Updated every Tuesday evening, circa 11 p.m. ET. Links may require registration/subscription.
Results
A breach at Certegy Check Services Inc., a unit of Fidelity National Financial Inc. of Jacksonville, Fla., apparently has not led to any identity theft.
"This breach
Fidelity National said this month that a Certegy employee stole 2.3 million account numbers and sold them to marketers; he has since been terminated.
The companies that received the information have agreed to delete it, Fidelity National said. But analysts said that since the information had already been exposed, it still could lead to fraud, even though the employee who stole it did not pass it along directly to fraudsters.
Certegy said that more than 44,000 consumers who were affected by the breach have contacted it to sign up for the credit-monitoring service it is offering them.
Trends
Much employee fraud at financial institutions occurs because technology
Actimize Inc., a security technology vendor, surveyed 40 financial institutions in the United States and United Kingdom and found that 85% have had a case of employee fraud, and 65% said that the industrywide problem is getting worse.
More than half the respondents said that organized crime and easy access to technology are contributing to the problem. More than half also said that up to half of the fraud taking place at their company remains undetected.
Techniques
A series of e-mails duped many people into giving out personal information online, but the e-mails were sent not by phishers, but
The researchers conducted several such studies over the past two years, sending unsuspecting people e-mails seeking sensitive personal information, much as actual phishing scams do. The researchers said they did not store the information they received, but kept only a record of whether the victim fell for the scam, the Associated Press reported Monday.
The study was legal — researchers are allowed to be deceptive in their work, as long as participants do not suffer more harm than they would outside the study.
Lorrie Cranor, who directs an anti-phishing group at Carnegie Mellon University in Pittsburgh, said she advocates controlled laboratory studies instead of the methods used by the Indiana University researchers.
However, it is most important to resist storing the information participants are tricked into providing, she said. "You don't want to be responsible for holding a list of people's Social Security numbers."
The person who leaked digital images of the seventh and final Harry Potter book may be caught not by magic, but by the
The book was not meant to be released until July 21, but someone used a Canon Rebel 300D digital camera to photograph the 750-plus pages and uploaded them to the Internet five days before the release date.
Though the pages are sometimes blurry and barely legible, the pictures' "metadata" — the information kept in some files detailing the time and nature of its creation — was crystal clear. Every image was marked with the camera's serial number, the Electronic Frontier Foundation, a nonprofit advocacy group, reported last week in the Deep Links column on its Web site. "It may be, then, that the leaker can be traced."
For example, if the camera's owner sent in the warranty card, the owner's name may be on file with Canon Inc. If not, the information could still be available if the camera was ever sent in for repair.
It is possible to remove such data with editing software, but the photographer did not do so.
Other devices that attach unique identifiers to their creations include laser printers and compact disc writers.
Exposures
The chief executive of the Tempe, Ariz. identity theft prevention company LifeLock Inc. put his own Social Security number online in a show of confidence in his company's services — and then, of course,
Todd Davis, Lifelock's chief executive, said the thief used a lender that did not check with one of the three national credit bureaus, all of which had fraud alerts on their files for him.
The alerts proved successful in past attempts by other scammers, Mr. Davis said.
He said the culprit was Daniel Keith Brown of Fort Worth; Mr. Brown confessed to The Dallas Morning News, according to an article the paper ran Monday. "I did it," he said. "I was desperate for the money."
Fort Worth police officials would not confirm Mr. Brown as a suspect, and they said their investigation is ongoing.
Mr. Davis said that he used LifeLock's services to track down Mr. Brown, and the theft did not have any lasting repercussions. "There's nothing on my credit report."
LifeLock was also in the news last month when its founder and chief marketing officer, Robert J. Maynard Jr., resigned amid allegations of fraud, including an incident where he was accused of trying to use his father's identity to open a card account.
Criminals could score an identity theft touchdown by gleaning Troy Aikman's Social Security number from a Texas Web site.
The former Dallas Cowboys quarterback's information, along with that of thousands of other Texans,
The data was discovered by Steven Peisner, the president of Sell It Safe Inc., a Calabasas, Calif., company that scours the Web in search of exposed financial data.
The Social Security numbers were written on public documents the state made available online.
Scott Haywood, a spokesman for Secretary of State Phil Wilson's office, said it has to balance its responsibilities for posting public information and protecting personal information. Consumers whose Social Security numbers have been posted online can request that they be removed.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
