Privacy Roundup #0017 • December 2007
December 2007 closed a grim year for personal data, as a fresh wave of lost British discs and laptops met social-network tracking, advertising mergers and a global surveillance league of shame.
1. MI5 warns over China hacking menace
The director-general of MI5 wrote to 300 British chief executives warning of electronic espionage attacks traced to Chinese state organisations. Firms including Rolls-Royce and Royal Dutch Shell were named among the targets of the coordinated intrusions.
2. IT pro admits stealing 8.4 million consumer records
A database administrator at Fidelity National Information Services pleaded guilty to stealing more than 8.4 million consumer records over five years. He sold the names, addresses and financial details to a data broker for 580,000 dollars, where they were used for direct marketing.
3. Privacy breach nuked in Canadian passport site
An Ontario man found that altering the address in his browser made the Passport Canada website hand over other applicants' details. The exposed records included names, addresses, driver's licence numbers, birth dates and even firearm ownership status.
4. Information Commissioner faces MP grilling
Information Commissioner Richard Thomas was summoned before the Justice Committee to answer for the data failures at HM Revenue and Customs and other departments. The session proved awkward after the Daily Telegraph revealed it had gathered enough public information to duplicate Thomas's own identity.
5. ICO warns of more datagate breaches
Richard Thomas told Parliament that further government departments might have lost personal data following the HM Revenue and Customs scandal, though none on that scale. The Telegraph separately warned that the missing child benefit discs could expose people in witness protection to criminals.
6. Facebook chief capitulates again on Beacon
Mark Zuckerberg apologised for the Beacon system that broadcast members' web purchases to their friends, admitting the company had done a bad job with the release. Facebook bowed to the privacy outcry by letting users switch the advertising feature off completely rather than fending it off site by site.
7. Top-secret US labs penetrated by phishers
Oak Ridge and Los Alamos national laboratories were hit by a coordinated phishing campaign that tricked staff into opening malicious attachments. At Oak Ridge the intruders reached a database holding fourteen years of personal information on laboratory visitors.
8. DVLA coughs to data slip
The Driver and Vehicle Licensing Agency admitted that at least 100 survey mailings had reached the wrong recipients. The misdirected letters carried names, addresses, dates of birth, licence numbers and motoring offences, which the agency blamed on human error.
9. UK government loses driver identity data
The Driver and Vehicle Licensing Agency mislaid two unencrypted discs holding the names and addresses of more than 6,000 Northern Ireland motorists. The discs vanished in the post at a Coventry sorting centre, weeks after the far larger child-benefit loss.
10. Citizens Advice owns up to laptop loss
A laptop holding around 60,000 client records was stolen from a worker's car in Northern Ireland. The files contained names, addresses, dates of birth, national insurance numbers and, in some cases, bank account details.
11. Merseyside health authority gives away staff data
Sefton Primary Care Trust accidentally sent thousands of employee records to four organisations bidding for work with its sexual health department. The leaked files held dates of birth, national insurance numbers and salary details.
12. Police give up on lost CDs
Authorities abandoned the search for the missing child benefit discs holding 25 million records and instead promised tighter handling rules. Ministers blamed a junior civil servant even though the unencrypted data had been posted more than once after requests for partial extracts were ignored.
13. UK driver details lost somewhere in America
A hard drive with the personal details of three million British driving theory test candidates disappeared from a contractor's facility in Iowa. Transport Secretary Ruth Kelly told Parliament the records spanned three years and included names, addresses and phone numbers.
14. New Trojan preys on commercial banking customers
Researchers uncovered a banking variant of the Prg Trojan that hijacked online sessions to wire money to criminal accounts. The malware, blamed on a Russian gang, hit business customers of about twenty banks across the United States, the United Kingdom, Spain and Italy.
15. Parliament loses its own security data
A laptop holding information about the Palace of Westminster's security systems went missing from the office of the Serjeant at Arms. The loss exposed weaknesses in the parliamentary estate's own handling of sensitive access data.
16. FTC rubberstamps Google DoubleClick merger
The Federal Trade Commission voted four to one to clear Google's three-billion-dollar purchase of DoubleClick after an eight-month inquiry. Dissenting commissioner Pamela Jones Harbour warned that combining the two firms' data would create an unmatched database of consumer intentions.
17. Skipton owns up to lost laptop security woes
Skipton Financial Services lost a laptop containing the records of 14,000 customers after it was stolen from a contractor's locker. The machine held names, addresses, national insurance numbers and investment details, and although password protected it was not encrypted.
18. Gmail exploit aids domain hijack
A web designer lost control of his domain after attackers exploited a Gmail flaw that silently forwarded his messages to a third party. The intercepted mail let the hijackers seize his domain and demand a ransom before Google patched the hole.
19. Australian government pushes mandatory net filters
The incoming Labor government announced plans to force internet providers to filter pornographic and violent content for every household. The clean feed would be switched on by default, leaving users to opt out rather than opt in.
20. UK shamed in world privacy league
Privacy International placed the United Kingdom among the worst nations in its annual surveillance index, grouping it with China and Russia as an endemic surveillance society. The report cited the country's camera networks, mishandled government data and identity card plans.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: