Information security analytics

The draft bill “On personal data” has been passed by the Russian parliament, the State Duma, at its second reading. A clause relating to the creation of a national register was excluded, though legislators left the way open for a special law on a national register. Experts at InfoWatch described the bill is an effective step towards a civilized form of privacy for Russian society.

Bisys Group has lost backup tapes containing the private data of 61,000 clients, and ADP Inc. has admitted it leaked the personal details of at least 140,000 investors. According to experts at InfoWatch, today data breaches have become such a regular occurrence that it is possible to talk of an epidemic. Two US finance companies have announced the loss of private data belonging to their hedge fund and brokerage clients.

With the recent death of Enron founder Kenneth Lay, experts at InfoWatch doubt that the US government will manage to seize the disgraced executive’s remaining assets. Sentencing was due to take place in September. The whole sum stemming from the collapse of Enron could now fall squarely on the shoulders of Jeffrey Skilling, who was convicted along with Lay. However, extracting the entire sum sought from Mr. Skilling alone will be very difficult, according to InfoWatch.

The Navy said a civilian Web site exposed personal data of 28,000 sailors and their family members and has launched a criminal investigation. A Navy spokesman said the site included names, Social Security numbers and birthdates. He said the information was in five documents that have now been removed. The official said there's no sign so far that the information was used illegally. The Navy is contacting people who are affected and encouraging them to keep an eye on their bank accounts and credit card statements.

Bank of China said it has no plans to list its shares on the US markets to avoid incurring 'unnecessary' additional costs related to the Sarbanes-Oxley law. The Sarbanes-Oxley Act, passed in the US to ensure that corporations meet prescribed accounting and reporting standards, was legislated in reaction to corporate misappropriations and malfeasance. Chairman Xiao Gang said at the company's A-share online roadshow that the bank would have no legal barriers to listing in the US, but compliance with the Sarbanes-Oxley law would have created unnecessary costs for the bank.

Atlanta-based credit bureau Equifax Inc., itself entrusted as a collector and distributor of confidential information, may soon be dealing with the effects of being a victim of identity theft. According to an AP report, an employee’s laptop computer containing Equifax employee names and Social Security numbers has been of an employee has been stolen from an employee traveling in the United Kingdom. Information for as many as 2,500 of the company’s more than 4,000 employees may have been obtained.

The U.S. Federal Trade Commission is notifying 110 people that two laptop computers containing their personal data were stolen from a locked vehicle. The information includes individuals' names, addresses, Social Security numbers, birth dates and "in some cases, financial account numbers," the regulatory agency said yesterday. The laptops are password-protected, and the FTC said it had no reason to think the data on the laptops, rather than the laptops themselves, was the target of theft.

Private data on about 6,500 former University of Kentucky students (dating back to 1988) have been stolen along with a flash drive. Experts at InfoWatch point out that all the details of the incident demonstrate a distinct lack of any IT security at the university. The University of Kentucky has sent out letters to 6,500 former and current students notifying them of a data breach. The letter from the university administration states that a flash drive stolen from a university classroom may contain the private data of the addressees.

The private details of 13,000 ING US Financial Services clients were on a laptop stolen from the home of a company employee. The company was affected by a similar incident last December. In both cases the data on the stolen equipment was unencrypted, though ING has stated it is changing this aspect of its IT security policy. According to experts at InfoWatch, action should have been taken before the first incident.

Thieves have stolen computer equipment containing the private records of 930,000 clients from the offices of U.S. insurance firm AIG. The insurer is now attempting to notify all those affected by the data breach and is setting up a call center to respond to any questions. According to the InfoWatch analytical center, the data leak is likely to cost AIG at least a few million dollars.