Information security analytics

Two former employees of mobile phone provider T-Mobile have been ordered by a court in the United Kingdom to pay £73,700 (approximately $120,000) for the theft of T-Mobile customers’ personal data.  The Chester Crown Court ordered David Turley and Darren Hames to pay £45,000 and £28,700 respectively, under confiscation orders, along with prosecution costs.   

HONG KONG - Hong Kong's privacy watchdog on Monday scolded four banks for releasing customers' personal data to third parties, accusing three of them of selling the information. The four banks – Citibank, ICBC, Fubon Bank and Wing Hang Bank – had all released customers' personal data, while Citibank, ICBC and Fubon Bank also used the information for financial gain, Hong Kong's privacy chief said.

Mike Sullivan reports on a huge data breach in the UK: A laptop holding the medical records of eight MILLION patients has gone missing. The computer vanished from an NHS building in the biggest-ever security breach of its kind. It went missing three weeks ago but has only just been reported to police. The unencrypted laptop contains sensitive details of 8.63 million people plus records of 18 million hospital visits, operations and procedures.

Some Toronto clients of Scotiabank are concerned about the possible misuse of their personal information after being informed by the bank that three CD-ROMs listing clients’ names, SIN numbers and registered account type and account numbers have gone missing. Michael Binetti, a lawyer who specializes in commercial litigation and competition law with Affleck Greene McMurtry LLP, received a call telling him about the missing information on Saturday.

New data protection laws intended to ease concerns over offshoring to India merely add complexity for outsourcers Those happy days are now gone. India has issued a new data protection law which will trap unwary offshore outsourcing projects. And two other key offshore outsourcing destinations — China and the Philippines — are both progressing their own sets of laws on data privacy.

LAND O'LAKES — A woman who worked at a Regions bank branch is accused of creating nearly 200 phony bank accounts using real people's names and information, filing fraudulent tax returns in the victims' names and then funneling the money to her boyfriend. All told, authorities say, Howayda Hamdan, 28, had more than $1 million in IRS refunds deposited into the various accounts. Her boyfriend, Hicham Abou El Faouatih, 32, withdrew more than $65,000 before the couple were arrested over the weekend.

THE Scottish Government has issued an apology after it inadvertently revealed the identities of more than 100 civil servants negotiating severance packages for themselves.  An e-mail sent to employees to update them on the government's early retirement and voluntary severance process displayed the e-mail addresses of all their colleagues who were receiving the same information.

MidState Medical Center has begun sending letters to 93,500 patients whose personal information may have been compromised following the accidental loss of a computer hard drive, the hospital said in a letter to employees Tuesday. The misplaced hard drive, which has not yet been recovered, contains patient’s names, addresses, birthdates, social security numbers and medical record numbers, hospital spokeswoman Pamela Cretella said.

AUSTIN — Texas Comptroller Susan Combs revealed Monday that the personal information of 3.5 million people has been inadvertently disclosed by her agency, making Social Security numbers, dates of birth and other data accessible to the public. The information was available on a publicly accessible computer server and included data transferred by the Teacher Retirement System of Texas, the Texas Workforce Commission and the Employees Retirement System of Texas.

A network engineer fired by fashion house Gucci has been charged with going on an IT rampage against his former employer in which he deleted data, shut down servers and left the company nursing an estimated $200,000 cleanup bill. According to the New York District Attorney's office indictment, 34-year-old Sam Chihlung Yin created a fake VPN token in the name of a non-existent employee which he tricked Gucci IT staff into activating after he was fired in May 2010.