Musings on seniors and ID theft
Given the string of well-publicized ID theft schemes recently, it seemed HelpNet’s choice of putting out tips for seniors to avoid identity theft was a good idea. Of course, then it occurred to me that maybe HelpNet wasn’t in the top ten of sites that the elderly are likely to read with any frequency. So good effort, HelpNet… but your tips, though useful, are likely to go...
Read MoreUS Government: Serving up whale for over 100 years
Interesting… If you haven’t seen the coverage, the FTC forced Twitter to update its information security program after a slew of information security issues including password problems, breaches, and fraudulent claims about the security of the site (in other words, claimed protection measures that just weren’t implemented the way they said they were). Check it out: In one...
Read MoreIs Colorado Casualty the Devil?
It’s getting pretty ugly over there in Utah. What’s that have to do with Colorado Casualty? Wait for it, we’ll get there. Anyway, long story short: University of Utah had some backup tapes containing ePHI for about 2 million patients (containing patient medical records from the university hospital) go missing on their way to an offsite storage provider. The University...
Read MoreSalvation Army: leaking data and giving people crabs
The trouble with buying stuff used is that you never know what the last person who had owned the thing was up to. Sometimes you win out and the preowned factor works in your favor – like when we bought our “preowned” Wii the other week. But on the other hand, sometimes you lose out big time – like when my neighbor back in NJ got the crabs (ewwww) from a pair of pants he...
Read MoreTJX: Everything must go (even your data)
That’s right, you guessed it – TJX is currently holding their “we lost your data, now give us your money” sale. They’re calling it their customer appreciate sale and it’s going on right now. Originally, the 15% off sale was supposed to be part of the settlement over the loss of all that credit card data. Turns out they didn’t have to do it, but they...
Read MoreExternal Attacks – Bigger than we Thought?
For years risk and security professionals have been trying to escalate awareness about the frequency of insider attackers. We’ve been working to combat the perception that many “non-riskers” have that external pen test scans of firewalls and web applications are “cool” (heck Harrison Ford did a whole movie on firewalls) and the responsible assessment approach of...
Read MoreSecurity, Economy, and Les Mis
So interestingly, we’ve been reading some articles over the past few days that are speculating heavily about what the current economic meltdown will mean to us guys over here in IT security and risk. The net consensus appears to be – with budgets shrinking and credit freezing up, spending on IT risk is going to be hard hit. Really? We’re not so sure about that. Historically,...
Read MoreBest Western: Failboat? or just Fail-Canoe?
So, you heard about Best Western, right? The Sunday Herald originally ran the story saying that up to 8,000,000 records were impacted. Best Western says that wasn’t the case. So which is it? I’m not sure we’ll ever know. We can speculate, or dig around to try to get more data, but at the end of the day, it’s going to be hard to figure out. Not that it matters for...
Read MoreStolen Laptops, Redux
I got a question for you. What percentage of corporate laptops do you think have some sort of personally identifiable data on them? Take a second to mull that over while we go over something else. Now, you may not remember this, but I’ve suspected for a long time that things are not what they seem in the disclosure space. I.e., do we really think that everybody who actually has a breach...
Read MoreStrange Things are Afoot with Breach Disclosure
(Today’s topic has been brought to you by Dave N.) So, strange things are afoot at the Circle K – provided that by “Circle K” you mean “Breach Disclosure” and by “strange things” you mean “corporate irresponsibility”. Specifically, have you seen the recent statistics for how often laptops are lost? Now, while I haven’t seen an...
Read MoreYour data. Always had it, always will…
Everybody’s fired up about thumb-drives. ComputerWorld warns us about the dangers of thumb-drives in their article “Thumb-Sized Leaks in Corporate Security” and Hummingbird’s recent study about how departing corporate executives steal data hand-over-fist has been getting all kinds of play in the Register and on VNUNet. According to some, it’s quite a huge...
Read MoreTuesday September 7, 2010
Diana Kelley's profile