The Privacy Rights Clearinghouse just announced that their tracking of publicly available information on data breaches has reached 500 million records breached since 2005.

The Privacy Rights Clearinghouse tracks the approximate number of records (not individuals) compromised in data breaches – this record is based upon publicly available statistics. Though in reality, actual breached records are probably much higher, and some breaches affect an unknown number of records, the statistics give a good indication of breach trends within the US.

“This is a conservative number,” says Director Beth Givens, “We generally learn about breaches that garner media attention. Unfortunately, many do not. And, because many states do not require companies to report data breaches to a central clearinghouse, data breaches occur that we never hear about. Our Chronology is only a sampling.”

The Chronology of Data Breaches has been listing incidents of breached consumer information since 2005. As of August 24, 2010, that breach tally reached half a billion records!

Earlier this summer, the Connecticut Attorney General Richard Blumenthal filed and settled the first HIPAA-related lawsuit. Following suit in other HIPAA news, pharmacy chain Rite Aid has now been levied with a $1 million fine for violations to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.

According to federal charges, Rite Aid improperly disposed of prescription information. The Office for Civil Rights (OCR), which enforces HIPAA, has come to an agreement with Rite Aid and its 40 affiliated entities for the $1 million fine and for Rite Aid to take corrective action to improve its privacy policies and procedures.

“It is critical that companies, large and small, build a culture of compliance to protect consumers’ right to privacy and safeguard health information,” said Georgina Verdugo, director of OCR, in a statement from the the Department of Health and Human Services.

In addition, the Federal Trade Commission has demanded that the company undergo frequent security audits.

This is the second settlement as a result of a joint HHS and FTC investigation. The two agencies worked together on a similar case involving CVS Caremark in February 2009, which resulted in a $2.25 million fine for the pharmacy chain.

Via SC Magazine

According to the recently released McAfee Q2 2010 Threats Report [PDF], malware has reached an unprecedented level with 6 million malicious files found in the second quarter of 2010.

Though the report indicates that spam went up only by 2.5% over the first quarter, malware jumped up from 4 million malicious files in Q1 to 6 million in Q2! The most popular malware was targeted as threats on portable storage devices followed by fake anti-virus software and malware targeted at social media.

“Our latest threat report depicts that malware has been on a steady incline in the first half of 2010,” said Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee. “It’s also obvious that cybercriminals are becoming more in tune with what the general public is passionate about from a technology perspective and using it to lure unsuspecting victims. These findings indicate that not only should cybercrime education be more widespread, but that security organizations should move from a reactive to a predictive security strategy.”

Check out more from the release here.

Gizmodo has put together a great list of “The Top 10 Most Dangerous Things You Can Do Online“. The list, unlike other top lists, not only includes the dangers but also a series of tips on how to protect yourself. A great read.

As a summary, here are the 10 dangerous things you should be avoiding online…

1. Checking the “keep me signed in” box on public computers
2. Failing to update Microsoft Windows OS/Java/Adobe Reader/Adobe Flash
3. Searching for celebrity gossip, incriminating material (i.e. sex tapes)
4. Using BitTorrent to download copyrighted software/film/TV shows
5. Searching for free porn
6. Online gaming (free to play, social games on Facebook and beyond)
7. Leaving Facebook privacy settings wide open, therefore exposing personal info to all
8. Connecting to unknown wireless networks
9. Using the same password for every single online account
10. Trying to get a free iPad, PlayStation 3 or similar gadgets (scams/phishing)

I hope you haven’t fallen prey to any of these things!!

Absolute pinned down the exact location of this laptop 3 weeks after it was stolen in a home burglary. When met by police, the unauthorized user was quick to hand over the machine, and explained that it was a gift from her boyfriend (touching!). Officers decided to pay him a visit next.

It appears that the boyfriend was more than just a burglar – upon hearing police arrive, he attempted to flush a large quantity of narcotics down the toilet. He was not quite quick enough, however, allowing police to seize this soggy packet – along with another $10,000 worth of drugs, dispersed throughout the house. The boyfriend is facing felony drug charges.

Indictments and criminal complaints are unproven accusations and the accused in all cases are presumed innocent until proven guilty.

The Identity Theft Resource Center (ITRC) recently released their 7th annual Aftermath Study for victims of Identity Theft in 2009. For the first time since the study has been published, the ITRC has noticed that there are fewer negative consequences as the result of identity theft for the victims.

Some interesting and positive trends from the study include:

• Victims spent an average of 68 hour repairing damage done by identity theft (down from 76 hours in 2008) to existing accounts
• Victims spent an average of $527 out-of-pocket to repair damage to existing accounts (down from $741)
• 44% of respondents indicated support from friends

Though all of these results are positive, victims of identity theft still are victims of identity theft, which is not a good thing at all, don’t you think? The survey noted that check fraud was on the increase, along with an increase in cases of governmental and criminal identity theft issues.

The moment of discovery of the case continues to be adverse, indicating that the public and business sections have been less successful in proactive measures to stop identity theft crimes before they happen or become complicated. In addition, the victim’s inability to easily resolve negative records continues to be a stated point of frustration and source of anger, including short-term and long-term emotional impact.

Learn more in the press release here.

A new web series, Privacy Now TV, has launched to explore topics around “online privacy and security… in a Facebook world.” The series explores various themes in 2 minute video segments. The first episode just premiered, “What is Cybercrime,” with topics on Online Security coming next.

Do you have a favourite resource for web videos about security? If so, share!

According to research by danah boyd and Eszter Hargittai, in their paper “Facebook privacy settings: Who cares?”, young adults and students are becoming more savvy about their security settings on Facebook. This data shows a positive trend that rebukes generalized statements suggesting youth do not care about their personal privacy or security on social networking sites.

The study wanted to assess the impact that changes to Facebook privacy settings had on various user groups, particularly youth aged 18-19 years old.

“Overall, our data show that far from being nonchalant and unconcerned about privacy matters, the majority of young adult users of Facebook are engaged with managing their privacy settings on the site at least to some extent.”

Interestingly, the data does not suggest that one gender is more interactive with their Facebook privacy settings. The research suggested that experience and skill, not age, were better predictors of how users approached privacy settings. You can read the full paper, and discussion, here.

Via ars technica

Facebook hopped on the location-based social networking bandwagon this week with the launch of Places. Like competitors such as Gowalla and Foursquare, Places allows you to “check in” to a location when you are out, sending a notificaton to your Wall and to friends’ news feeds. Unlike competitors, Places also has the option to check other people into the same location.

This launch has, like other location-based services, raised privacy concerns. There are many people who don’t want other people to know where they are at all times. I’m one of those. The process to disable all of the new Places settings is a little convoluted, as you’d expect. Lifehacker has a great post taking you through all the options to turn off Places settings. They also have this info via a video, as seen below:

For more about the dangers of location-based services such as Places, check out our post on Please Rob Me.

Disgruntled, a terminated employee ditched her company car in a vacant parking lot. She claimed that she had also ‘returned’ her work computer by leaving it in the trunk – but upon retrieving the vehicle, employers found no such machine. They reported the computer stolen to Absolute and police. 

A week into the investigation, Absolute confirmed that the ex-employee was in fact still using the laptop. Not only did the Theft Recovery Team trace the computer to her home address – they also found she had used it to write several blog posts that were less than flattering to her former employer.  Armed with this evidence, Absolute sent police to her door.

Police were met with resistance – the former employee denied playing any part in the laptop’s theft. In fact, according our suspect, she hadn’t seen the machine since the day she left the company. Yet when presented with Absolute’s evidence, her tone abruptly changed. To avoid further conflict, she sheepishly handed the machine over to police.

Indictments and criminal complaints are unproven accusations and the accused in all cases are presumed innocent until proven guilty.