U.S. law allows whistleblowers to collect 30 percent of any taxes recovered as a result of their information, and it seems that one disgruntled computer technician is taking advantage of the program. Meet Heinrich Kieber, a nefarious criminal-type turned “good guy” who will be testifying in front of the “Senate’s Permanent Subcommittee on Investigations Thursday via a video statement from a secret location,” according to ABC News. Mr. Keiber is from Liechtenstein, a tiny country with very secretive banking laws. He stole banking information that showed how the world’s super-rich were skirting their countries tax laws. Keiber then sold the information to tax authorities in 12 countries, including the U.S, hence the whole “secret location” thing.
data
Don't Live Near A Big City? Here's Something You Should Know Before Upgrading Your iPhone
The new iPhone is 3G–but AT&T’s 3G network isn’t exactly “nationwide,” so you might want to check the coverage map to make sure that there’s a 3G network in your area.
Curves Leaves Working Computer Full Of Personal Information In An Office Dumpster
UPDATE: Adam has been in contact with the owners and has posted an update on his site.
Geek Squad Backs Up Your Desktop Shortcut Instead Of Your Data
Reader Mike consulted Best Buy about removing a Trojan that was infecting his computer. They suggested that he buy an external hard drive, pay Best Buy to back up his data, and use his computer’s restore disc. Mike agreed. 5 days later he got his computer and his external hard drive back — mostly empty, except for the shortcut to the folder where the data was stored. None of the files within the folder had actually been transferred.
Pop Quiz: Can The Pizza Delivery Place Sell Your Personal Information Without Your Consent?
You need the express written consent of Major League Baseball to do pretty much anything to a baseball game, but does your pizza place need your permission to sell your personal information (name, address and phone number) to the highest bidder? Take a guess. The answer is inside. Cheating is easy, but in poor taste. (For the purposes of this quiz, you live in California.)
RadioShack Won't Give Refund On Cash Purchase Unless You Show Your Papers
RadioShack’s whole collecting-your-personal-data nonsense is old news, but it’s not just for purchases anymore. When Pete tried to take back some potentiometers he’d paid for the day before with cash, the clerk refused to give him any sort of refund—even a store credit—without Pete’s physical address.
It's Easy To Access Random Customer Info With Best Buy URLs
Cole discovered that by simply incrementing a numerical string by one in a url Best Buy sent out, he could pull up screen after screen of random customer info. Fortunately, all he could see were customer names, their home addresses, and their order numbers. It’s still surprising that Best Buy—or more specifically, Postpublisher.net, the email company they outsourced this to—wasn’t more careful with customer security.
The BBC Writes Application That Steals Personal Info From Facebook
Feel wary about giving applications access to your Facebook page? Worried one of those quizzes or games might be maliciously harvesting your data? You were right to worry. The BBC had the same idea, so they decided to write a program to do just that. And it worked. Not only did it steal the data of Facebook users who installed the application, it also victimized all of their “friends.”
Job.com Refuses To Delete Your Private Information
Dan is pissed because Job.com won’t remove his…
FreeCreditReport.com Doesn't Practice Good Security Hygiene
You’d think a credit monitoring service—even one as skeevy as freecreditreport.com—would take great pains to keep up the appearance of security and confidentiality. You’d be wrong. When Brian called to cancel their service he was asked to call out his social security number and his mother’s maiden name, even though it turned out they could easily access his account and cancel his service with only his phone number and birthday. Oh, and the first CSR hung up on him, but (sadly) that’s not really very newsworthy anymore.
Should The Government Set Up A "Do-Not-Track" List?
One of the most popular sentiments expressed by readers on our blog is “be a smart consumer.” Now two privacy advocacy organizations are calling for the creation of a “do-not-track” list that would protect registered users from online data collection. They argue that a list is needed because too many consumers won’t or can’t understand the methods behind online tracking. To illustrate, one of the organizations “pointed to a 2005 University of Pennsylvania survey in which only 25 percent of respondents knew that a Web site having a privacy policy doesn’t guarantee that the site refrains from sharing customers’ information with companies.” But a do-not-track list is overkill, and a fearful reaction against emerging technologies.
Data On Over 40,000 Patients Stolen From NYC Hospital
The New York Times is reporting this morning that an unnamed employee stole personal data on over 40,000 patients from NewYork-Presbyterian Hospital/Weill Cornell Medical Center. The theft “occurred over the past several years and included patients’ names, phone numbers and Social Security numbers.” As we’ve come to grimly expect in these cases, the hospital was made aware of the theft in January, and announced it publicly on Friday after an internal audit. “We obviously deeply regret that this has happened,” said the hospital’s spokeswoman, Ms. Manners. She also said that investigators are “looking into the possibility that the theft could be part of a larger criminal scheme.”
Redbox Shows Businesses How To Properly Handle A Data Breach
Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country, and on Friday they announced that they’d found credit card skimmers attached to three of their kiosks. What’s surprising is that they ‘fessed up so quickly, and in a highly public manner—they’ve got the text “SECURITY ALERT” at the top and bottom of their website, and the email they sent to their members is detailed, forthright, and helpful, and reposted in its entirety—along with photos of sample card skimmers—on their site. Attempts at identity theft no longer surprise us, but a competent handling of the issue by a company is pretty amazing.
Maryland's Dental HMO Security Breach Was One Of Nearly 40 In The State Since January
A few days ago we linked to a Baltimore Sun article that investigated the recent accidental release of private patient data online by The Dental Network. Now the reporter who broke the story, Liz F. Kay, has contacted us with news that “this was the largest of nearly 40 breaches affecting Maryland residents” since a disclosure law went into effect in January:
Thirty-nine businesses or groups have reported losses of sensitive information involving about 87,500 Maryland residents in the three months since a state law took effect requiring that people be informed of such incidents, records show.
CareFirst Dental HMO Exposes SSNs, Says You Should "Take It Seriously"
Last month, The Dental Network—a dental HMO owned by CareFirst BlueCross Blue Shield—discovered it had accidentally revealed personal data and Social Security numbers online for about 75,000 of its customers. It told the members about the screw-up three weeks later. “The company says that to its knowledge, no one has misused the information. But it says ‘the risk … should be taken seriously,'” and it’s offering affected members one year of credit monitoring. After that, as you know, the thread of identity theft plummets. Wait, what?
Are You Sure You Want To Add That Facebook App?
Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, “but this information could be used to mount large scale social engineering attacks if automated and coupled with other information.” To illustrate how easy it is to change another user’s settings, he pointed us to a YouTube example of how to change another users “mood” via the Mood app.
Chart: "10 Largest Data Breaches Since 2000"
The info-loving people at Flowing Data pulled the figures on data breaches (available at Attrition.org) and created a chart showing the top 10 biggest breaches in the past eight years. The most disturbing trend, which probably will surprise few Consumerist readers, is that the breaches are increasing in frequency.
