Wednesday, December 13, 2006

UCLA Reports Data Breach Affecting 800,000

UCLA has announced a security breach which may have allowed hackers to access personal information on 800,000 former and current students, parents of students, staff and faculty.

Given that this appears to be a deliberate attempt to access information held by the school from the outside, it raises more concern that the average lost laptop or other security breach. The school even said that the hackers seemed to looking for names and Social Security Numbers. UCLA said the FBI is investigating.

UCLA is notifying all the people involved. Many businesses in this situation offer the people notified free credit monitoring, but UCLA may consider that expensive. They are not required to do so by law.

Monday, December 11, 2006

U.S. Senate Passes Pretexting Bill

The Senate has passed a relatively uncontroversial bill which would criminalize obtaining another person's phone records without authorization.

This kind of so-called "pretexting" has been in the news lately, due to the scandal at Hewlett Packard.

A House version provides for fines of $250,000 and 10 years in prison, while the Senate bill provides for 10 years and $500,000.

Not in the bill are requirements to protect customer information or protections for other kinds of customer information.

Link to New York Times story:

http://www.nytimes.com/2006/12/09/business/09pretext.html?th&emc=th

Thursday, December 07, 2006

Hewlett-Packard Settles Privacy Charges with California for $14.5 Million

Hewlett-Packard will settle with the state of California charges that it violated the privacy of Board members. The company will pay $14.5 million in a settlement with the California attorney general over the company’s use of private detectives to

Certain executives authorized company employees to access phone records of members of the Board of Directors and journalists, while investigating alleged leaks of Board meetings and discussions.

Some former and current executives still face criminal charges in California for obtaining private phone records illegally, via pretexting,

Federal agencies are still investigating the company as well.