Archive
Offer of $5.5m from a VERY SHOUTY NIGERIAN
I think this got through my spam filter because Brian was SHOUTING so loud. It fascinates me how you can be so computer illiterate as to not understand how to use capitals (or not), yet feel you have some chance of success in pursuing this kind of scam..
I had a mind to tell him I’d meet him at a NYC Police Station (for security reasons), but some other guy is offering me $10.8m, so I’m going to put my efforts there 😉 Read more…
Scam Of The Week – $10.8m from Barclays..
Yes, I know these mails go out to all and sundry, but I can’t help being amused that me, of all people still get them. You’d think that whoever sends them would be a little more targeted.
Still, when one makes it through my spam filter, I can’t help but be intrigued.. So, here’s a good one courtesy of Barclays Bank, who still use Yahoo as an email address provider it seems… Read more…
83,000 Toronto Health users PHI exposed…
Today it was announced that the personal information of 83,000 users of the Durham health systems became exposed when an unprotected USB stick containing their information was “lost”.
Not too uncommon you might think, but in this case, Ann Cavoukian, the Ontario privacy commissioner (who I had the pleasure of speaking with last year at than annual Privacy-By-Design conference), stepped in, demanding that they
“immediately implement procedures to ensure that any personal health information stored on any mobile devices [laptops, memory sticks, etc] is strongly encrypted.”
CBC news further reported that Commissioner Cavoukian expected every health authority in her province to follow suit.
Eugene School leaks “potential” 26,000 records, Could be none?…
This week, datalossdb.org reported the first major suspected PII breach of the year, reported by George Russel, Superintendant of the Eugene School District of Oregon. You can find the full story on the KVAL news site.
Apparently some suspicious activity was noticed on one of their internal servers, which was subsequently shut down and isolated before being analyzed. The server in question had PII related to around 2,500 individuals, but was connected to other servers containing records of 13,000 former employees of the school district, and around 13,000 vendors. Total possible exploit of around 26,000 records.
Read more…
Ghana takes first steps towards Data Protection Legislation…
This week Ghana News reported some sweeping changes proposed in the countries telephony infrastructure, designed to reduce fraud and increase the revenue contribution to the Ghana budget. There has been some talk in the past re Ghana adopting legislation along the lines of the UK Data Protection Act, but this is one of the first clear indications of sponsorship at a ministerial level.
The Minister (Mr. Haruna Iddrisu, the Minister of Communications) also said plans were afoot for a number of supplementary legislations including data protection/privacy, cyber security legislation, intellectual property legislation, and e-transaction regulations.
Jamaica passes CyberCrime Bill..
This week (18th December 2009) Jamaica moved its Cyber Crime bill into law making it possible to prosecute hackers and people who use nefarious popups to collect personal data. The Jamaica Observer reports-
The Bill, which was passed with eight amendments, will see persons convicted of breaches facing a maximum sentence of 10 years’ imprisonment and a minimum of two years; or slapped with fines ranging from between $2 million and $5 million. Read more…
Notable Breaches of PHI in 2009…
This week, Network World posted an interesting slide show of some notable breaches of Health Record privacy from 2009. The mode of disclosure is telling, with internal misuse/fraud and stolen devices/media being prevalent.
http://www.networkworld.com/slideshows/2009/090209-health-breaches.html
The companies mentioned are: Read more…
Personal Data Breach Compensation Suit Thrown Out In Missouri..
A knock to the campaign to ensure companies take better care of our personal data occurred this when when John Amburgy lost his case against Express Scripts in Missouri, USA.
John alleged that he had spent significant time and effort in protecting
his identity following Express Scripts’ breach back in October 2008. They offered free credit report monitoring services to the people who’s PII/PHI they lost, but only to those who proved they had been victims of identity theft.
Yes, it seems you have to be a victim of identity theft because of Express Scripts breach before Express Scripts will offer you help in protecting and monitoring your identity… Read more…
European Data Protection Law a possibility?
The Register recently reported that the European Commission is considering passing EU-wide laws on data breach notification, along the lines of those in place in the USA already. Viviane Reding, the Information Security Commissioner said
The Telecoms Reform has put the issue of mandatory notification of personal data breaches firmly on the European Policy agenda.
The committee formed from Europe’s national data protection watchdogs (The Article 29 Working Party) has apparently also backed the idea. Read more…
ChoicePoint fined an additional $275,000 for failures to have an effective security policy…
Following on from my story on repeat data loss offenders, tho week ChoicePoint has been fined $275,000 by the FTC for failures to have an adequate data security program in place. ChoicePoint lost the PII of 160,000 U.S residents in 2004 (which they were fined $15 million for), and another 13,750 in 2008 according to Grant Gross of IDG News Service.
Interestingly, this later breach could have been mitigated by a “key” electronic security tool they had in place to monitor the database, unfortunate for them though, it had been turned off. Read more…
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments