Archive for the ‘PII’ Category

Threat of hacker-obtained tax information yields $137m revenue

March 19, 2010 Leave a comment

This week, the German Tax Authorities opened cases on 1,100 suspected tax evaders thanks to information purchased  from a “hacker”. As reported on BusinessWeek and other sites, the hacker offered a CD of information of German nationals with “secret” Swiss bank accounts managed by Credit Suisse to the German authorities, who quickly snapped it up, apparently for the price of 2.5 million euros.

Reports indicate that around 400 million euros of unpaid taxes could be reclaimed. Read more…

Categories: eBanking, PII Tags: ,

CSO Executive Seminar Series on Data Protection and Encryption…

March 10, 2010 Leave a comment

Just a reminder that tomorrow I will be speaking at the CSO Executive Seminar at the Hilton, Tysons Corner VA – The topic will be “5 practical steps for data protection”. I don’t expect it to be a McAfee sales push, I’ll be talking about technologies in general.

If you’re a reader of my blog(s) please come and say hello.

Speaking at the “Security: The New Business Imperative” Event

February 16, 2010 Leave a comment

For those in the area, I will be speaking next week (on the 23rd Feb) at the Security: The New Business Imperative event at the Westin Diplomat Golf Resort & Spar, Hallandale Beach FL.

The topic will be a review of current regulations, and practical steps you can take not to fall foul of them.

You can reserve a seat by contacting, or (678) 653 9606

Shell Oil’s 170,000 Personnel list leaked to Activists..

February 16, 2010 Leave a comment

Last week (13th Feb) Shell Oil announced that the personal details of all 170,000 employees and contractors had been leaked to a number of non-Government organizations via email, these included Greenpeace’s American office, Earthrights, Justice in Nigeria Now, Shell Guilty, Friends of the Earth (Netherlands). Also included was the anti-Shell website The story was well covered in the UK national press.

The list included a limited number of personal addresses. Read more…

MA 201 CMR 17 Revisited..

February 2, 2010 Leave a comment

Though the deadline for MA 201 compliance has been extended until the end of the quarter, it’s a good time NOW to review what this regulation means to you and your business.

I must start with the usual “ask Gary” disclaimer – I’m not a lawyer, but the regulation is pretty easy to read (compared to many others) and I reccomend anyone subject to it prints it out and pays attention.

So, how do you know if you’re subject to MA 201 CMR 17 or not? Lets start from the top of the regulation itself: Read more…

Eugene School leaks “potential” 26,000 records, Could be none?…

January 8, 2010 Leave a comment

This week, reported the first major suspected PII breach of the year, reported by George Russel, Superintendant of the Eugene School District of Oregon. You can find the full story on the KVAL news site.

Apparently some suspicious activity was noticed on one of their internal servers, which was subsequently shut down and isolated before being analyzed. The server in question had PII related to around 2,500 individuals, but was connected to other servers containing records of 13,000 former employees of the school district, and around 13,000 vendors. Total possible exploit of around 26,000 records.
Read more…

Personal Data Breach Compensation Suit Thrown Out In Missouri..

December 8, 2009 Leave a comment

A knock to the campaign to ensure companies take better care of our personal data occurred this when when John Amburgy lost his case against Express Scripts in Missouri, USA.

John alleged that he had spent significant time and effort in protecting

his identity following Express Scripts’ breach back in October 2008. They offered free credit report monitoring services to the people who’s PII/PHI they lost, but only to those who proved they had been victims of identity theft.

Yes, it seems you have to be a victim of identity theft because of Express Scripts breach before Express Scripts will offer you help in protecting and monitoring your identity… Read more…

European Data Protection Law a possibility?

November 16, 2009 Leave a comment

The Register recently reported that the European Commission is considering passing EU-wide laws on data breach notification, along the lines of those in place in the USA already. Viviane Reding, the Information Security Commissioner said

The Telecoms Reform has put the issue of mandatory notification of personal data breaches firmly on the European Policy agenda.

The committee formed from Europe’s national data protection watchdogs (The Article 29 Working Party) has apparently also backed the idea. Read more…

ChoicePoint fined an additional $275,000 for failures to have an effective security policy…

October 22, 2009 Leave a comment

Following on from my story on repeat data loss offenders, tho week ChoicePoint has been fined $275,000 by the FTC for failures to have an adequate data security program in place.  ChoicePoint lost the PII of 160,000 U.S residents in 2004 (which they were fined $15 million for), and another 13,750 in 2008 according to Grant Gross of IDG News Service.

Interestingly, this later breach could have been mitigated by a “key” electronic security tool they had in place to monitor the database, unfortunate for them though, it had been turned off. Read more…

Categories: Data Loss, Fines, PII Tags: ,

Repeat Data Loss Offenders…

October 1, 2009 3 comments

I was doing some data mining this week on the excellent site and it occurred to me to dig a little deeper into where the risky places to give your PII/PHI to are. I was hoping to find that some segments are cleaning up their act, but it seems not. The fact we’re seeing multiple entries by people could have two possible meanings: Read more…

Categories: Data Loss, PHI, PII, Privacy Laws Tags: , ,