Matthew Cella reports: Schools are putting children at risk of identity fraud by obtaining their Social Security numbers when it is not required by law and often unnecessary, the Social Security Administration’s Office of Inspector General has concluded. Some school systems in at least 26 states collect the nine-digit identifiers when students from kindergarten through…
Category: Commentaries and Analyses
IA: Buena Vista University reveals data breach (update 1)
Buena Vista University has had a data breach on campus. We engaged a nationally-recognized computer forensics team to conduct an investigation and learned someone gained unauthorized access to a BVU database. The information that this person could have accessed includes names, Social Security numbers and some driver’s license numbers of BVU students (applicants, former and…
HM Courts Service staff breached government database of personal information
Mark Ballard reports: Staff working for Her Majesty’s Courts Service have breached security on the government database that stores personal data about everyone in the UK. Also, local authorities sacked 26 employees last year for snooping on personal data stored on the Department for Work and Pensions (DWP) Customer Information System (CIS), which, with 90…
Visa To Acquirers: Stop Forcing PAN Retention
Evan Schuman writes: Visa on Wednesday (July 14) sent a direct message to acquiring banks: Stop making retailers retain credit card information unless you want to stop servicing Visa. A key Visa security executive (Eduardo Perez, the head of global payment system security) said the brand is now merely “strongly encouraging [acquirers] to not require”…
No more anonymous “private practice” on HHS breach list
HHS has now started revealing the names of the HIPAA-covered entities who had previously been listed only as “private practice” in their list of those having breaches affecting 500 or more individuals. PHIprivacy.net had been one of a number of entities that had complained about private practices being shielded, but OCR had interpreted the Privacy…
Data Breaches: A Black Hole – ITRC
The Identity Theft Resource Center is singing to this choir. Their most recent press release: As of June 30th, The Identity Theft Resource Center® recorded 341 individual breaches for the first six months of 2010. Unfortunately, hundreds of breaches have been veiled from the public, delayed in publication, or not listed on any public lists….