We’ve discussed phishing on this blog in the past, but a recent headline brings the concern back to mind. As expected, identity thieves continue to invent new ways to trick their victims. In this latest attack, phishing is elevated to “whaling” as attackers target executives at large companies. The current scam involves emails with a realistic looking U.S. federal court seal and a link to a subpoena.

Click to read more ...

CNET reports on a global survey conducted by Frost & Sullivan at the behest of the International Information Systems Security Certification Consortium (ISC)² regarding information security. The survey included feedback from approximately 7,500 information security experts and, among its conclusions, reported that 75% of the respondents believe viruses and worms are a top security threat, followed by hackers and inside employees. Additionally, among the top priorities facing information security professionals are protecting a company’s reputation from damage, customer privacy concerns and identity theft. Further, the respondents communicating the most concern for security threats are in the financial sector, including banks and insurance companies.

Of note, the Identity Theft Resource Center reports in the 2008 ITRC Breach Report, as of 3/31/2008, that there were 167 reported breaches for this time period. Of these, approximately 25% were in the educational industry and nearly 14% were in the healthcare field. So, while the financial sector may be focused on security threats, the educational and healthcare industries shouldn’t be far behind. For more on security threats, check out the security section of our blog.

By now, you have probably heard about the Hannaford breach.  Briefly, the supermarket chain suffered a breach of customer credit card data when thieves hacked into its computers to steal credit and debit card data in transit to the bank.  Unlike TJX, Hannaford was found to be in compliance with security standards set by the Payment Card Industry.  Even with this compliance, 4.2 Million records have been exposed and approximately 1,800 cases of fraud have been reported.  In addition, a class action lawsuit has been filed alleging Hannaford’s negligence in failing to maintain the security of customer credit/debit card info.

Click to read more ...

We’ve covered confidential source exposures on our blog in the past, but a recent case brings a particularly difficult aspect of confidential source protection to light. The case involves a USA Today reporter and her 2003 story regarding the letters poisoned with anthrax that were sent after 9/11 and resulted in 5 deaths. A federal judge has ordered the reporter to reveal her sources for that story to aid in a case against the government. The case was brought by one of the individuals named as a potential suspect in the anthrax letters investigation. The plaintiff was never charged with a crime but feels his privacy has been violated by the Justice Department’s and FBI’s disclosure of confidential info about him to reporters.

Click to read more ...

Is coverage for violations of privacy laws and regulations readily available?  The current marketplace does offer a variety of options when it comes to purchasing data privacy and security protections.  So, while you may easily find third party identity theft and security breach protections for your clients, coverage for privacy regulatory-imposed civil fines or penalties can be more difficult to secure. And if you do find it, it may only be available via endorsement.

Click to read more ...

NetworkWorld reports on Gartner’s 10 key predictions for information technology. The IT predictions range from events developing in 2008 to events in 2012. From an insurance perspective, perhaps one of the most interesting predictions is that 50 percent of business travelers will no longer travel with their laptops. The prediction suggests that pocket devices designed for web-based applications could make traveling with a laptop no longer necessary for many. If true, it could impact security risk, as many a case of reported Identity Theft exposure is linked to a lost or stolen laptop. If employees no longer travel with their laptop hard drives loaded with the personal info of customers, then maybe that portion of the ID theft risk could be minimized. Of course accessing applications via the Internet could create more opportunities for information to mistakenly be left publicly accessible online as well as create more interesting opportunities for web hacks. Learn more about security exposures on our blog and for examples of web hacks, visit the Web Hacking Incidents Database.

Is it okay for a company to take an image found on the Internet and freely utilize it for commercial purposes? Probably not. Although the Internet certainly makes it easy to post, share and download pictures, this online content is not necessarily free for the taking. Unfortunately, many companies do help themselves.

Click to read more ...