Monday Morning News Kick Off: Bernanke ID Thief Gets 17 Years; Data Breaches From Malicious Attacks Doubled Last Year and More

Welcome to the Monday Morning News Kick Off post from the ITAC blog. As always, we have tried to compile the latest news regarding ID theft, cyber security and data breaches — a virtual repository for the most actionable news. This week’s post includes some news regarding the ID thief who stole Ben Bernanke’s wife’s identity, as well as an update on a report about data breaches resulting from malicious attacks. As always, please share your thoughts, feedback and ideas with us!

Leader of ID Theft ring That Ensnared Bernanke Gets 17 Years
A ringleader of a $1.5 million identity-theft ring that left Federal Reserve Chairman Ben Bernanke as one of its victims has been sentenced to 17 years in prison and ordered to pay back $1.4 million. Leonardo Zanders paid pickpockets and professional office employees to steal identifying information that he and others used to steal cash from bank accounts, authorities said. One of those pickpockets grabbed a pocketbook from Bernanke’s wife at a D.C. Starbucks. He then used her driver’s license and checkbook to cash $900 in checks from their bank account. Read the full Washington Examiner article here.

Survey: Data Breaches From Malicious Attacks Doubled Last Year
Data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches, according to a new Ponemon survey to be released on Monday. The incidence of malicious attacks rose from 12 percent in 2008 to 24 percent last year, according to the 2009 Annual Study: U.S. Cost of a Data Breach survey conducted by the Ponemon Institute and sponsored by PGP Corp. The cost per compromised record involving a criminal act averaged $215, about 40 percent higher than breaches from negligence and 30 percent higher than those from glitches, the survey found. Read the full CNET article here.

Heartland Moves to Encrypted Payment System
Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr. “End-to-end encryption is a good way to mitigate the risk of having the kind of compromise that we and hundreds of other companies have had,” Carr said in an interview. The company, which handles more than 4 billion transactions annually for more than 250,000 merchants, will be using Thales nShield Connect hardware security module along with Voltage Security’s SecureData encryption software as the basis of this capability. Read the full PC World article here.

Social Networking Site Breach Exposes Most Popularly Used Passwords
An analysis of more than 32 million exposed passwords revealed “123456″ as the most commonly used security code when logging into online accounts. Social networking services and customized widget company, Rockyou.com, suffered a data breach in December 2009. The breach included millions of people’s email addresses and passwords for Rockyou.com (and in many cases passwords and login details for associated social networking sites). The hacker responsible for the attack subsequently posted the full list of passwords on the internet. Read the full Independent Media article here.

Informing Victims of Identity Theft
Until recently, information assurance (IA) personnel and attorneys specializing in this area of the law have had to search for the appropriate governing laws for each jurisdiction. In this column, I review a valuable resource for locating the laws that apply to disclosure of personally identifiable information (PII) in each state in the United States and internationally. The first victim-notification law in the U.S. that required organizations to notify data subjects when PII records were compromised was State Bill (SB) 1386, the California Database Breach Act that came into force in 2003 and which was under review in 2009. Read the full Network World article here.

Happy Monday!