In Case You Didn't Know, Revealing Your Bank Info Isn't Very Smart

from the thanks-for-pointing-that-out dept

In the wake of various huge data leaks in the UK, TV presenter Jeremy Clarkson wrote a column telling people it was no big deal and revealing his bank account information -- insisting that the only thing anyone could do with that info was put more money into his account. It turns out (not surprisingly) that's not quite true... and Clarkson discovered that after someone used his bank details to donate £500 of Clarkson's money to a charity without his knowledge. To Clarkson's credit, he has apologized:

"I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account. The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again. I was wrong and I have been punished for my mistake. Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."

Add this story to the one about the CEO of an anti-identity-fraud company whose advertisements published his social security number... until that social security number was used for identity fraud.

17 Comments | Leave a Comment..

UK Gov't Loses Data on 25 Million People... Including Bank Details

from the we're-from-the-gov't,-and-we're-here-to... dept

At this point, you should probably just assume that all your private data is in the hands of someone who shouldn't have it. However, if it's not, you can rest assured that private companies and universities and government agencies are hard at work making sure they leak your data to someone who shouldn't have it. The latest takes place in the UK, where a gov't agency appears to have lost two CDs containing the personal details, sometimes including bank info, of all families with children under 16. Everyone involved seems to admit this is a colossal screw up, but that's pretty much what is said each time one of these happens, and yet we keep hearing of more. As per usual, the blame is being placed on "junior" staffers who supposedly didn't follow security procedures, so we'll probably see a few people fired and then we'll all forget about it for another month or so until the next big data leak comes along.

9 Comments | Leave a Comment..

MediaDefender Internal Email Leak Confirms Plans To Launch Honeypot File Sharing Network

from the oops dept

Back in July, there was a report that MediaDefender, a company that works for the MPAA and RIAA polluting file sharing networks with fake files, was working on a fake file sharing network that would trick users into downloading some spyware that could then be used to send details back to the entertainment industry for use in various lawsuits. After the news broke, MediaDefender denied that this was the intended purpose of the project, and said it was just an internal project that was accidentally made public. Speaking of internal stuff accidentally made public, late Friday the news began to spread that a bunch of MediaDefender's internal emails were now available on file sharing systems, and looking through them seems to indicate not only that MediaDefender was spending an awful lot of time on this fake site (called MiiVi.com) but even after it was exposed, the company was still working on it, while trying to find a new name that wouldn't be connected to MediaDefender. Of course, we should point out that hacking MediaDefender to get its internal emails (and phone calls, apparently) is not very smart. It makes MediaDefender start to look like the victim and opens up a very real (and reasonable) possibility of a lawsuit against whoever got (and then leaked) the emails. MediaDefender was a company that would have collapsed on itself eventually anyway. There's no reason to help push them over the edge -- especially using illegal or unethical means.

21 Comments | Leave a Comment..

Ohio State Data Leak Now About 16 Times Worse Than Initially Disclosed

from the fun-with-numbers dept

Back in June, the state of Ohio said it had lost the personal information of some 64,000 state employees, after a storage device was stolen from an intern's car -- which, apparently according to its security protocols, was a suitable off-site storage location. The state dutifully followed the usual plan of releasing another announcement raising the number of people whose information was lost, putting it at 500,000. Turns out that was a little conservative; the state now says the figure is closer to one million, nearly 16 times the original claim. The governor and his staffers claim that nobody appears to have used the stolen information yet, and that it would take somebody with "special knowledge and understanding" to access it. Of course, coming from a place where storing stuff in an intern's car is regarded as secure and safe, that claim doesn't carry a lot of weight -- nor does it make up for the egregious breach that occured.

16 Comments | Leave a Comment..