Archive
Two London, UK councils fined $100,000+ each for lost laptops..
Reported by Julien Weston of WIREDvc today, two London councils, Ealing Council and Hounslow Council, were fined over $100,000 each for failure to properly protect personal information of a total of 1,700 individuals stored on stolen laptops.
Even though the laptops were password protected, the Information Commissioner of the UK declared the protection isufficulent, as no encryption was in place.
Even though, both councils had policy which mandated encryption on such devices.
You can read more on the WIREDvc site.
Two charged with data theft from June ’10s AT&T hack…
Reported today by infosecurity-us and others, the two men (Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel Spitler, 26, of San Francisco, California) who had fleeting fame after publishing insecurities in the AT&T iPad website in June 2010 have been arrested and charged with one count of conspiracy to access a computer without authorization, and one count of fraud in connection with personal information. Each count carries a maximum penalty of five years in prison and a fine of $250,000.
You can find the formal press release on the Justice.gov site.
The original hack involved farming the subscriber details off AT&Ts site by presenting it with random ID codes. Unfortunately, while demonstrating a weakness in a site is often not prosecuted, the pair went on to retrieve 120,000 subscriber details and then passed them on Gawker, who published a redacted list amongst much fanfare. This distribution of personal data will probably get them into a lot of hot water. Read more…
5 Steps To Data Protection Nirvana..
This week as many of you know I’ve been working out of our South African office in Johannesburg, and in particular presented 4 sessions at the McAfee Executive Summit here.
ITWeb, who co-sponsored the event were kind enough to give me a writeup on their site which you can enjoy at your leisure.
Thankyou though to all the customers and partners who came to see us and made the event such a success!
Zurich Insurance hit with $3.5m fine…
David Meyer from ZDNet reports that Zurich Insurance was hit with a $3.5m fine by the Financial Services Authority (FSA) in the UK for failing to secure customer data. This comes from an incident when a data tape went missing in transit between processing centers. There was no evidence the data on the tape had been used or exposed, but the lack of process and policy was enough to cause the FSA and step in.
The FSA noted in their statement that:
As there were no proper reporting lines in place Zurich UK did not learn of the incident until a year later
An effective breach of the UK Data Protection Act according to the Information Commissioners Office (ICO).
Mexico Passes data-leak prevention law…
Effective as of July 6th 2010, the new la Ley Federal de Protección de Datos Personales en posesión de los particulares, or “Federal Law for Protection of Personal Data held by Private Persons” enforces obligations of disclosure, and has penalties and fines. Companies must act on requests for information about personal data held, and can deny transfer of data and request deletion.
A great writeup by Roumiana Deltcheva can be found on MessageingArchitects.com, and you can get the full text of the law from the Senado site (though in Spanish of course).
European Commission requests the UK to strengthen Data Protection Regulation…
This week the European Commission requested the UK to strengthen its data protection legislation to align with the EU Data Protection Directive. Claiming the UK regulations offered less protection than those required under EU rules, the UK has two months to consider the opinion and respond with measures to bring them into line.
The EU highlighted the following points:
1. The ICO cannot monitor third party country data protection rules – assessments which should come before international transfer of personal information
2. The ICO can neither perform random checks on people using or processing personal data, nor enforce penalties following the checks.
The full writeup can be found on the Europe EU Law press release page.
Countrywide additional $600m class action..
Following from the recent $20m class action suit against Countrywide Financial, they, and their owners Bank of America just got slammed with an additional $600m class action suit regarding improper practices.
Luckily, not related to any data breaches though.
Countrywide Financials Data Loss leads to $20m class action suite…
Following on from the Countrywide Financial data breach back in 2008, they now find themselves saddled with a class action lawsuit for $20,000,000.
Countrywide Financials problems all started when employee Rene Rebollo confessed to downloading 20,000 data files per week and selling them to Wahid Siddiqi for as much as $70,000 (a total of 2.2 million people’s information was compromised), this leading to Bank Of America (their new owners) paying $350,000 to Connecticut to settle claims.
The terms of the class action can be found on http:\\www.cwdataclaims.com, but they include up to $50,000 reimbursement per incident of identity theft from a fund of $5,000,000, free credit monitoring, $90 for opening a new account, $20 per month, up to $200 for credit monitoring, $10 per hour for telephone calls etc, and many other miscellaneous things.
TJX Hacker gets 20 years…
Last week, Albert Gonzalez, the “brains” behind the TJX hack , Heartland Payment Systems, 7-Eleven and many other notable cybercrimes was sentenced to 20 years. Part of his punishment is the forfit of $1m he buried in his parents garden, a condo in Miami, a car, diamond ring and several expensive watches (Gonzalez was reported to have stolen $200m by some sources, much of which was returned).
The sentence was severe because some of the attacks were carried out while Gonzalez was working as a Secret Service informant, earning $75k per year.
You can read more on the BBC News website.
CSO Executive Seminar Series on Data Protection and Encryption…
Just a reminder that tomorrow I will be speaking at the CSO Executive Seminar at the Hilton, Tysons Corner VA – http://public.cxo.com/conferences/index.html?conferenceID=64. The topic will be “5 practical steps for data protection”. I don’t expect it to be a McAfee sales push, I’ll be talking about technologies in general.
If you’re a reader of my blog(s) please come and say hello.
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments