Group items tagged

The country's largest office products store sold a returned computer hard-drive on clearance containing hundreds of personal files on it - a move privacy experts say violates key provisions of a privacy law requiring businesses to safeguard personal information of customers. The transaction occurred recently at a Staples Business Depot store in Ottawa, one of about 300 across the country. When the purchaser booted up the Maxtor mini, he found hundreds of files on the external hard drive. The files, totalling about 400, belonged to Jill Vickers, a retired political science professor from Carleton University. They included some research papers already in the public domain, but some were sensitive documents. "It is especially of concern to me as the files contain some 20 years of reference and assessment letters which are confidential documents," said Vickers, who recently purchased a new computer system for her home that initially included the Maxtor backup drive. When her son, who was tasked with transferring her files to the drive, noticed the daily automatic backup function was not functioning properly, he returned it to Staples. He thought he had deleted the files. "Even though it's not in my possession, it's my data. They should wipe it clean," Vickers said of Staples. Canwest News Service last week provided Staples with the model and serial number of equipment, as well as the receipt for the clearance purchase. A company spokeswoman said it required more time to gather the facts to comment on the specific incident. "We will continue to look into this," said Alessandra Saccal. In a statement, she reiterated, "privacy of any kind is of great concern to us, that is why we have procedures in place to clear any items with memory before being resold."

"The inspector general of the National Archives and Records Administration is investigating a potential data breach affecting tens of millions of records about U.S. military veterans, Wired.com has learned. The issue involves a defective hard drive the agency sent back to its vendor for repair and recycling without first destroying the data. The hard drive helped power eVetRecs, the system veterans use to request copies of their health records and discharge papers. When the drive failed in November of last year, the agency returned the drive to GMRI, the contractor that sold it to them, for repair. GMRI determined it couldn't be fixed, and ultimately passed it to another firm to be recycled. The incident was reported to NARA's inspector general by Hank Bellomy, a NARA IT manager, who charges that the move put 70 million veterans at risk of identity theft, and that NARA's practice of returning hard drives unsanitized was symptomatic of an irresponsible security mindset unbecoming to America's record-keeping agency."

It's not exactly what anyone might expect to find at a garbage dump in Ghana. Journalism students from the University of British Columbia discovered intact hard drives containing secret international security data and personal information at a digital dumping ground in Ghana, said their teacher, Peter Klein. Mr. Klein, a producer for the PBS television program Frontline and an Emmy Award winning journalist, said the drives included information about U.S. Homeland Security and Pentagon defence contracts as well as social security numbers, credit card numbers, and family photos. The dumps are frequented by criminal gangs in the country, he said. The findings are part of a project by Mr. Klein's graduate students investigating electronic waste, or e-waste. The team also travelled to Guiyu, China, and India, piecing together the afterlife of discarded computers, drives and parts. To find out if cyber criminals could get information stored on the computers, the students bought several hard drives from vendors near the Ghana dumps to test at home in Vancouver. One of the drives came from Northrop Grumman, a large U.S. military contractor. It contained "details about sensitive, multimillion-dollar U.S. government contracts" as well as contracts with the defence intelligence agency and NASA, according to a synopsis of the project on the PBS website.

A third (34 per cent) of discarded hard disk drives still contain confidential data, according to a new study which unearthed copies of hospital records and sensitive military information on eBayed kit. The study, sponsored by BT and Sims Lifecycle Services and run by the computer science labs at University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US, also found network data and security logs from the German Embassy in Paris on one purchased drive. Researchers bought 300 drives from eBay, other auction sites, second-hand stalls and car boot sales. A disk bought on eBay contained details of test launch routines for the THAAD (Terminal High Altitude Area Defence) ground to air missile defence system. The same disk also held information belonging to the system's manufacturer, Lockheed Martin, including blueprints of facilities and personal data on workers, including social security numbers. Lockheed Martin denies that the disk came from it. The arm manufacturer has launched an investigation that aims to uncover just how the sensitive data might have been wound up on the disk. Two discs bought in the UK apparently came from Lanarkshire NHS Trust, including patient medical records, images of X-rays and staff letters. Lanarkshire NHS Trust runs the Monklands and Hairmyres hospitals. In Australia, the exercise turned up a disk from a nursing home that contained pictures of actual patients and their wound photos, along with patient details. A hard disk from a US bank contained account numbers and details of plans for a $50bn currency exchange through Spain. Details of business transactions between the bank and organisations in Venezuela, Tunisia and Nigeria were also included. Correspondence between a member of the Federal Reserve Board and the unnamed banks revealed that one of the deals was already under scrutiny by the European Central Bank, and that federal investigators were also taking an interest. Yet anothe

This is a great time to be in the hard-drive shredding business, as companies scramble to destroy data before the bad guys have a chance to steal it. A look inside the belly of the beast (includes video). September 08, 2008 - CSO - Thanks to all the fear over data security breaches, a computer recycling operation has morphed into something much bigger - and potentially more lucrative - for the Saraiva brothers. That's not to say the nature of their work has changed much. They still make money off of companies looking to unload devices that have outlived their usefulness. They still stuff the gadgetry into a shredder on the back of a truck that reduces it to shrapnel. The difference is they're now part of the fight against data thieves. Their company, Peabody, Mass.-based Corporate Destruction Solutions, is rapidly expanding to accommodate organizations desperate to destroy old hard drives before they can fall into the hands of data thieves. And they're not alone. Several companies in the metal-shredding business confirm a surge in demand for their services in the wake of many highly-publicized data breaches.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

Federal authorities are investigating the loss of a computer hard drive containing a huge quantity of personal information from Bill Clinton's presidency in an apparent security breach at a National Archives record center, government officials said Tuesday. Government officials briefed on the matter said the breach, which was confirmed in April, involved the loss of a drive containing a terabyte of computerized data, which could include millions of individual pieces of information, including personal information about one of then Vice President Al Gore's three daughters. The missing information included Social Security numbers and home addresses of numerous people who visited or worked at the White House, along with other material related to security procedures used by the Secret Service at the White House in the Clinton years. The National Archives and Records Administration said Tuesday in a statement that the agency "takes very seriously the loss of an external hard drive that contained copies of electronic storage tapes from the executive office of the president of the Clinton administration."

"BlueCross and BlueShield of Tennessee is still scrambling to figure out how much of its members' personal information was put at risk in an Oct. 2 data breach in which 57 hard drives were removed from computer servers at a plan office in Chattanooga, according to a plan spokeswoman. In a telephone interview, Blues spokeswoman Mary Thompson said there were no signs of forced entry and the drives, which Thomson said were between the size of a large book and an 8-track tape cartridge, were taken from a set of active servers in a data storage cabinet. The removal, termed a theft by the plan, was not discovered until Oct. 5, Thomson said"

57 hard drives stolen from active servers and no one noticed? No sign of forced entry? Hmmmm.

There's a great deal of classified information in federal government databases that never should become public. Some of this information, involving the military or the intelligence world, must be made available to contractors by necessity, and that data should be closely guarded and kept confidential. But an alarming new article that we report on this week illustrates this is not always the case, and that information can inadvertently seep out from a classified venue and make it into the public's hands. It turns out that secret information about a U.S. missile defense system was found on the hard drive of a computer discarded by a major contractor, and sold on eBay. The discarded computer, reported the Guardian newspaper in Great Britain, contained documents from defense contractor Lockheed Martin that included detailed test launch procedures, photos and personal data of employees. The hard drive was turned over to the FBI, but one has to wonder how this could have happened and why sufficient controls were not put in place. Apparently, this is not an isolated incident.

Veterans suffering anxiety and paranoia following the theft of a government hard drive containing the medical histories and Social Security numbers of 198,000 of their brethren cannot recover financial damages, a federal appeals court says. The 11th U.S. Circuit Court of Appeals, in largely dismissing a class-action, ruled Wednesday that the veterans could recoup at least $1,000 under the Privacy Act if they could show financial damages, not mental anguish. What's more, the Atlanta-based court noted that the veterans - some already suffering post-traumatic stress syndrome from their Vietnam War days - likely could recover damages for mental anguish associated with the data breach if the lawsuit was before a different court. That's because the courts of appeal across the nation have issued conflicting interpretations of the Privacy Act of 1974, which allows people to sue the government for privacy breaches and recover "actual damages." Precedent in the 11th Circuit, which includes Alabama, Florida and Georgia, interprets "actual damages" as money losses only. So 198,000 veterans - whose life history was on a hard drive that vanished from a Birmingham, Alabama Veterans Administration hospital - are out of luck, even if their war-time paranoia was exacerbated by the breach. The 11th Circuit noted (.pdf) that the 5th U.S. Circuit Court of Appeals and the 10th U.S. Circuit Court of Appeals "do not restrict 'actual damages' under the Privacy Act to pecuniary losses." And the Supreme Court has refused to resolve the circuit splits.

"In a sign that state attorneys general may be flexing the HIPAA enforcement muscle granted by the HITECH Act provisions in the Recovery Act, the Connecticut and Arizona attorneys general are investigating health plans that recently experienced data breaches that they failed to disclose for several months. Typically, state attorneys general prosecute only violations of state laws, but they now have authority to investigate and levy fines for violations of HIPAA and the HITECH Act, which requires mandatory notifications within two months of knowledge of a breach. Connecticut Attorney General Richard Blumenthal (D) has emerged as possibly the first AG to take on a HIPAA investigation, and Arizona's AG may also be pursuing a similar course. The larger of the two breaches that have come to the AGs' attention was experienced by Health Net, Inc., which lost a portable external hard drive containing seven years of data for 446,000 Connecticut residents. The lost data came from 1.5 million individuals in total, who also hailed from New Jersey and New York. Health Net reported the loss to the Connecticut AG on Nov. 19, and on the same day Blumenthal issued a scathing statement demanding answers and promising action. He specifically said he was investigating whether Health Net may have violated "federal laws," as well as his state's own data protection laws."

Recent news reports on copier security have brought to the forefront how information stored on a copier's hard drive may be accessible to would-be identity thieves and others. While this vulnerability is eye-opening to many, this concern has been important to manufacturers for quite some time. Just as you would install a virus scan on your laptop or PC, you need data safeguards for multifunction printers (MFPs).

IT and business both understand the need to protect regulated customer and business data -- so long as they're in business, analysts say. Here's a look at how some folding businesses are falling short protecting data and the possible liabilities for the IT group and CIO. From HIPPA to Sarbox, a slew of regulations to protect customer and employee data force CIOs to step lively to comply. The punishment for failure to do so is costly and even dire. But once a company folds-and more are folding every week given the economy-what happens to that data? Who in the business and IT could be hit by the splatter if it all hits the fan? "Certain companies have been disposing of records containing sensitive consumer information in very questionable ways, including by leaving in bags at the curb, tossing it in public dumpsters, leaving it in vacant properties and/or leaving it behind in the offices and other facilities once they've gone out of business and left those offices," says Jacqueline Klosek, a senior counsel in Goodwin Procter's Business Law Department and a member of its Intellectual Property Group. "In addition, company computers, often containing personal data, will find their ways to the auction block," she adds. "All too often, the discarded documents and computer files will sensitive data, such as credit card numbers, social security numbers and driver's licenses numbers. This is the just the kind of data that can be used to commit identity theft." Discarded and unguarded data is now low-hanging fruit for criminal harvesters and corporate spies. "Recent client activity supports that competitors are beginning to buy up such auction devices specifically with the intention of trying to salvage the data," says James DeLuccia, author of IT Compliance & Controls. "Hard drives are being removed and sold online, or whole servers are sold via Craigslist and Ebay." In some cases, the courts insist data be sold during a bankruptcy. "Company servers, once I restore

A Microsoft-led group set up three years ago has backed away from its original goal of pushing for comprehensive U.S. privacy legislation. Originally, the Consumer Privacy Legislative Forum was set up to bring a diverse array of consumer companies, technology vendors and even advocacy groups together and help drive privacy legislation. But now the group has been renamed the Business Forum for Consumer Privacy and is instead being billed as "an organization focused on fostering innovation in consumer privacy governance," according to the group's new mission statement. The Forum has released a white paper at the International Association of Privacy Professionals conference held in Washington this week. "What the organization is doing is developing the framework that would make new governance possible," said Martin Abrams, an adviser to the Forum who is executive director with the Centre for Information Policy Leadership at Hunton & Williams, an international law firm. Two of the Forum's original members, Symantec and the Center for Democracy and Technology, say they have dropped out. Eastman Kodak has also dropped out, according to Abrams. He was not authorized to say who the current members are, but the group appears to include Microsoft, Hewlett-Packard, eBay and Google. U.S. consumers are covered by a patchwork of state and federal laws that are confusing for companies, and which often force consumers to work hard to protect their own data. Many of the Forum's members would like to change things, but it appears that coming up with legislative proposals was too much.

Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions ranging from AIDS to mental health problems. Using peer-to-peer applications, which computer users download to share files, most commonly music and movies, M. Eric Johnson, director of the Center for Digital Strategies at Dartmouth College in Hanover, N.H., was able to access electronic medical records on computers that had the peer-to-peer programs stored on their hard drives. The medical files contained detailed personal data on physical and mental diagnoses, which a hacker could use to not only embarrass a patient but also to commit medical fraud. One of the largest stashes of medical data Johnson discovered during two weeks of research he conducted in January was a database containing two spreadsheets from a hospital he declined to identify. The files contained records on 20,000 patients, which included names, Social Security numbers, insurance carriers and codes for diagnoses. The codes identified by name four patients infected with AIDS, the mental illnesses that 201 others were diagnosed as having and cancer findings for 326 patients. Data also included links to four major hospitals and 355 insurance carriers that provided health coverage to 4,029 employers and 266 doctors.

The new year has come and gone on the Gregorian calendar. But the new year for legal technology is still in progress at LegalTech New York, where vendors are unveiling their new products and services and attendees are helping them celebrate. LegalTech attendees should revel in the number of vendor initiatives aimed at reducing e-discovery costs from acquisition to review and production. And, like last year, EDD vendors continue to design and manufacture their products for international litigation. But LegalTech is not all about e-discovery. There were still plenty of vendors with products outside the Electronic Data Reference Model. EDD PARTIES Readers should be aware that Index Engines can access and extract data from tape and tape libraries -- and can do so really fast. But now they can also extract data from network storage systems, file shares, forensic images and hard drives and still provide users a single point of access to it -- via a Web browser. Index Engines first indexes data on disparate resources. Once the index is compiled, data can be deduped, searched, reviewed and extracted on demand. Also note that Index Engines can now filter unwanted file types such as EXE, DLL, etc., during the indexing process to reduce the time it takes to review the data. Read LegalTech New York 2009 Coverage on Legal Blog Watch In preparation for the new year, Kazeon Systems introduced new pay-as-you-go pricing models that augment their current standard software licensing option and focus on case matters. Kazeon hopes the new pricing models allow customers to implement an e-discovery solution that does not require a major financial investment or lengthy rollout. Vendors are starting to "go left" of the EDRM to provide organizations a better view of the end of litigation via early case assessment tools. In fact, KPMG promoted the concept with a T-shirt emblazoned with "go left." Toward that end, Daticon EED announced the availability of its Early Case Assessment servic

Still think that today's computer viruses and other malware come from some maladjusted teen out to vandalize your PC to make a name for himself? Think again. The persistent myth is a holdover from days long gone, and it's important to dispel it if you want to know what you're up against-and how to protect yourself. The splashy worms and malicious viruses that clogged entire networks and indiscriminately wiped hard drives are essentially gone. Today, it's all about cash-and lots of it. If there's a way to use evil software to make money, whether it means taking over a PC to send pharmacy-advertising spam, or stealing financial logins and credit card info, or even hacking game accounts, it's out there in some form. There's even a thriving online black market that sells everything from software kits to roll-your-own malware to spam services using infected PCs to reams and reams of credit card data stolen by keylogger malware. It's most important to get rid of this myth in order to get rid of the idea that you can usually tell whether you're infected by obvious signs like big pop-ups or suddenly missing files. Malware writers today work to keep infections as quiet as possible for as long as possible so that they can continue to make money. But it's also important to keep in mind that today's online crooks have become very creative in figuring out how to make money with their malware. Stolen Webmail accounts have been used to send messages to the account's contact list asking for money transfers. Popular online games such as World of Warcraft are a huge target, with thieves raiding hacked accounts to sell the items or in-game currency for real money. So don't assume that there's no risk using an untrusted PC as long as you don't log onto your bank.

Yet another breach of sensitive, unencrypted data is making news in the United Kingdom. This time the breach puts Royal Air Force staff at serious risk of being targeted for blackmail by foreign intelligence services or others. The breach involves audio recordings with high-ranking air force officers who were being interviewed in-depth for a security clearance. In the interviews, the officers disclosed information about extra-marital affairs, drug abuse, visits to prostitutes, medical conditions, criminal convictions and debt histories - information the military needed to determine their security risk. The recordings were stored on three unencrypted hard drives that disappeared last year. The interviews were conducted to ensure that the officers "can be trusted with sensitive government information and property," the Ministry of Defense said. But the interviews have now become a huge security risk for the officers and the Ministry of Defence, which has proven itself to be untrustworthy when it comes to guarding sensitive information and property.