Revelations of parliamentarian’s past raises privacy question

April 24, 2014

Digging into the past of a political opponent has been a practice Read the rest of this entry »

Verizon releases its 2014 Data Breach Investigations Report

April 23, 2014

Verizon has been publishing annual reports of data breaches since 2000.  It is a very useful publication as it quantifies data breaches, security interests both overall and by industry.  It also maps trends and threats.  For those interested in information security and privacy it should be mandatory reading.  If there is any time left in the day the CISCO annual security report is also a very useful resource (found here).  Both are invaluable for privacy practitioners in preparing policies, training programs and protocols following the Privacy By Design methodology to comply with the Australian Privacy Principles in particular and the Privacy Act 1988 in general.

The 2014 Verizon report (found here) states that there have been 1,367 confirmed data breaches with 63,437 security incidents

The Canberra Times has piece on the report, Revamped Verizon security report to help funnel funds into the right holes, provides as follows:

Cyber security threats vary according to industry sector, a report has found.

After analysing more than 63,000 security incidents that took place in 2013, Verizon’s annual Data Breach Investigations Report, used by corporations and governments worldwide as a benchmark of cyber security, or lack thereof, has come to a new conclusion.

The 2014 edition released on Tuesday analysed more than 63,000 incidents and 1361 data breaches as reported by 50 organisations in 95 countries, including computer emergency response teams (CERTs) and law enforcement agencies.

Rather than isolating one or two main attack vectors, the analysis was able to Read the rest of this entry »

Department of Veterans affairs apologises for privacy breach

April 22, 2014

The Australian in Apology to veteran for privacy breach reports on what appears to be a fairly serious privacy breach by the Department of Veterans Affairs.

It provides:

THE Department of Veterans Affairs’ Affairs has apologised to a former army sergeant after a private company employed by the fed­eral government obtained confi­dential information about his claim for medical compensation.

The admission has brought Read the rest of this entry »

Royals and the Australian media – privacy issues to the fore

 The World Today has reported on the coverage by most media outlets in photographing the Duke and Duchess of Cambridge enjoying private time on private property, the Government House at Yarralumla, yesterday.  Quite disappointing given the World Today reports in Privacy debate swirls after Royal pics published that media outlets were specifically asked to respect the Royals privacy.  That request was clearly ignored.

The story provides:

ASHLEY HALL: A move by sections of the Australian media to broadcast private footage of the Duke and Duchess of Cambridge and Prince George has sparked another privacy debate.

The Royals are spending the afternoon in the Red Centre today. Yesterday was an official rest day, which they spent in the grounds of Government House at Yarralumla in Canberra.

But despite the appeals for privacy, images of the Duchess playing with her son and walking hand in hand with Prince William were broadcast on television news services last night and printed in Australian newspapers this morning.

The media outlets ignored a request from Kensington Palace not to use the images, as Stephanie Smail reports.

STEPHANIE SMAIL: Photographs and footage of the Duke and Duchess of Cambridge and their bouncing baby boy have flooded the Australian media since they arrived last week.

Their official outings have Read the rest of this entry »

Significant data breach to craft store chain in the USA leads to credit and debit card information of 3 milliion customers being stolen

April 20, 2014

On 26 January 2014, in Another data breach involving large US arts and crafts retailer, I posted on Michaels a craft chain store detecting a data breach. It had notified the FBI and was investigating.  There has been some further information provided.  In Michaels says nearly 3 million customers hit by data breach, the Washington Post reports that the data breach involved the theft of information from 3 million customers.  What is clear from the story is that the information security system was woefully inadequate and remained so for a month after the announcement of the data breach.

It provides:

Michaels has confirmed that credit and debit card information was stolen from 3 million customers who shopped at some of its stores during an eight-month period.

The craft-store chain initially confirmed Read the rest of this entry »

Canadian tax data stole through use of Heartbleed bug

April 17, 2014

In Canadian teen arrested for stealing tax data with Heartbleed the Age reports on a verifiable misuse of Heartbleed to steel personal data from the Canadian Revenue Agency.

It provides:

Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the Heartbleed bug to steal taxpayer data from a government website.

In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said this week about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site.

The suspect, Read the rest of this entry »

Hacking attack on UK medical group results in 480,000 patient records being accessed

The UK Telegraph reports in Hackers steal 500k patient records from Harley Medical Group that personal information relating to 480,000 patients of the Harley Medical Group have been accessed by hackers.  Medical records are defined as sensitive information in the Privacy Act 1988.  They are universally regarded as very confidential and the breach or misuse of medical files is generally regarded as in the category of the most serious privacy breaches.  Doctor patient confidentiality is part of the canon of medical ethics, has long been recognised at common law and, relatively, more recently received statutory recognition. That of course doesn’t prevent general practitioners and surgeons to make mistakes with patient records.  Where the real problems arise is the management of records by private health organisations, be they medical groups, insurers, hospitals or agencies and departments.  With those groups there is a danger of treating patient records as just another form of data.  Which they are most definitely not.  Regulators take a very dim view of data breaches of medical records.  As they should.  It will be interesting to see how the Privacy Commissioner exercises his newly acquired powers when there is a breach of medical confidentiality through a breach of security or other form of interferences with privacy.

The article provides:

The personal details of nearly half a million people considering cosmetic surgery may have been accessed by hackers Read the rest of this entry »

Heigal sues Duane Reade for breach of privacy arising from a retweet

April 12, 2014

The Washington Post in  Can Katherine Heigl really sue Duane Reade for tweeting her photo? Yes, and here’s why reports on Heigl suing Duane Reade for violating her privacy and using her image without her permission.

It provides:

If Katherine Heigl makes a Duane Reade run and the drug store’s Twitter account proudly tweets a photo of her in the act (in a “celebrities run errands, too, and at our fine establishment!” kind of way), can she sue them for $6 million?

The answer: Yes, she can. And she did. And she has a case.

“Love a quick run? Even @KatieHeigl can’t resist shopping ‘s favorite drugstore ” the Duane Reade account tweeted on March 18 with a link to gossip site Just Jared, which ran a paparazzi photo of Heigl outside the store in New York City carrying two shopping bags.

It makes sense if you Read the rest of this entry »

ACCC suffers privacy breach

April 11, 2014

The Age in Personal data exposed by ACCC security lapse reports on a privacy breach by the ACCC.

It provides:

Australia’s competition regulator has been hit with an embarrassing security lapse after its confidential email subscriber list was accidentally displayed on the internet.

The Australian Competition and Consumer Commission said Read the rest of this entry »

Heartbleed causing significant heartburn for internet security

April 9, 2014

There has been a major alert and scare about a discovered flaw in OpenSSL cryptographic software library which is used by a large number of websites.  It is reported in Web security in doubt after discovery of ‘Heartbleed’ flaw and Newly discovered encryption flaw a ‘big deal’, say security experts.  It has also been reported in the Drum in somewhat apocalyptic terms in A civilisation built upon software isn’t safe, which provides:

Go onto the web to check your bank balance Read the rest of this entry »