Monday Morning News Kick Off: Massive Hotel Data Breach, Twitter Settles With FTC Regarding Privacy Violations and More

Welcome to the Monday Morning News Kick Off post from the ITAC blog. As our faithful ITAC blog readers know, we like to start the week with a round up of all news related to identity theft, data breaches and cyber security. And, fortunately — or unfortunately, depending on how you look at it — there is never a shortage of news to cover. As always, we have a cornucopia of stories include a data breach at Antham Blue Cross, Twitter settling with the FTC regarding privacy violations, and Puerto Ricans being targeted in identity theft scams.

Anthem Blue Cross Cops to Massive Data Breach
A sloppy website upgrade is being blamed this week for a data breach that left the most sensitive personal information of more than 230,000 Anthem Blue Cross members exposed for more than five months. Anthem officials said its corporate website had been revamped in October by a third-party vendor that, according to the health insurer, failed to secure sections of the site to ensure visitors couldn’t access members’ medical records and Social Security numbers. “We were told by a third-party vendor that all security measures were in place,” Cynthia Sanders, an Anthem spokeswoman, said in a statement. As it turns out, visitors were able to access the personal information of the more than 230,000 people who had pending insurance applications in the Anthem system. Read the full eSecurity Planet article here.

700-Plus Credit Cards Stolen from Hotel
Computer hackers targeting travelers at luxury hotels across the country made off with hundreds of thousands of dollars during the past three months by breaking into the computer system of a national hotel chain and stealing the guests’ credit card information, Texas police officials told ABC News today. Destination Hotels & Resorts had its computer system hacked and the credit card data of more than 700 guests across the country was stolen, according to Austin, Texas, police. The Englewood, Colo., company manages more than 30 upscale hotels, resorts and conference centers in places such as Washington, D.C., Denver , San Diego, Santa Fe, Aspen, Colo., Los Angeles , Palm Springs, Calif., Houston and Lake Tahoe. Read the full ABC News story here.

FTC Says Current Privacy Laws Aren’t Working
A U.S. Federal Trade Commission representative delivered a stern indictment of current privacy laws last week, saying they fail to protect American consumers and instead place too much of a “burden” on them. The existing constellation of privacy laws, which relies heavily on disclosure of data collection and use practices and on informed consumer choice, “in some very basic sense isn’t working,” said Kathryn Ratte, a senior attorney in the FTC’s consumer protection bureau. “We’ve put too much burden on the consumers to understand these policies,” Ratte said here at an event organized by Canada’s privacy commissioner. “To compare the privacy policies of two companies is an almost impossible task.” Read the full CNET article here.

Twitter Settles F.T.C. Privacy Case
Twitter has settled a Federal Trade Commission investigation into the security and privacy protections it offers users, Brad Stone reports in The New York Times. For the last 11 months, the F.T.C. has been looking into two security breaches at Twitter in 2009 in which a hacker got access to the accounts of several prominent members, including Barack Obama, then the president-elect, and was able to read their private Twitter messages and send out fake messages from their accounts. The F.T.C.’s punishment was not severe. Twitter, based in San Francisco, agreed to set up a security program that will be audited by an outside company, and, according to the F.T.C.’s news release on the case, “will be barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy and confidentiality of nonpublic consumer information.” Read the full NY Times post here.

Puerto Ricans Targeted in Massive ID Theft Schemes
Born in a U.S. territory where he has lived all his life, Jose Marrero Rivera didn’t know his name and social security number were racking up thousands of dollars in unpaid charges in Chicago and Miami. The snack bar worker is one of thousands of Puerto Ricans caught up in a lucrative document-fraud scheme to hide illegal immigrants in the United States. They’re American citizens with Hispanic surnames. And their records — kept loosely in schools or church rectories, where they are easy to steal — draw as much as $6,000 on the black market. Only when police showed up at Marrero’s San Juan airport food stand to arrest him for car theft did he realize that identity thieves were upending his life. Read the full AP story here.