The BBC spent £310,000 on private investigators between 2005 and 2011, director general Mark Thompson has revealed at the Leveson inquiry.
Thompson admitted at the inquiry on Monday that the BBC had used the convicted investigator Steve Whittamore and that the corporation has sought to get confidential information from the DVLA concerning the owner of a vehicle.
He said he believed there was a “strong public interest justification” for using Whittamore, who pleaded guilty in 2005 to illegally obtaining and disclosing information under the Data Protection Act.
The investigator was used by the BBC in 2001 when it was researching whether paedophiles convicted in the UK were able to or getting jobs where they would have access to or contact with children in other countries. At the time the corporation needed to establish whether “a known paedophile” was on a particular flight.
Thompson told Lord Justice Leveson the corporation had also used private investigator on one occasion to establish the ownership of a vehicle. Again, Thompson said the journalist involved “genuinely believed and with good reason that he was following someone who was involved … in a serious criminal conspiracy” and this justified the request for confidential information.
Read more…
As the U.S. invests billions of dollars to convert from paper-based medical records to electronic ones, has the time come to offer everyone a unique health-care identification number?
Proponents say universal patient identifiers, or UPIs, deserve a serious look because they are the most efficient way to connect patients to their medical data. They say UPIs not only facilitate information sharing among doctors and guard against needless medical errors, but may also offer a safety advantage in that health records would never again need to be stored alongside financial data like Social Security numbers. UPIs, they say, would both improve care and lower costs.
Privacy activists aren’t buying it. They say that information from medical records already is routinely collected and sold for commercial gain without patient consent and that a health-care ID system would only encourage more of the same. The result, they say, will be more patients losing trust in the system and hiding things from their doctors, resulting in a deterioration in care. They agree that it’s crucial to move medical records into the digital age. But they say it can be done without resorting to universal health IDs.
Read more…
A 20-year-old man is facing 24 counts of voyeurism after police found hidden cameras in his bathroom and a bedroom.
Paul Zajac, 20, was charged with 24 counts of voyeuristic recording of another person.
Zajac first appeared in court in April 2011 after a woman found a hidden camera in the bathroom of the home they both lived in.
Police say he was living with his pregnant girlfriend and her family in a home on Brook Street in South Windsor.
South Windsor police said he confessed to hiding the camera below the base board heater in the bathroom, and officers report finding evidence it was frequently turned on.
Read more…
Online shoe and clothing retailer Zappos.com has warned its users that it has suffered a massive data breach.
Up to 24 million customers may have been impacted by the security breach, which has forced the firm to reset the passwords of its customers.
According to the company, which is owned by Amazon.com, details stolen include names, email addresses, billing/shipping addresses, phone numbers, and the last four digits of customers’ credit card numbers.
In addition, password hashes were exposed.
So, you’ll have to change your Zappos password if you want to shop from the store again. And, actually, it would make sense to ensure that you are not using the same password anywhere else on the net.
Read more…
Eight police staff have lost their jobs after illegally accessing the confidential records of dozens of people on the Police National Computer.
Of the eight, one police officer and one community support officer (PCSO) are facing criminal charges after an investigation by Essex Police found them guilty of gross misconduct. Another PCSO has been cautioned.
All eight are alleged to have accessed the personal records of members of the public and passed on the information to people outside the force.
The force launched an inquiry after a whistle-blower told senior officers about ‘routine abuses’ of the computer system, which contains personal information on millions of people.
Essex Police have confirmed the officer and two PCSOs were arrested in December on suspicion of accessing confidential files in breach of the Data Protection Act.
Read more…
With over nine million followers, Ashton Kutcher is a powerful figure on Twitter.
A link or endorsement posted by the actor, who recently separated from Demi Moore, is something that many brands and websites would dream of, imagining the traffic that would come as a consequence.
So it’s perhaps no surprise to find that some mischief-makers might also delight in trying to hack into Ashton Kutcher’s online accounts, to see what trouble they could cause.
The “Two and a half men” star’s Twitter account posted some bizarre messages on Sunday, apparently confirming that he was in a romantic relationship with Lorene Scafaria:
First official sleepover with my girl @lorenescafaria so maybe breakfast with everyone next time! (@ Lorene’s House). [LINK]
and
Check out my new girl Lorene’s House (Los Angeles, CA) on foursquare. [LINK]
Read more…
Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called “an infestation” of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned.
At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college’s data security monitoring service detected an unusual pattern of computer traffic, flagging trouble.
It appeared at first that the problem was contained in a single computer lab at Cloud Hall on the Phelan Avenue campus, one of a dozen City College sites around the city. David Hotchkiss, the chief technology officer, immediately shut the lab down and reported the problem to Chancellor Don Griffin, General Counsel Scott Dickey and Board of Trustees President John Rizzo.
But a closer look revealed a far more nefarious situation, which had been lurking within the college’s electronic systems since 1999. For now, it’s still going on. So far, no cases of identify theft have been linked to the breach. That may change as the investigation continues, and college officials said they might need to bring in the FBI.
The college’s payroll, admissions and accounting systems have yet to be analyzed for the viruses.
Read more…
Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/01/12/MN4Q1MO9JK.DTL#ixzz1jP3ObQQk
A top federal prosecutor has a message for companies: If you’ve been hacked, tell us.
Speaking at a cyber security conference in New York on Thursday, Manhattan U.S. Attorney Preet Bharara said companies should trust in the discretion of prosecutors and the FBI and come forward with information about a security breach, rather than keep it an internal secret.
“When industry delays or minimizes, it is harder to assess vulnerabilities and harder to formulate solutions,” Bharara said. “When industry delays unduly in disclosing to us, or minimizes, it is that much harder to get the bad guy.”
Cyber security experts say that corporations rarely acknowledge breaches, and often keep them secret from law enforcement out of fear that news of a compromise will damage their reputation, hurt stock prices and possibly lead to further attacks.
Bharara addressed that fear, calling it unacceptable in the face of increasingly virulent cyber attacks.
Trying to maintain secrecy was “the equivalent of sticking one’s head in the sand,” Bharara said. “Get over it.”
Read more…
Israel said on Saturday the online publication of thousands of its citizens’ credit card details by a hacker who says he is based in Saudi Arabia was comparable to terrorism, and promised to hit back.
The data theft, which appeared to focus on commercial websites, was one of the worst Israel has said it has faced.
While government officials and credit card companies said the financial damage was minimal, the breaches were welcomed by the Palestinian militant group Hamas and have heightened concerns about the potential use of stolen information by the Jewish state’s foes.
Such cyber-attacks are “a breach of sovereignty comparable to a terrorist operation, and must be treated as such”, Deputy Foreign Minister Danny Ayalon said in a speech, adding that Israel had not yet ruled out the possibility that the hacking had been carried out by a group “more organised and sophisticated … than a lone youth”.
“Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action,” he said, without elaborating.
Read more…
Even though 2011 was an extremely active year on the information security and privacy fronts – with a blizzard of proposed legislation, near weekly front page data breaches and the continued full leap into the cloud with its securities issues – I predict that 2012 events across the privacy and data security landscape will make 2011 look like a walk in the park. A handful of thoughts on what 2012 may hold:
•The EU’s on deck Data Protection Regulation promises – or threatens depending on your viewpoint – to significantly revamp the EU’s data protection regimes, adding additional potential uncertainty to the EU arena. The leaked DPR indicated a new broad extraterritorial reach, stronger protections for children under 18, embracing privacy by design and the right to be forgotten, a requirement to designate a privacy officer, and increased enforcement powers and penalties. We’ll see what happens when the rubber meets the road.
•Will the final version of the HIPAA breach notification rule make a long-awaited appearance in 2012, along with guidelines per Stage 2 of the electronic record incentive program within the HITECH Act ? The smart money says yes, especially since Congress recently admonished DHS to hurry up already given that the “interim” rule has been around since 2009.
•The FTC plans to issue in early 2012 its finalized Privacy Report, formally titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” which I believe will have a significant impact on the 2012 privacy/infosec landscape. The draft version, issued a year ago in December 2010, immediately sparked wide-ranging conversations on Do-Not-Track, Privacy by Design, Fair Information Practice Principles, Geolocation and other privacy-related issues, many of which quickly found their way into 2011’s proposed bills. I expect the finalized report to be heavily influential on 2012’s infosec and privacy debates.
Read more…
International hacker group Anonymous claims responsibility for hacking and releasing information about members of the California Statewide Law Enforcement Association union.
Anonymous tweeted on Sunday around 8:20 a.m., “In case you missed it: CA Statewide Law Enforcement Agency (http://cslea.com) pwnt by #AntiSec.”
Anonymous released the names, addresses and phone numbers of members; plus, credit card information taken from the association’s online gift store was posted.
“California police have a notorious history of brutality and therefore have been on our hit list for a good minute now,” Anonymous posted on a forum, where they released the information.
Anonymous cited the death of Oscar Grant, police interaction with the Occupy movement, the prison death of George Jackson and conditions in California prisons and jails as evidence of police cruelty.
Read more…
A 52-year-old female police officer was the first cop to be arrested yesterday morning in connection with allegations of receiving illegal payments from journalists.
The unnamed suspect was questioned at an Essex police station before being bailed until a return date in April next year pending further inquiries, Scotland Yard said.
She was arrested “on suspicion of misconduct in a public office and offences contrary to the Prevention of Corruption Act 1906.”
It’s the eighth arrest under Operation Elveden – a police probe supervised by the Independent Police Complaints Commission that is linked to two other investigations.
Officers working on Operation Weeting are investigating alleged voicemail interception by people said to be working at – or on behalf of – the now-defunct News Corp-owned Sunday tabloid News of the World.
Read more…
