del.icio.us

Ca: Licence-plate readers worry privacy advocates

2008-05-12T07:09:50-04:00

A new high-tech crime-fighting tool that police believe has revolutionary potential is worrying some civil libertarians and privacy watchdogs.

Automated licence-plate readers are being tried out by police forces in several Canadian jurisdictions.

In Vancouver, police are using them to track down stolen cars and nail driving scofflaws, but the technology's investigative uses could ultimately include counter-terrorism work and tracking sex offenders.

Critics fret it represents creeping big brotherism, another step towards a surveillance society.

Source - New Brunswick Business Journal

Reddit It | Digg This | Add to del.icio.us

Six million Chileans' data leaked

2008-05-12T05:50:07-04:00

A hacker in Chile calling himself the 'Anonymous Coward' published confidential data belonging to six million people on the internet.

Authorities are investigating the theft of the leaked data, which includes identity card numbers, addresses, telephone numbers, emails and academic records.

Information about the president's daughters was reportedly included in the leaked data. The information was obtained by the surreptitious hacker from government, military and Ministry of Education servers and posted on FayerWayer, a Chilean technology blog.

Source - WebUser

Related - BBC
Related- FayerWayer

Reddit It | Digg This | Add to del.icio.us

Dahlgren mails ID warning (Naval Surface Warfare Center at Dahlgren update)

2008-05-12T05:49:28-04:00

The Naval Surface Warfare Center at Dahlgren is mailing 7,200 more letters to former employees through the Internal Revenue Service warning them about potential identity fraud.

In January, four people arrested in Pennsylvania had pages from a Navy report dated July 7, 1994, listing names, Social Security numbers and birth dates for 100 current and former employees.

... Naval Surface Warfare Center spokeswoman Stacia Courtney said 2,000 letters were sent out earlier to those who worked for the Navy on or before July 7, 1994. The latest batch is going to people whose addresses were not available for the first mailing.

Courtney said it's not clear how many people have suffered from fraudulent attempts to use their names to obtain credit. However, she said those with fraud concerns have been referred to Naval Criminal Investigative Services as the investigation continues.

Source - Fredericksburg.com

Reddit It | Digg This | Add to del.icio.us

Proposed privacy rules rile small brokerage firms

2008-05-12T05:47:13-04:00

Small and independent-contractor brokerage firms are convinced that the SEC's proposed changes to privacy rules related to client information will crush them with new costs and burdensome procedures.

The Securities and Exchange Commission proposed the changes to Regulation S-P in March, and the deadline for broker-dealers and financial advisers to comment is today.

The proposed amendments to the regulation would create more-specific requirements for safeguarding client information and responding to information security breaches. They are also designed to align the rule's privacy guidelines more closely with those of the Federal Trade Commission and federal banking agencies, industry observers and attorneys noted.

Source - Investment News

Reddit It | Digg This | Add to del.icio.us