Information security analytics

A world-renowned hospital in the U.S. has been mistakenly sending sensitive patient details to a bank that has absolutely nothing to do with the hospital or its patients. Staff at the bank contacted Brigham and Women's Hospital almost every week for the last six months asking for the faxes to be halted.

Companies often lose magnetic tapes with confidential information. But just what are the chances of that information causing anyone any harm? Information security experts at InfoWatch believe the chances of that data being used for illegal purposes are about the same as the chances of winning the lottery or being struck by lightening.

Russian parliamentarians have raised fears that recent draft laws on information will result in the state creating digital dossiers on private individuals. A government spokesman has already played down those fears, saying there will be no electronic profiles of Russian citizens and all other personal data will be well protected. However, it is precisely this aspect that security experts at InfoWatch say poses the greatest threat – the accumulation of huge quantities of private records is like a time bomb just waiting to detonate.

The state of Washington looks set to adopt a bill outlawing the sale of private cell phone records over the Internet. The bill could serve as a prototype for a federal law to protect private data related to cell phone use. InfoWatch experts believe the legislation, which envisages fines of $10,000, will snip the trade in telephone records at the bud.

A survey conducted by AMR has revealed that companies are spending $1 million for every billion dollars in revenues in order to comply with the Sarbanes-Oxley Act. According to the AMR Research findings, the total cost of complying with the Sarbanes-Oxley Act has reached $14 billion and is expected to exceed $20 billion by the end of 2006. The spending breakdown for this year is expected to be 39 percent for labor, 32 percent for technology, and 29 percent for out-sourced services.

The latest leak of confidential information from Russia's Central Bank has resulted in the bank's database of money transfers for the first quarter of 2005 going on sale. Two similar incidents took place in February and May of last year, but in October the Central Bank announced that it had plugged all the possible channels of leaks. Experts at InfoWatch stressed, however, that the database currently being sold on the black market could well have been stolen 5-6 months before the October announcement and that there were no grounds to doubt its validity.

Offers of free bank transaction monitoring and insurance against identity theft have been made to 19,000 former and current employees at Honeywell International after their Social Security numbers and bank account details were posted on the Internet. Honeywell International, the industrial and aerospace conglomerate, has offered 19,000 of its former and current employees one year of free bank account monitoring and insurance against identity theft after personal information was leaked from the company. The company currently has 120,000 employees.

A bill put forward for consideration in the U.S. state of Colorado sets out tough new regulations for database operators in the event of a leak. Companies would be required to inform victims either in letter or electronic form, or even via state-wide media in the case of a major leak. However, the formulation of the draft law leaves businesses a significant loophole:

The third largest mobile telephone operator in the U.S., Sprint Nextel, has filed a lawsuit against All Star Investigations alleging that the firm fraudulently accesses and sells private telephone records on its sites detectivesusa.com, miamiprotection.com and privatedectivesusa.com.

An attempt to recycle documents at two newspapers belonging to the New York Times has ended in the private details of 240,000 subscribers being compromised. Routing slips on 9,000 batches of newspapers were found to have readers' credit card and bank account details on the reverse side.