Group items tagged

The country's largest office products store sold a returned computer hard-drive on clearance containing hundreds of personal files on it - a move privacy experts say violates key provisions of a privacy law requiring businesses to safeguard personal information of customers. The transaction occurred recently at a Staples Business Depot store in Ottawa, one of about 300 across the country. When the purchaser booted up the Maxtor mini, he found hundreds of files on the external hard drive. The files, totalling about 400, belonged to Jill Vickers, a retired political science professor from Carleton University. They included some research papers already in the public domain, but some were sensitive documents. "It is especially of concern to me as the files contain some 20 years of reference and assessment letters which are confidential documents," said Vickers, who recently purchased a new computer system for her home that initially included the Maxtor backup drive. When her son, who was tasked with transferring her files to the drive, noticed the daily automatic backup function was not functioning properly, he returned it to Staples. He thought he had deleted the files. "Even though it's not in my possession, it's my data. They should wipe it clean," Vickers said of Staples. Canwest News Service last week provided Staples with the model and serial number of equipment, as well as the receipt for the clearance purchase. A company spokeswoman said it required more time to gather the facts to comment on the specific incident. "We will continue to look into this," said Alessandra Saccal. In a statement, she reiterated, "privacy of any kind is of great concern to us, that is why we have procedures in place to clear any items with memory before being resold."

A defunct payment gateway has exposed as many as 19,000 credit card numbers, including up to 60 Australian numbers. The discovery by a local IT industry worker was made by mistake and appears to be caused by a known issue with the Google search engine, in which the pages of defunct web sites containing sensitive directories remain cached and available to anyone. The cached data, viewed by iTnews, includes 22,000 credit card numbers, including CVVs, expiry dates, names and addresses. Up to 19,000 of these numbers could be active. Most are customers in the US and Britain although some are Australian. The credit card numbers are for accounts held with Visa, Mastercard, American Express, Solo, Switch, Delta and Maestro/Cirrus. Within the address bars of the cached pages are URLs of companies, including UK retailers of laboratory supplies, sports and health goods, apparel, photo imaging and clothing.

All but one of the legal claims filed against Hannaford Bros. -- the Maine-based retailer that suffered a security breach exposing some four million credit and debit cards -- has been dismissed. U.S. District Court Judge Brock Hornby threw out the civil claims against the grocer for its alleged failure to protect card holder data and to notify customers of the breach in a timely fashion. In dismissing the claims, Hornby ruled that without any actual and substantial loss of money or property, consumers could not seek damages. The only complaint he allowed to stand was from a woman who said she had not been reimbursed by her bank for fraudulent charges on her bank account following the Hannaford breach.

Indianapolis - New developments suggest another drug store giant may face punishment for trashing your privacy. Now, Walgreens wants to settle its case - whether the state wants to or not. 13 Investigates discovered personal information in drugstore dumpsters in Indiana and across the country. WTHR exposed the problem at CVS and Walgreens pharmacies three years ago, and the Indiana attorney general's office has been investigating ever since. Walgreens says it finally has a settlement with the state - or does it? "We reached an agreement on the material terms of a settlement agreement," Walgreens attorney Stacy Cook told the Indiana Pharmacy Board Monday morning. The attorney general's office disagreed. "There was never an agreement that was reached," said Deputy Attorney General Morgan Wills. The attorneys met with the pharmacy board at Walgreen's request because the nation's second-largest drug store retailer says it had a deal the attorney general's office backed out on. "It's simply that they've changed their mind," Cook said. The attorney general's office admits it had started to negotiate terms of a settlement with Walgreens in January, but the state later decided to halt its settlement negotiations when the federal government announced a $2.25 million settlement with Walgreens' rival CVS.

Consumers and companies are vulnerable to hackers and identity thieves even after U.S. authorities arrested a man they said was a master hacker who stole 170 million credit and debit card numbers. Estimates on the total financial impact of breaches vary, but a study by Forrester Research put the cost at $90 to $305 per compromised record when considering the cost of upgrades, notifying customers and legal and marketing expenses. "Under our banking laws, it's the financial institutions that will be stuck paying for fraudulent use of credit cards. We have the consumers responsible for $50 and the rest winds up on the card issuer," said Joel Reidenberg, a professor at Fordham Law School who teaches privacy law. Banks in turn pass along costs to retailers as fines and fees. On Monday, three men were indicted on charges of stealing more than 130 million credit and debit card numbers in what U.S. authorities said they believed was the largest hacking and identify theft case ever prosecuted in the United States

The U.S. Department of Justice's indictment of Albert Gonzalez on Monday seems to have all the elements of a Hollywood crime drama: A hacker gains access to millions of credit and debit card numbers and has the power to take down a nation. Too bad for Tinseltown, the attack itself was about as sexy and a pile of routers. According to the indictment, Gonzalez, 28, gained a foothold into the systems of credit card processors such as Heartland Payment Systems ( HPY - news - people ) and retailers like OfficeMax ( OMX - news - people ), Barnes & Noble ( BKS - news - people ) and TJX Cos. ( TJX - news - people ) using an amateur hacking technique called "wardriving," which uses wireless access points to find vulnerable networks from which to launch attacks. Once connected to those private networks, Gonzalez used a well-known technique called "SQL injection" to trick Web applications into forking over private information that gave him deeper access into networks. Even though it sounds complicated, techies liken this kind of hack to simply turning the front doorknob to get into a house.

Two credit-card payment processors are offering to cover merchants' fines and penalties in the event of a data breach. However, the two companies, Heartland Payment Systems and Mercury Payment Systems, have different requirements that must be met before a merchant would qualify for coverage. For Mercury, the retailer would have to prove it was Payment Card Industry Data Security Standard-compliant (PCI DSS) at the time of a breach. "This is an enticement program to get merchants involved in PCI compliance," Jim Mackay, Mercury's vice president of marketing, told SCMagazineUS.com Friday. "Though there are critics who say that PCI does not go far enough, at least it's a step in the right direction."

The man accused of masterminding the largest identity theft in U.S. history agreed to plead guilty to related charges, according to court papers filed in Boston federal court on Friday. Albert Gonzalez is accused of helping to steal millions of credit card and debit card numbers from major U.S. retail chains, leading to tens of millions of dollars in fraudulent transactions. A former government informant who is already in jail, Gonzalez, 28, agreed to plead guilty to 19 counts in Massachusetts by September 11. The agreement also resolves charges pending in federal court in New York.

Consumers face a greater risk of losing control of their data when doing business with smaller retailers, as many haven't made investments to comply with the Payment Card Industry's Data Security Standard (PCI DSS), according to a new survey. The survey, which covered 560 U.S. and multinational organizations, asked respondents a variety of questions about their investments and deployment of technology to comply with PCI DSS, which was introduced in 2005. It's an industry standard created by major credit card companies that's designed to protect customer payment data. The survey found that 55 percent of organizations only secured credit card information but not other data such as Social Security and driver's license numbers or bank account details. Also, only 28 percent of smaller companies between 501 to 1,000 employees comply with PCI DSS. That compares with more than 70 percent of large merchants with 75,000 or more employees that claimed they're compliant.

Two things to remember as you prepare to file your taxes: If you get an e-mail from the IRS, it's probably a scam. And don't forget the stamp. As the April 15 tax filing date nears, online tax-related scams tend to ratchet up, experts say. If you're not careful, you could lose a lot more than just the refund. "Filing your taxes online is extremely convenient, however if you want to maintain the privacy of your data, you need to ensure that you are connecting to the proper Web site, that the connection is using encryption, and that your computer is free from any malware. If any of these components are compromised then your data is not safe," Ryan Barnett, director of application security research for Breach Security, said on Friday. "This would be like going to an ATM machine to withdraw money and allowing everyone around you to see your PIN number as you punch it in," he added. Not only do people have to take precautions in storing and transmitting their data over the Internet, but they also have to be wary of social engineering-type ruses that scammers use to trick people into giving out their sensitive data. Probably the most common type of tax season scam is the fake IRS phishing e-mail. These e-mails will either claim to be a tax refund or an offer to help file for a refund, settle tax debt, or other aid. (Not long ago, scammers were offering economic stimulus payments, even before the plan was approved.) They will provide a link to a Web site where the visitor is prompted to type in personal data like a Social Security number. Don't trust it, experts say.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Identity thieves using the names and Social Security numbers of Irving Independent School District employees have made thousands of dollars in purchases, school officials say. One woman has been accused of fraudulent use or possession of identifying information and two charges of credit card abuse. A second person linked to the theft case has been arrested but no charges have yet been filed in the Irving case, authorities said. At least 64 of the 3,400 teachers and other employees whose names were on the old benefits report that somehow ended up in the trash have said they are identity theft victims. The school district mailed letters to current and former employees about the breach, but 472 of the letters were returned as undeliverable. Pat Lamb, district security director, said in a story for Sunday's online edition of The Dallas Morning News that the employees at risk of being on the list worked for the district in the 2000-01 school year and had payroll deductions for benefits. "We still do not know how our records were compromised," Lamb said. "We don't know if somebody was supposed to shred that information, but it ended up in a Dumpster." Lamb said his name was among those on the report, which was generated in 2000. Cynthia Will, a former teacher, pleaded for help from the school board last week. More than $25,000 was charged in her name, including a $4,000 diamond ring, the newspaper reported. "It was stunning the damage that was done in just seven days," she told the board. Will has to carry an affidavit stating that she is an identity theft victim and if there are warrants on her old driver's license number that they are not for her. Dawn Bizzell, who has taught in the district since 1996, said district officials acted too slowly. An employee advisory wasn't posted until Jan. 26. Bizzell said she learned she was an identity theft victim on Nov. 28 and police told her of the district connection on Dec. 3.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

There is an old axiom in marketing circles that it costs more money to acquire new customers than to retain and service your old ones. In this precarious financial environment, the focus for many companies is now on keeping the existing customers satisfied, rather than worrying only about adding new ones to the fold. Since the business environment has slowed for now, showing your clients additional "value added" services rather than simply a lower price, for example, will be critical. Companies should be taking an introspective look for differentiating factors in the areas of security and privacy "value," and how they can leverage what they uncover - a competitive advantage. How can an organization best position their privacy and security programs to be used as a competitive advantage? First, of course, you need to ensure that your privacy and security program is robust, well-tested, formally documented and meets or exceeds whatever legislation that your company is subject to or regulated against. It is also important to give your customers a point of reference about the validity of your programs so they easily translate the value into a currency they recognize. Further, you should take advantage of any other internal and external audits, assessments and oversights that you can reasonably share with external parties by crafting the results of these documents as a consumable for external parties. It has been my experience that clients, especially their security teams, really appreciate this effort. Another innovative way to deliver a competitive advantage today is in the realm of vendor management. This discipline is quickly becoming an increasingly high-profile topic of discussion and interest between clients, customers and their service providers. The onus is on you anyway to demonstrate oversight of your third-party service provider(s). This is where you should also have the "value add" conversation and validate why your clients placed their trus

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Most Americans believe the world financial crisis has increased their risk of identity theft or related crimes, according to the latest Unisys Security Index. The biannual survey of consumers in nine countries found that more than two-thirds of Americans are "extremely or very concerned" about other people obtaining and using their credit or debit card details -- with 90 percent at least "somewhat concerned." In addition, computer security remains a major concern. More than 40 percent of Americans are extremely or very concerned about security in relation to viruses or unsolicited emails. Three-quarters of Americans believe that the world financial crisis will increase the risk that they will personally experience identity theft or related crimes. More than one-quarter believe that the risk will increase substantially. "Financial security for Americans has moved from third place to front and center, number one," Tim Kelleher, vice president of enterprise security at Unisys, provider of information technology consulting services, told SCMagazineUS.com Monday. "People feel they are much more financially at risk." This has major implications for banks and other financial institutions, as well as internet businesses, he said. "Banks and businesses need to understand that customers are more wary than ever about using services that may compromise their personal data," Kelleher said. "If economic concerns increase these fears, companies need new strategies to strengthen customer confidence through accountability and transparency, which also plays to part of the Obama administration's call to action for government and business." The U.S. Security Index is based on a random telephone survey of 1,004 persons ages 18 and over. The first wave of the study was conducted in August 2007.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

The reality of any new technology, security or otherwise, rarely lives up to its promise. Once you move past the bright sheen of the product brochures and top-level user interfaces, only the practicalities of implementing the product in the real world remain. This is especially true of newer technologies we have little prior experience with, where our product expectations are defined by marketing, the press, and the rare peer reference. It's only after these tools are tested in the real world, under full production conditions, that we really start learning how to either best implement them, or kick them back to the vendor for a little more polish (and a compelling business use). Data loss prevention (DLP) is one of the most promising, and least understood, security technologies to emerge during the last few years. It dangles promises of ubiquitous content protection before our eyes, with shadows of complexity and costs glooming over its shoulder. As with everything, the reality is somewhere in-between. We've interviewed dozens of DLP users (including our own contacts, random volunteers and vendor references) to find out how DLP works in the trenches of the real world. The result is a collection of lessons learned and use cases to help you avoid common pitfalls while deriving maximum value. Lesson 1: Users are confused by a confusing market Lesson 2: Full DLP solutions take more effort to deploy, but are more effective and easier to manage Lesson 3: Set the right expectations and workflow early Lesson 4: Poor identity management hinders good DLP Lesson 5: False positives are a manageable concern Lesson 6: Progressive deployments are most effective Lesson 7: Endpoint DLP is still more limited than network or discovery Lesson 8: Content discovery is hot

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

With the nation's strictest data security law set to take effect Jan. 1 in Massachusetts, mobile phone merchant Dennis Kelly plans to parlay the regulations into a competitive advantage. Kelly will display signs at each point-of-sale device inside 28 Wireless City shops, of which he is co-owner, stating that the company complies with the state's new mandate and that protecting customers' personal information is a company-wide priority. He says that as his business has grown in a few short years, adhering to the new requirements - namely, establishing an official information security policy and deploying more stringent access control solutions - was necessary, regardless of the impending legal obligation. And now he wants to show that investment off. "We can set ourselves apart from competitors by communicating that we take this stuff seriously," he says. "I think we will be somewhat unique in that regard." Kelly's take on the regulations - the first time any state has issued such a comprehensive and prescriptive list of measures that must be taken to protect data - appears to be in direct contrast to most other business owners across the Bay State.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Rarely is the response to a new government initiative a unanimous round of "thumbs up," but so far that seems to be the case regarding yesterday's (April 9) announcement that The Defense Department and the Department of Veterans Affairs will collaborate on building an electronic database of administrative and medical information for U.S. servicemen and women. Since developing a broad electronic health records (EHRs) initiative is a prominent feature of the Obama Administration's economic stimulus plan, it makes sense to start (or at least focus) on a defined segment of the population -- current and past military personnel. But, apart from the specific technology, architecture and technical administration aspects of this program, there will be other challenges in pursuing the goal of EHRs for the military -- challenges that insurance technology executives know only too well. These include collaboration among different and sometimes competing interests (in this case, the Department of Defense (DOD) and the Department of Veterans Affairs (VA), which historically have not worked together as closely as one might imagine); and concerns about privacy and security. In fact, the ways in which the military EHRs initiative addresses the privacy issue could provide some interesting best practices (or actions to avoid) for private-sector players. "Currently, there is no comprehensive system in place that allows for a streamlined transition of health records between DOD and the VA," President Barack Obama said at yesterday's announcement, "and that results in extraordinary hardship for an awful lot of veterans who end up finding their records lost, unable to get their benefits processed in a timely fashion. And that's why I'm asking both departments to work together to define and build a seamless system of integration with a simple goal: When a member of the Armed Forces separates from the military, he or she will no longer have to walk paperwork from a DOD

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

As more and more teens get their hands on mobile phones there is an increasing number of problems which can result. First is "Cyberbulling" where someone uses text messages, emails, and phone calls to hound and slander another teen. The next one, which has been in the news a lot lately, is "sexting". This is where sexually explicit texts and photos are sent from one teen to another or to a group. Both situations can put parents in the awful position of being forced to help their child to defend charges in court. In some counties prosecutors have begun using child pornography laws to prosecute teenagers who send sexually explicit photos to one another. That's why a new program you can put on your child's phone may be the answer. Security Shield Parental Control Edition works with Symbian, Windows Mobile, and BlackBerry phones. Once setup, parents can then see a log of text messages send by their child as well as calls placed and received. Reports are available through a website. The software is being offered for US$30 a year and that subscription also includes automatic software updates.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Better to settle with the FTC than get your company's reputation as consumer-friendly (deserved or not) dragged through the court of public opinion.

Sears Holdings has agreed to settle allegations it collected personal data from customers without adequate disclosures, the Federal Trade Commission said on Thursday. The FTC had accused Sears Holdings, created in 2005 with the merger of Sears and Kmart, of paying online customers $10 to allow the company to track their online browsing. But the FTC said Sears also collected information on non-Sears sites, such as online bank statements, drug prescription records and emails. "The software would also track some computer activities that were not related to the Internet," the FTC said in a statement. Sears did disclose all it would monitor in a lengthy user license agreement, but the FTC argued it was not enough. "The complaint charges that Sears' failure to adequately disclose the scope of the tracking software's data collection was deceptive and violates the FTC Act," the FTC said in a statement. Sears did not immediately reply to two telephone calls and one email seeking a comment. Under the settlement, Sears is required to destroy the data collected and make future disclosures more prominent.