April 2, 2009
Chris Ogle from Whangerei in New Zealand got more than he bargained for when he bought an MP3 player from an Oklahoma thrift shop for $18. Among the music playlists on the device was a list containing 60 files in total, including the names and personal details of American soldiers.
Some files contained telephone numbers for soldiers who were posted to Afghanistan and Iraq. Some were even marked with a warning saying the release of its contents is “prohibited by federal law”. There are also details of equipment deployed to the bases and private information about soldiers, such as social security numbers and even which ones are pregnant.
November 25, 2008
The UK Information Commissioner is to be given sweeping new powers to fine those in Whitehall and private companies who deliberately or recklessly lose confidential personal information, Jack Straw, the justice secretary, disclosed yesterday.
The level of fines, which is still being negotiated, could in the worst cases run to millions of pounds.
Straw is also considering a ban on the sale of information from the electoral register, after more than 1,600 complaints to the information commissioner about the online misuse of people’s details. They included a police officer whose family’s name and address, along with a map to their house, appeared on a website, along with details of somebody who had been a victim of identity fraud.
Richard Thomas, the Information Commissioner, has said the ready availability of so much personal information is a threat to privacy, and sometimes to security.
November 24, 2008
The Pentagon has banned introduced a ban on USB flash drives and other portable devices due to a virus threat to Defense Department networks in the US.
While the bank has not been publicly acknowledged, messages were apparently sent to department employees informing them of the new restrictions. Under the new rules, USB drives that had been issued to staff or purchased privately are being collected from their owners.
According to reports, there is no news on how long the ban will last.
Perhaps defense IT specialists would be interested to learn that solutions exist to prevent unwanted content from USB sticks getting onto the corporate network or - perhaps even more importantly - being used to copy sensitive material from the network?!
September 25, 2008
Nearly four out of five people in Britain don’t trust the organizations that hold their personal data to keep it safe. Of more than 1,600 individuals questioned, some 89 percent believed that reckless data security breaches should be a criminal offense. The majority of respondents felt that those guilty of avoidable data security breaches should be imprisoned.
93 percent of those surveyed said they would not be willing to give their personal data to an organization that had already reported a previous security breach.
September 16, 2008
UK newspaper, the Daily Mail, has revealed that a police officer in the West Midlands has lost a 4GB memory stick reported containing top-secret information on terror suspects. The device was lost when the officer took the device on patrol.
At least one property has been raided in the search for the lost USB stick, but so far it has not been found.
Although police would not confirm it, the newspaper believes the device held information on a number of suspected terrorist cells being monitored by police.
There is no word - and hence nothing to suggest that the data held on the USB was encrypted, meaning that anyone who now has the device has access to some potentially highly-sensitive data. The security breach is serious enough that the UK Home Secretary, Jacqui Smith has been informed.
This is yet another high-profile example of how allowing sensitive data to be copied to inherently insecure devices, with no security precautions, can be a seriously risky practice.
