Matt Hanley reports: An identity theft ring uncovered in Oswego last year involved more than just thefts in Kendall County. Police across the Fox Valley quietly made arrests they hoped would lead to other suspects, while Oswego’s larger investigation continued for nearly a year. This week, Oswego police announced four people had been charged with…
Google Hack Attack Was Ultra Sophisticated, New Details Show
Kim Zetter reports: Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti-virus firm McAfee. “We have never ever, outside of the defense industry, seen commercial industrial companies…
Lawsuit against Health Net first suit under HITECH
As reported here Wednesday, Connecticut’s Attorney General Richard Blumenthal has filed suit against Health Net for failing to secure member information and for failure to notify members of a security breach in a timely fashion. United Health Group and Oxford Health Plans are also named as defendants in the suit because although they were not…
Audit: Some Ohio University computers not immune to hackers
Dave Hendricks reports: Computers at two Ohio University campuses contained Social Security numbers that weren’t encrypted or protected from theft, internal auditors told university trustees in a meeting today. […] The findings, which come nearly four years after hackers breached five university servers containing medical records and Social Security numbers, underscore the difficulty of locking…
NYC: Audit Report on the Controls of the Administration for Children’s Services Over Personally Identifiable Information
The comptroller’s December 2009 audit report can be found here. ACS collects a lot of PII on many children in NYC, including medical information, complaints of child abuse, etc. The most significant audit findings included inadequate password security for the local network and Blackberry devices. With respect to the former, the audit found 15 instances…
AU: ALRC renews data loss financial penalty call
Christina Zhou reports: The Australian Law Reform Commission (ALRC) has renewed its call for fines for failing to notify the privacy commissioner of data breaches after the UK introduced penalties of up to half a million pounds. The ALRC initially made the call in its report: For Your Information: Australian Privacy Law and Practice released…