Beware the bear

A number of sorority sisters in the US have discovered that sometimes a teddy bear can be a trojan horse. In this case, it concealed a video camera but their suspicions were not piqued though the bear seemed to be travelling around their sorority house to get a better angle of the bathroom.

mcall.com - An extreme invasion of privacy:

"At first, the six women of the Alpha Sigma Tau sorority house at Moravian College thought little of the teddy bear that appeared in their shared bathroom.

The stuffed animal allegedly belonged to XXXXXXXX, the 26-year-old boyfriend of one of the girls, who had been staying at the house.

But over the course of two weeks in February, the bear reappeared in different locations, at times facing the shower, toilet and other corners of the second-floor bathroom at 1118 Main St., Bethlehem.

It wasn't until XXXXXX's girlfriend wanted to tape a TV show for her sorority sisters that she noticed something suspicious - an unfamiliar tape in the videocassette recorder. She pushed the play button, and images of her bathroom filled the screen...."

I think the moral of the story is that in an age of mini-electronics, you need to be on the lookout for anything suspicious, particularly in your bathroom. Update: I've removed the guy's name since the charges were later dropped.

Consumers don't know they are being tracked

The San Francisco Chronicle has published some findings from a study done by the University of Pennsylvania about consumer attitudes and understanding of, among other things, online privacy.

Surprisingly, consumers think the mere presence of a privacy policy is a promise not to share information. Au contraire.

You are being tracked:

"Joseph Turow, a University of Pennsylvania professor who co-authored the study with a pair of grad students, told me he was surprised by how little consumers understand the ways digital technology has altered the retail business.

'The 20th century was about the democratization of prices,' he said. 'We got used to the idea that you could see how much things cost and learn about the product. The digital age changes this.

'Increasingly, what's happening is that people are being tracked and prices are being individualized based on people's behavior and background.'

One of the scarier findings of his study, Turow said, is that three- quarters of all people believe that when a Web site has a privacy policy -- and virtually all do -- it means the site won't share your personal info with others.

In fact, just the opposite is true. Most privacy policies explain in dense, difficult-to-read language that people's data will be shared unless you go to the trouble of opting out from the practice...."

Incident: Jackson Community College computer compromised

Students at a community college in Michigan are being notified of a potential security breach:

Students worry about breach:

"Jackson Community College officials say measures have been taken to stop hackers from accessing computers.

By Andrea Yeutter

Daily Telegram Staff Writer

A security breach in Jackson Community College's computer system may have revealed the Social Security numbers of 8,000 JCC students and employees to a hacker who broke into the system from an external source on May 18.

The compromised computer was located in the Information Technology Office, according to the college. The computer had significant administrative privileges, including access to student and employee passwords, many of which were Social Security numbers.

Prior to the breach, student and employee Social Security numbers were used as default passwords for computer and e-mail accounts. Although college officials said they encouraged students and employees to change their passwords, many continued to use their Social Security numbers until the break-in occurred...."

Incident: Time Warner says data on 600,000 workers lost

Another incident involving missing backup tapes, this time involving 600K present and former Time Warner employees:

Time Warner says data on 600,000 workers lost:

"Time Warner reported Monday that a shipment of backup tapes with personal information of about 600,000 current and former employees went missing more than a month ago during a routine shipment to an offsite storage site...."

Surveillance tapes can be your friend

Thanks to Gerry Riskin for pointing me to this interesting story. He probably didn't think it had a privacy angle, but just about everything does these days...

Most commentary about video surveillance talks about how intrusive it is and how it invades privacy. But video can help the average person fight back against big brother.

A Toronto panhandler and a real estate agent friend have used in-store video surveillance to get back the homeless man's shiny red bicycle, which the Toronto Police had confiscated believing that that it must be stolen. (They also pepper-sprayed him, presumably because he got a little uppity at having his new bike taken from him.) The cops did not accept his tattered receipt as proof that the man had bought the bike from a local Zellers, so the homeless man and a friend went to the Zellers and got the video surveillance tapes that showed him buying the bike, not stealing it. The police have generously returned his bike (minus the lock). No word on an apology (and I'm not expecting one).

TorontoSun.com - Toronto And GTA - A rough ride:

"... Real estate agent Roderick Stewart -- a frequent contributor to Campbell's coffers over the last six months -- first heard the story Thursday when he walked by the panhandler in his usual haunts on Yonge St. south of St. Clair Ave.

"I believed him," Stewart said. "He knew dates and places so I checked it out."

Stewart, 47, went to the Zellers at Victoria Park and Danforth Aves. and staff there went through the surveillance tapes -- where they found visual evidence of Campbell buying the bike.

So Stewart took the tape and a duplicate receipt to the 55 Division police station at Coxwell Ave. and Dundas St. E. on Friday..."

What Europe can teach us about identity theft

Liz Pulliam Weston, in MSNMoney notes that the rates of ID theft in Europe are only a fraction of what they are in the United States and offers her reasons why:

MSN Money - What Europe can teach us about identity theft

• Security numbers are for Social Security -- period.
• Information is kept private.
• Credit bureaus aren't wide open.
• Credit isn't king.

Ironically, the ad that appears next to the article is for the "Loan Center" ... "Find the loan that's right for you".

Incident: Hacker Steals Personal Data From UC System

Yawn. Another university incident:

Hacker Steals Personal Data From UC System - Yahoo! News:

"Thousands of Tri-staters may be at risk after their Social Security numbers ended up in the hands of a computer hacker. News 5's Brian Hamrick discovered that hackers have been successful in the area before.

More than 7,000 employees at University of Cincinnati are worried about identity theft after a computer hacker stole their Social Security numbers.

UC Vice President of Information Technology, Fred Siff, said the hacker knew how to avoid intruder alerts on the system.

"This was obviously a serious breach," Siff said. "This is a very sophisticated hack. I hope that goes without question. It wasn't just somebody fooling around. This was very sophisticated, to be able to figure out how to piece different pieces of information together."

He also said the hacker's motivation was the Social Security numbers, which have a high value in the world of high-tech thieves.

"Anyone would not want someone to take their Social Security number and use it because a Social Security number is like identification. It's your personal identification that somone could use and mess up your credit. It could change your whole life," said Michelle Norflee, UC employee.

It's not just employees who are worried. News 5 uncovered evidence that some UC computers were sold with student Social Security numbers still on the hard drive. The mistake was found before the numbers were released, but that also forced a chance in computer security.

The case is now part of an FBI investigation and at least five other universities have seen similar crimes.

So far, no identity theft crimes related to the hack have been reported."

States Pass Privacy Laws

Network Magazine has an article on the eight states that have passed privacy laws similar to California's trail-blazing legislation:

Network Magazine's Weblog: States Pass Privacy Laws:

"States Pass Privacy Laws

As of today, eight state legislatures have passed privacy legislation, largely in reaction to the recent, well-publicized privacy breach incidents at ChoicePoint, Axciom, Bank of America, LexisNexis, and others (and more states are debating such laws). This morning I read the eight states' laws to compare and contrast and see what, if any, unusual requirements they might contain (yes, maybe I do need to get a life). Although these state efforts may one day be superseded by a national law proposed by California Senator Dianne Feinstein based on her state's privacy law, the laws are all similar enough that if you understand the state laws, you'll be ready for the new national rules.

California's, Georgia's, Illinois', Washington's and Arkansas' bills are almost identical.

Florida's and North Dakota's bills are tougher than the others. They both have a section that cracks down on those who willfully and fraudulently use or create personal identification information -- Florida's sets minimum prison terms for offenders -- that hopefully won't apply to your company. The rest of these two bills mirror the other state laws, except that Florida's sets fines for violators (see below). North Dakota's act was declared an emergency measure and takes effect today; Florida's bill takes effect July 1.

Montana's bill has extra provisions for credit reporting bureaus and credit card companies, otherwise it is similar to California law. It takes effect March 1, 2006.

Illinois' rule applies to government agencies, whereas Florida specifically exempts them. Otherwise the state laws share the following common requirements...."

Incident: Iowa University computer hacked

I am getting a little tired of reporting these university incidents ...

press-citizen.com | Local News:

"A University of Iowa Book Store computer containing credit card numbers and student and employee ID numbers was hacked into last month, the university said in a statement today.

The computer was "improperly accessed from outside the UI network" on May 18, the statement said. The university detected the breach later in the day. University Book Store staff shut the computer down and disconnected it from the network. The computer may have contained up to 30,000 active credit card numbers, UI said. The statement notes that no other UI departments that accept credit cards and/or ID charges are affected.

UI Police are investigating the incident with the help of two computer-security firms: VeriSign, the nation's leading Internet security company, and The Starken Group of Cedar Rapids. Their aim is to see if hackers were able to steal any personal information from the machine as well as to prevent a similar incident from happening again.

Credit card companies Visa and MasterCard are also involved in the investigation.

More information on the incident, including what you can do if you suspect your credit card information has been stolen, can be found at the book store's Web site at http://www.uiowa.edu/~ournews/bookstore/

For more on this story, see tomorrow's edition of the Press-Citizen and press-citizen.com."

Equifax looks like a good bet

According to CNN/Money, business is booming for consumer reporting agency Equifax. In fact, analysts say that the fear of ID theft is probably helping their bottom line: Equifax looks like a good bet - Jun. 1, 2005.