So the U. S. Attorney’s Office for the Eastern District of New York issued a press release on December 20 describing how 6 men were indicted for their roles in three tax refund fraud schemes. The three schemes resulted in more than 11,000 false income tax returns seeking refunds up to $73 million. According the…
Category: Commentaries and Analyses
Inadequate security of personal, private, and sensitive Information in school districts’ mobile computing devices – audit
I’ve often pointed out my concerns that public schools – at least those in New York that I’ve been in – do not seem to have adequate security in place for the vast troves of sensitive and confidential information they collect and retain. So I was unsurprised to read that a recent Office of the…
They’re guilty of ID theft, but don’t ask the government how/where they got the personal info?
Here’s another case where it’s clear there’s been some compromise of PII, but we have no idea how from what law enforcement tells us: According to documents filed in court, Miami-Dade Police Department (MDPD) officers executed a search warrant at [Travonn Xavier Russell’s] residence on January 18, 2012. During the search, MDPD officers found the following…
Glitch imperils swath of encrypted records
Shaun Waterman reports: A widely used method of computer encryption has a little-noticed problem that could allow confidential data stored by almost all Fortune 500 companies and everything stored on U.S. government classified computers to be “fairly easily” stolen or destroyed. The warning comes from the inventor of the encryption method, known as Secure Shell or SSH. “In…
Verizon DBIR Researchers’ Predictions for 2013 Threats
BASKING RIDGE, N.J. – Although many security experts predict that the most likely data breach threats organizations will face in 2013 include cloud exploits, mobile device attacks and all-out cyber war, “Verizon Data Breach Investigations Report” (DBIR) researchers have reached a far different conclusion: The most likely threats involve authentication attacks and failures, continued espionage and…
Cheng v. Romo and Applying Unauthorized Access Statutes to Use of Shared Passwords
Orin Kerr writes: The federal computer crime statutes punish unauthorized access to a computer. As regular readers know, courts are hopelessly divided on what this language means, and in particular what makes an access to a computer authorized versus unauthorized. In Cheng v. Romo, 2012 WL 6021369 (D. Mass. Nov. 28 2012), Judge Casper authored an…