Data Theft: Payout

Following the theft of credit card details in 2008 from TJ Maxx, TJ Maxx has been forced to payout a $9.75 million fine in a settlement with dozens of states in the US.  The scale of this fine is huge, especialyl consdiering the data was not lost, but stolen, and people have been convicted for it.

“The decision to enter into this settlement reflects TJX’s desire to concentrate on its core business without distraction and to promote cybersecurity measures that will benefit all consumers,” the company said in a statement.

TJX said the settlement’s costs are accounted for in a 2007 reserve it created.

Data Theft: RAF

It has just been reported that that the RAF data theft  in September 2008, was far worse than original reported and includes of drug use, debts and affairs about RAF officers, which is not  just embarrassing but could also be used to blackmail people.

To compound the problem this part of the data loss has only just been admitted.

According an “unnamed” Wing Commander who contacted the BBC the data theft not only include the usual information that we expect the government to lose, names, addresses, and bank details, but also “”details of criminal convictions, investigations, precise details of debt, medical conditions, drug abuse, use of prostitutes, extra-marital affairs including the names of third parties“.

This information would be there as it was part of the vetting procedure for those who work in classified areas. During the vetting procedures questions are asked about an individual’s personal life, so that detailed background checks can be made, the answers to those questions were stored on 500 files, it is these 500 files which were included in the theft of the USB drives.

Such detailed information would be excellent use for those who wish to threaten and/or blackmail RAF officers.  The RAF did not inform parliament, or the ICO, that such a data loss/data theft has occurred or possibly the police, though this not clear at this point.

In its typically bland statement the MoD stated that “All individuals identified as being at risk received personal one-on-one interviews to alert them to the loss of the data, to discuss potential threats and to provide them with advice on mitigating action,” the statement says….There is no evidence to suggest that the information held on the hard drive… has been targeted by criminal or hostile elements.”

While the statement does not reveal much it does tell us that the data was not encrypted, and thatthe RAF does not think a targeted theft of USB drives is criminal activity.

Again, the question has to be asked: If secret information about those who handle top secret information, from AWACs communications to battle plans for wars, is not encrypted and protected, what do they encrypt?

This is not the first time the MoD has lost data, nor failed to use encryption.

Data Theft: Data Theft Increases with predictions

Following KPMG’s predictions in early 2009 KPMG has worked with Mischon de Reya, the well known law firm, to create another report into data theft, by employees.

The statistics released include:

• 70% of corporate data theft cases the perpetrators were leaving an organization to go to a competitor.
• 14% involved accounts information, business plans or forecasts.
• Those caught stealing are most likely to justify their actions by saying the competitor already knew about the information (60%) or that the data was in the public domain (30%).
• 22% of cases surveyed involved women stealing data
• Since 2006 the number of cases of this nature handled by Mishcon de Reya has more than doubled from 20 in 2006 to 45 last year.

Dan Morrison, pictured inset, a partner in Mishcon de Reya’s stated that

Dan Morrison Partner at Mischcon

“The stolen data has often limited shelf life and employees realise they have to use the information quickly or they will lose their competitive advantage…Therefore when data theft is discovered or suspected, swift action is needed. At Mishcon de Reya the average time taken in a case of this nature from instruction to legal relief, whether in the form of restraining injunction, undertakings, damages or apologies, was just over 2.5 weeks.“

Interestingly a few years ago Mischon was quite close to the other side of a adata theft case,

Data Theft: Wolverine – Follow up

Wolverine, is a block buster.Fact.

It took $35 million in its first day, and $85 millon on its first weekend. The first day opening is comparable to that of Iron man,  which was launched in better economic times.

As of the 7th May total gross of the movie was $102 million. This brings Wolverine in at a higher level than the massive movies Lord of the Rings: Return of the King, Da Vinci Code,  Transformers, King Kong, or Pearl Harbor.

Why is this news for this site?

Because of the massive hype relating to the leaking of the unfinished movie prior to its public release and the alleged involvement of the FBI. The report of the Wolverine data theft made headlines around the world, but there has been no update on the findings of the investigation, no arrests, nothing. But the movie has made a lot of money.

Its hard to measure the economic effects of piracy on media sales, as people move between formats quicker than the industry, but if there was ever a case study this would be it, and Wolverine seems to be doing quite well.

Data Theft: Parliment

With the recent expose of politicians expenses, which came from a person taking data from Parliment, MPs want this leak stopped, and have apparently approached the police to investigate.

But, according to the Times, the in house legal team for parliament have told MPs that there is not a criminal offense, but rather a breach of contract.

This is wise advice, following the debacle of Damien Green.

The reason is that Section 55 of the data protection act, which effectively criminalizes data “theft” [strictly speaking its not theft, as no property has been stolen], has a provision that allows for data to be leak for public benifit. Section 55(2) (a) of the DPA  states that it is not an offence to if to take the data if in “the particular circumstances the obtaining, disclosing or procuring was justified as being in the public interest.” In addition to this the Data Protection Act was amended by Criminal Justice and Immigration Act, allowing leaking of information for journalistic purposes

Leaking of information can often have a benefit to a community, and thankfully UK law recognizes this, and the MPs are now realizing this.

As data about MPs is leaked, this once again reminds us why too much data about you, stored about the government, even if its technically legal (most expenses are “within the rules”) is not a good idea.
the person who duplicated the vast volume of MPs’ invoices and other material had committed a breach of contract but not a criminal offence.