From SANS Newsbites Volume 9 Number 8. This goes to prove that this was probably the biggest issue of 2006 and will keep on being big in 2007.
Crazy stuff.
TOP OF THE NEWS
–Former Michigan County Treasurer Allegedly Embezzled State Funds to
Pay Nigerian 419 Scammers
(25, 24 & 17 January 2007)
Former Alcona County (Michigan) Treasurer Thomas Katona has been arraigned on nine felony counts of embezzlement and one felony count of forgery for allegedly embezzling state funds to the tune of US $1.2 million; some of the money was allegedly sent to 419 fraudsters in Nigeria. Authorities became aware of the situation when a local bank alerted them to unauthorized wire transfers Katona had directed. Bank officials had cautioned Katona on several occasions that he was falling for a scam, but he ignored their warnings. Katona also allegedly lost more than US $72,000 of his own money in the scam.
http://www.theregister.co.uk/2007/01/25/treasurer_accused/print.html
http://www.informationweek.com/showArticle.jhtml;jsessionid=UKVFNGXFCRYXIQSNDLPCKH0CJUNN2JVN?articleID=197000242
http://www.michigan.gov/ag/0,1607,7-164-34739_34811-160250–,00.html
[Editor's Note (Schultz): It is hard to understand how someone who ostensibly is an otherwise intelligent, responsible person could allegedly have fallen for such a scam in such a big way. This shows that despite the fact that 419 scams have lost much of their lustre, they nevertheless still pose a high level of risk.
(Liston): The common misconception is that 419 scams (and their ilk) are aimed at unintelligent victims. Mr. Katona, no doubt, saw the prospect of the 419 "windfall" as a way to cover up his alleged embezzlement, and let greed and desperation overwhelm common sense. Remember: scams are aimed at other human weaknesses -- not "stupidity."
(Grefer): FTC and State Department web sites provide additional guidance at:
http://www.ftc.gov/bcp/conline/pubs/alerts/nigeralrt.htm
http://www.state.gov/www/regions/africa/naffpub.pdf
(Shpantzer): These scams are profitable
http://www.theregister.co.uk/2007/01/02/money_launderer_caught/ and have resulted in domestic violence http://www.theregister.co.uk/2006/07/20/419_shooting/ and kidnappings/ransom/killings of those who travel to Nigeria to close 'deals' with the scammers.]
–Class Action Suit Files Against Chicago Board of Elections for Data Exposure
(23 January 2007)
A class-action lawsuit has been filed against the Chicago Board of Elections for sending out more than 100 CDs with sensitive, personally identifiable voter information to city aldermen and ward committeemen.
“The suit … alleges the board violated the Illinois Personal Information Protection Act” and seeks unspecified compensation for all Chicago voters whose Social Security numbers (SSNs) were compromised.
Other data on the CDs include dates of birth, addresses and phone numbers. The board is making efforts to get the disks back, but a board spokesperson maintains there have been no reports of associated identity fraud since the disks were sent out more than three years ago. The board is required by law to notify voters about the incident, but it plans to make the notification through advertising rather than by contacting each voter individually. The Personal Information Protection Act allows for this sort of notification; see Section 10 (c).
http://www.suntimes.com/news/politics/224519,CST-NWS-data23.article
Text of Illinois Personal Information Protection Act:
http://www.ilga.gov/legislation/publicacts/fulltext.asp?Name=094-0036&print=true
[Editor's Note (Liston): It is interesting to see the government's response to its own error and contrast that with the what we can only assume would've been the reaction if this had been a private firm's mistake.
(Shpantzer): This mirrors this week's leak investigation of the entire Israeli population data being given to the political parties in Israel, per Israeli law, facilitating democracy and election fairness. Where else is this happening, and what's being done about this unintended consequence?]
–Data Stolen from TJX Has Been Used to Commit Fraud
(25 & 24 January 2007)
The Massachusetts Bankers Association says customer data stolen in the TJX computer intrusion have been used in fraudulent activity. Close to 60 banks in Massachusetts have been contacted by credit and debit card companies regarding fraudulent activity on compromised debit and credit
cards. Banks in other states, including Vermont, Wisconsin and New
Mexico have reported issuing new cards. Canadian cardholders have been hit by fraud as well.
http://www.forbes.com/feeds/ap/2007/01/24/ap3359602.html
http://www.forbes.com/feeds/ap/2007/01/24/ap3357843.html
http://www.freenewmexican.com/news/55831.html
http://www.theglobeandmail.com/servlet/story/LAC.20070125.WINNERS25/TPStory/National
http://www.postcrescent.com/apps/pbcs.dll/article?AID=/20070124/APC03/701240643/1888/APCbusiness
–Delay In Reporting Xerox Laptop Loss Leads To Damage To Employees
(22 January 2007)
A laptop computer stolen from a Xerox human resources manager’s car in August 2006 holds information belonging to an unknown number of Xerox employees; nearly 300 employees received letters notifying them of the theft four months after the fact. Some of the employees had experienced credit problems in the interim; for instance, one individual said several cell phone accounts were opened in his name in the fall of 2006.
A spokesperson defended the company’s decision to delay notification, saying they wanted to determine whether any personal information was on the computer.
http://www.kgw.com/news-local/stories/kgw_012207_news_xerox_theft.cde8339.html
Vet
