From lyger at attrition.org Thu Feb 8 00:03:42 2007 From: lyger at attrition.org (lyger) Date: Thu, 8 Feb 2007 00:03:42 -0500 (EST) Subject: [attrition] "We recovered the laptop!" ... so what? Message-ID: http://attrition.org/dataloss/forensics.html Wed Feb 07 21:55:51 EDT 2007 Jericho and Lyger In May of 2006, the United States Department of Veterans Affairs publicly disclosed the fact that "Personal data on about 26.5 million U.S. military veterans was stolen from the residence of a Department of Veterans Affairs data analyst who improperly took the material home", prompting a mass concern that the information, if in the wrong hands, could have led to multiple cases of identity theft. At the very least, the fear that even a government entity could have let such sensitive data fall into the wrong hands led many to wonder about the data security of less protected sources. The additional fact that the breach wasn't disclosed for almost three weeks after the theft did little to initially ease those fears. Weeks later, the stolen laptop and hard drive were recovered from the back of a truck at a black market sale and sent to the United States Federal Bureau of Investigation for analysis. At the end of June 2006, the FBI issued a declaration that "the personal data on the hardware was not accessed by thieves" to which VA Secretary R. James Nicholson stated "This is a reason to be optimistic. It's a very positive note in this entire tragic event." The question that needs to be asked, however, is how could they be absolutely sure that the data wasn't accessed? Simply because the FBI said so? [...] From lyger at attrition.org Thu Feb 15 19:31:05 2007 From: lyger at attrition.org (lyger) Date: Thu, 15 Feb 2007 19:31:05 -0500 (EST) Subject: [attrition] rant: I read the news today, oh boy. Message-ID: http://www.pogowasright.org/blogs/dissent/?p=210 (Dateline Washington , D.C., January 6, 2031) The first session of the 122nd Congress opened today, with Senate leaders vowing that this would be the year that they would pass the Leahy-Specter Memorial Data Protection and Mandatory Breach Notification Act. Some Beltway insiders had suggested that previous failures to enact the legislation were due to the unpronouncabilty of "LSMDPMBNA," but others had suggested that until now, Congress's priority had been to debate how we landed up in wars with Iran, Korea, and Canada without Congress ever authorizing any of those wars. Over the holidays, members of Congress were shocked to read that unencrypted data on a laptop computer lost by a Kaiser Impermanente employee had been found and leaked to the media. The data revealed how Representative Kale Jackson.s daughter had had 4 elective abortions before the age of 15, how Senator Reid Smither's son had undergone inpatient treatment for early-onset Huntington's Chorea and narcotic abuse, and how Representative JoAnne B. Lane was currently under psychiatric treatment for depression following her recent divorce. [...] From lyger at attrition.org Tue Feb 20 21:06:33 2007 From: lyger at attrition.org (lyger) Date: Tue, 20 Feb 2007 21:06:33 -0500 (EST) Subject: [attrition] Why we do this Message-ID: http://attrition.org/dataloss/why.html Tue Feb 20 21:01:22 EDT 2007 "Will you remove an entry from the Data Loss web page or DLDOS?" On a few occasions, Attrition has been asked if we will remove a data loss entry. In many cases, a company's representative feels that since the incident wasn't conclusively proven to have had personal data compromised, it's imperitive that the listing of the company come down as well. While this is certainly understandable, Attrition will not remove entries of companies with potential data loss incidents. There are several reasons for this -- primarily, Attrition's web page and database are services to the security community, just as a news outlet is. We report on data loss incidents, either confirmed or in question. As part of our reporting, we gather statistics and serve as a record. Attrition's statistics, for instance, are a very valuable part of the service we provide. Our staff are often questioned on the subject of data loss incidents and current trends in the subject matter, and we have been even been asked by the United States government to assist with research regarding said incidents. [...] From lyger at attrition.org Sun Feb 25 18:16:40 2007 From: lyger at attrition.org (lyger) Date: Sun, 25 Feb 2007 18:16:40 -0500 (EST) Subject: [attrition] postal: so double the killer delete select all Message-ID: http://attrition.org/postal/p0013.html 1 in 2903840293842938023 but she was almost 16, officer... lurvin malvu hit all three, win a prize lady blog problems (was re: tard) stalkerz neurological disorders indeed highly compressed finally, a nice one one smart puter