Privacy & data protection

Update at 7 a.m. PST January 30: Clarification made in the final paragraph.

Every day it seems like there is a new and significant data breach in the news. In fact, organizations like ChoicePoint, TJX, the Department of Veterans Affairs, or Heartland Payment Systems have become poster children for the sorry state of information assurance.

Recognizing the risks to sensitive data, many companies have implemented full-disk encryption software from companies like PGP, PointSec, SafeBoot, and Utimaco. Still, this means purchasing, deploying, and managing add-on software on lots of PCs--a cumbersome operational task. For a number of years, I've … Read more

Data theft and breaches from cybercrime may have cost businesses as much as $1 trillion globally in lost intellectual property and expenditures for repairing the damage last year, according to a new study from McAfee.

McAfee made the projection based on responses to a survey of more than 800 chief information officers in the U.S., United Kingdom, Germany, Japan, China, India, Brazil, and Dubai.

The respondents estimated that they lost data worth a total of $4.6 billion and spent about $600 million cleaning up after breaches, McAfee said.

The report, entitled "Unsecured Economies: Protecting Vital Information" … Read more

Payment processor Heartland Payment Systems has been sued over a data breach it disclosed publicly on Inauguration Day last week.

The lawsuit, filed on Tuesday in U.S. District Court in Trenton, N.J., alleges that Heartland failed to adequately safeguard the compromised consumer data, did not notify consumers about the breach in a timely manner as required by law, and has not offered to compensate consumers for costs they may incur in protecting themselves from identity fraud.

In a statement that coincided with President Barack Obama's inauguration events, Heartland said the breach occurred last year but that it … Read more

We have Valentines Day and Mothers Day and even Inauguration Day. And now that cyber crooks have turned the Internet into their playground, we've got Data Privacy Day.

Companies and agencies in the U.S., Canada and more than two dozen European countries will be holding events in honor of Data Privacy Day on Wednesday geared toward educating consumers as to how to better protect themselves online.

And privacy groups are sending messages to the newly installed administration of President Obama.

In the latest issue of The Identity Theft Newsletter, three consumer privacy experts give their advice.

Jay Foley, … Read more

Earlier this month, I predicted that large companies may soon adopt policies mandating that technology vendors adhere to best practices for security in product design and development.

I also suggested that government agencies may be on the cutting edge of adopting these types of policies.

On Monday, I read a preliminary report that New York state may be the first government to move forward with this type of policy. Apparently, New York will use the Common Weakness Enumeration/SANS Institute list of the Top 25 Most Dangerous Programming Errors as a baseline for software security. Under the proposal, vendors selling … Read more

To critics, cloud computing can't be trusted because you aren't in control of the data outside your network.

But if that's the case, then how secure are the data and collocation centers that corporations contract with to host their data?

"It does come down to vetting the practices of the provider and making sure they meet the standards you want for your business," Phil Hochmuth, a senior analyst at Yankee Group, said Monday, the eve of Cloud Computing Innovation Day in Santa Clara, Calif.

Companies like Salesforce.com, Amazon.com, and Google have built businesses … Read more

A New Zealand man who bought a used MP3 player from an Oklahoma thrift store found names, cell phone numbers, and Social Security numbers of American soldiers on the device, according to news site TVNZ.

Chris Ogle, who paid $18 for the device, also found lists of soldiers based in Afghanistan, personnel who fought in Iraq, and equipment deployments, as well as private information about soldiers, including which ones are pregnant.

The US Army and the American embassy declined to comment to TVNZ's ONE News.

Last year, a British labor agency had to shut a Web site after a … Read more

User information, including passwords, has been stolen from job site Monster, the company has announced.

Monster's database of user account information--which includes user IDs, passwords, e-mail addresses, names, phone numbers, and some demographic data--was illegally accessed and information was taken, the company said on Friday.

The information that was stolen did not include resumes or sensitive information like Social Security numbers and financial data. But someone could use the data that was breached to contact Monster users and use social engineering to trick them out of their information.

Monster is urging its users to visit the site and change … Read more

TJX stores, including T.J. Maxx and Marshalls, are holding a one-day 15-percent-off sale on Thursday as a way to show appreciation for customers after a data breach at the company.

TJX disclosed in 2007 that 45.7 million customer accounts were compromised

"TJX has chosen to hold a previously planned, one-time Customer Appreciation Day to express our appreciation to customers for their continued support and patronage following the criminal attack(s) announced on our computer systems two years ago," TJX spokeswoman Sherry Lang said in a statement. "TJX remains committed to providing our customers a safe … Read more