Posts Tagged “
Data
”
security
Cole discovered that by simply incrementing a numerical string by one in a url Best Buy sent out, he could pull up screen after screen of random customer info. Fortunately, all he could see were customer names, their home addresses, and their order numbers. It's still surprising that Best Buy—or more specifically, Postpublisher.net, the email company they outsourced this to—wasn't more careful with customer security.
More »
It's Easy To Access Random Customer Info With Best Buy URLs
The BBC Writes Application That Steals Personal Info From Facebook
Feel wary about giving applications access to your Facebook page? Worried one of those quizzes or games might be maliciously harvesting your data? You were right to worry. The BBC had the same idea, so they decided to write a program to do just that. And it worked. Not only did it steal the data of Facebook users who installed the application, it also victimized all of their "friends." More »Job.com Refuses To Delete Your Private Information
Dan is pissed because Job.com won't remove his name, email address, phone number, and home address from their servers. For reasons unknown, someone else set up a profile with his personal info on Job.com. When Dan contacted Job.com, they said that because they "must account for all transactions and account histories" they couldn't delete the info. They also assured him that since he didn't have a resume posted, recruiters can't search or view his information. Dan feels Job.com's internal "requirements" shouldn't have any bearing on his right to privacy. What do you think? Correspondence between the two, after the jump. More »FreeCreditReport.com Doesn't Practice Good Security Hygiene
You'd think a credit monitoring service—even one as skeevy as freecreditreport.com—would take great pains to keep up the appearance of security and confidentiality. You'd be wrong. When Brian called to cancel their service he was asked to call out his social security number and his mother's maiden name, even though it turned out they could easily access his account and cancel his service with only his phone number and birthday. Oh, and the first CSR hung up on him, but (sadly) that's not really very newsworthy anymore. More »Should The Government Set Up A "Do-Not-Track" List?
One of the most popular sentiments expressed by readers on our blog is "be a smart consumer." Now two privacy advocacy organizations are calling for the creation of a "do-not-track" list that would protect registered users from online data collection. They argue that a list is needed because too many consumers won't or can't understand the methods behind online tracking. To illustrate, one of the organizations "pointed to a 2005 University of Pennsylvania survey in which only 25 percent of respondents knew that a Web site having a privacy policy doesn't guarantee that the site refrains from sharing customers' information with companies." But a do-not-track list is overkill, and a fearful reaction against emerging technologies. More »Data On Over 40,000 Patients Stolen From NYC Hospital
The New York Times is reporting this morning that an unnamed employee stole personal data on over 40,000 patients from NewYork-Presbyterian Hospital/Weill Cornell Medical Center. The theft "occurred over the past several years and included patients' names, phone numbers and Social Security numbers." As we've come to grimly expect in these cases, the hospital was made aware of the theft in January, and announced it publicly on Friday after an internal audit. "We obviously deeply regret that this has happened," said the hospital's spokeswoman, Ms. Manners. She also said that investigators are "looking into the possibility that the theft could be part of a larger criminal scheme." More »
good business practice
Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country, and on Friday they announced that they'd found credit card skimmers attached to three of their kiosks. What's surprising is that they 'fessed up so quickly, and in a highly public manner—they've got the text "SECURITY ALERT" at the top and bottom of their website, and the email they sent to their members is detailed, forthright, and helpful, and reposted in its entirety—along with photos of sample card skimmers—on their site. Attempts at identity theft no longer surprise us, but a competent handling of the issue by a company is pretty amazing.
More »
Redbox Shows Businesses How To Properly Handle A Data Breach
Maryland's Dental HMO Security Breach Was One Of Nearly 40 In The State Since January
A few days ago we linked to a Baltimore Sun article that investigated the recent accidental release of private patient data online by The Dental Network. Now the reporter who broke the story, Liz F. Kay, has contacted us with news that "this was the largest of nearly 40 breaches affecting Maryland residents" since a disclosure law went into effect in January:Thirty-nine businesses or groups have reported losses of sensitive information involving about 87,500 Maryland residents in the three months since a state law took effect requiring that people be informed of such incidents, records show.More »
CareFirst Dental HMO Exposes SSNs, Says You Should "Take It Seriously"
Last month, The Dental Network—a dental HMO owned by CareFirst BlueCross Blue Shield—discovered it had accidentally revealed personal data and Social Security numbers online for about 75,000 of its customers. It told the members about the screw-up three weeks later. "The company says that to its knowledge, no one has misused the information. But it says 'the risk ... should be taken seriously,'" and it's offering affected members one year of credit monitoring. After that, as you know, the thread of identity theft plummets. Wait, what? More »Are You Sure You Want To Add That Facebook App?
Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, "but this information could be used to mount large scale social engineering attacks if automated and coupled with other information." To illustrate how easy it is to change another user's settings, he pointed us to a YouTube example of how to change another users "mood" via the Mood app. More »
id theft
Chart: "10 Largest Data Breaches Since 2000"
The info-loving people at Flowing Data pulled the figures on data breaches (available at Attrition.org) and created a chart showing the top 10 biggest breaches in the past eight years. The most disturbing trend, which probably will surprise few Consumerist readers, is that the breaches are increasing in frequency. More »
oops
Medical Records Sold As Scrap Paper
A fourth grade teacher in Salt Lake City, Utah, bought a box of scrap paper for $20 and discovered it was actually a box of medical records of 28 patients from Central Florida Regional Hospital. The hospital shipped the box via UPS to an audit company in Las Vegas last December. The hospital claims it had been tracking the box since February, but hadn't told the patients. As for the teacher's class, her next assignment for the students will be, "Apply for credit card offers using SSNs from the scrap paper box." More »
xbox
Microsoft Doesn't Know Why You Can't Access Any Of Your Saved Games
Reader Brad took his XBOX Live Gamertag to a friend's house. When he got home, he realized that he'd forgotten his memory card (with the Gamertag on it) at his friend's place. More »
breaking
Massive North American Blackberry Outage
Blackberry smartphones are screwed up! There's a massive outage going on in "the Americas" says RIM. More »
privacy
US Customs Helps Itself To Your Electronics And Private Data
The Washington Post has an interesting article about a coming lawsuit against theMore »
A few months earlier in the same airport, a tech engineer returning from a business trip to London objected when a federal agent asked him to type his password into his laptop computer. "This laptop doesn't belong to me," he remembers protesting. "It belongs to my company." Eventually, he agreed to log on and stood by as the officer copied the Web sites he had visited, said the engineer, a U.S. citizen who spoke on the condition of anonymity for fear of calling attention to himself.







