Information security analytics

An insider made use of private client information from the insurance company where she worked to purchase foreclosure property. The woman was only caught out after a complaint was made about prying phone calls.

A series of outsourcing agreements has led to the private data of Florida state workers being passed from one company to the next before a leak finally occurred at a firm in India. Now all those companies in the outsourcing chain face losing multi-million dollar contracts.

A number of analysts believe that any financial organization that manages to comply with all the regulatory acts and standards in force today can export their infrastructure and sell it to competitors. However, experts at InfoWatch point out that without taking the peculiarities of each individual company into account such measures will have no positive effects on attempts to achieve compliance.

A finalized version of the Basel II accord for U.S. banks has been released for comment. Banks will have to work with Basel I and Basel II simultaneously for one year before the Basel II provisions can be fully adopted. The full implementation of Basel II is due to begin in 2008.

The personal details of 20,000 Hong Kong residents who made complaints against the police were recently discovered freely available on the Internet. According to experts at InfoWatch, it is unlikely anyone will be complaining about the police in the near future because there are guarantees of confidentiality.

A bill passed by a U.S. Senate committee looks set to ban the sale of telephone records. If the law is adopted, the Federal Communications Commission would be able to impose hefty fines for the sale of other people’s records, as well as create a GLBA-type law for telecommunications, which will also entail huge fines for violators.

A former systems administrator who made copies of credit card numbers, passwords and other private details at Japan’s NTT Data has stolen over $260,000 from account-holders at Orix Credit Corp. According to InfoWatch experts, the incident is a typical crime perpetrated by an insider at a financial or IT company.

A U.S. House committee has approved a bill that would introduce a national standard for safeguarding personal information and monitoring data leaks. The law is aimed at protecting people from identity theft with the U.S. Federal Trade Commission authorized to impose penalties of as much as $5 million for violations. According to the experts at InfoWatch, it is by far the most effective private data bill to come out of the House of Congress.

Nokia has joined Sun Microsystems, Cisco, IBM and BP on the unenviable list of those affected by laptop thefts at Ernst & Young. The sheer scale of the data leaks suffered by just one company suggests that the thefts are not just opportunist crimes. InfoWatch experts point out that if the black-market value of all the lost information is calculated, then targeted thefts appear to be the most likely explanation.

This time the bill has come from the Financial Services Committee of the U.S. House of Congress. The draft legislation would allow companies themselves to decide whether or not to inform the public of a data leak. According to InfoWatch, the absence of even the most basic mechanisms of control over business activities in the case of leaks will simply lead to a wall of silence after every incident. The attempt by Congress to pass the law on data breaches has met fierce opposition from consumer groups who have called the bill the “worst data security bill ever."