TD Ameritrade follows www.monster.com ’s footsteps. About 6.3 million customer records were hacked, although TD Ameritrade states that the records did not contain social security numbers and account numbers. No other details around the incident were disclosed.
As a result of this customer have started receiving phishing emails, which could lead to identity theft.
In my opinion TD Ameritrade should send the customers a Internet security 101 course to protect them from identity theft and impending law suits.
The new Google Maps feature “Street View” could violate Canadian Privacy Laws, which state that “businesses first obtain consent from individuals before disclosing it”. The street level views also include individuals’ pictures making them identifiable. These pictures were taken without individuals consent. This feature is available for 9 major US cities, and the plans are in works to include major Canadian cities.
Good thing that Canadian Privacy Commissioner Jennifer Stoddart raised the alarm before this feature is enabled for Canadian cities. If everyone was so responsible this world would be a different place. Way to go Stoddart!
Finally, PATRIOT ACT is being scrutinized for being too one sided and not caring about an individuals privacy. The questions that are being asked are “should the ISP’s relinquish their customer records on a request from FBI” without proper paperwork. FBI has in issued NSL’s (National Security Letters) to get private & personal information from ISP’s, phone companies, and other public organizations. Use of NSL’s should be discontinued and a proper search warrant be issues via proper channels.
This highly intrusive program which violated personal privacy at every level has been abandoned, why? Because the genii (plural of genius) testing the application violated all security principles by performing test on REAL personal data. Known as ADVISE (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement) was initiated in 2003, it was to be used by DHS components, including immigration, customs, border protection, biological defense and its intelligence office.
Kudos to those who put this privacy intrustion to an end!
Wikipedia entry was updated and the wikipedia folks were able to trace the origin. This is one of the things I said in my blog earlier, how traceable your activity is on the Internet. If the folks at wikipedia were able to get into the machine they could get a whole lot of information which would help them pinpoint the individual.
Monster.com information theft was not realy a hack but more a case of identitiy theft. How so? well… some gullable individual working for a recruiter or in the HR department of a company managed to provide their credential via a PHISHING email. Once the hackers got hold of these credentials, they were able to use TROJANS to login and capture information. Even a US Government agency which uses monsters services for recruitment lost data this way.
This again gets back to the issue of “USER EDUCATION”, every organization is responsible for educating their employees. If the employer fails to do so, the legally they should be held liable for the resulting damages and not the employee.