Thursday 29 November 2007

Former DuPont scientist jailed for information theft

Gary Min, a former DuPont scientist, has just been jailed for 18 months for stealing confidential information. He downloaded 22,000 abstracts and 16,000 full-text documents over a five-month period before leaving the company. He subsequently uploaded 180 of these DuPont documents onto a corporate laptop from his new employer, Victrex, a competitor of DuPont. The information was valued at over $400million.

Apparently most of these documents were unrelated to his job at DuPont. You have to wonder why it took DuPont so long to spot this pattern and report him to the FBI, and why he had access to so much information.

It’s not quite on the scale of the UK’s HMRC fiasco, but it raises a similar question: why do employees get access to such a large quantity of information that’s not related to their jobs?

Wednesday 21 November 2007

You can’t steal what isn’t there

Yesterday’s story on the loss of 25 million child benefit records reminded me about the loss of more than 45 million customer records stolen from TJX, the parent company of retailer T.J. Maxx. The article, a while back, in Information Week describes it as the “largest breach of customer data”.

An interesting article, but the key point is right at the end: “With any luck, the TJX Effect will teach retailers this basic lesson: Thieves can't steal sensitive customer data if retailers aren't storing it.”

But governments have to store sensitive data -- they really do need to get things sorted, or the trust of the public will be lost forever.


Tuesday 20 November 2007

The HMRC leak – unbelievable

Really, words fail me. I’ve just watched on TV the UK chancellor Alistair Darling tell the House of Commons that this massive data leak (25 million people’s bank details etc) is due to HMRC staff not following procedures. Pardon me? Apparently it was sent via unrecorded post on unencrypted CDs.

Liberal Democrat acting leader Vince Cable asked why the data was posted on CDs and why HMRC didn’t have an electronic means of sending the information securely. He’s got a point.

I’m sure we’ll learn more soon.

AT&T lawsuits rumbling on

AT&T is one of the highest profile companies that’s been publicly identified as having committed an ILP faux pas – letting the cat out of the bag about alleged collusion with the US government in alleged illegal wiretapping (the lawsuits are still going on – so I’m going to use the word ‘alleged’ as often as I can just in case).

They must be regretting this a LOT! There’s an interesting article in the Guardian about this case and the general topic of privacy and how it’s changing in the electronic world.

Friday 16 November 2007

The customer is always wrong

Perhaps it’s stating the obvious, but good to have confirmation from high-paid consultants: Deloitte’s recent report says that people are the biggest security risk for financial institutions.

Well, they actually say it’s customers, and the report raises good questions about how far banks should go in being responsible for customers’ IT security, and points out that the financial institution must manage its third-party relationships or take the blame when things go wrong.

Out-law.com has a good write-up, including a link to the original report.

Tuesday 13 November 2007

Google adds outbound email security features

Since they bought Postini recently, Google hasn’t wasted any time adding their email security features to Google Apps (even if it’s only on the “Premier Edition” so far).

The press release from Google says the new features will “Centrally manage all outbound content policy, including adding footers to every message based on business policy rules, blocking messages with specific keywords or attachments, and preventing emails with sensitive company information from being sent.”

I had a dig around the Google page linked to from the press release, and the Postini pages it directed me too, and couldn’t find anything too specific about the outbound email filtering it mentioned, but it’s encouraging for those of us at the ILP coalface that the behemoth of Google is recognising the need for ILP tools. Will be interested to see how it works…