More than a year after millions of T.J. Maxx and Marshalls customers found out their credit card information had been hacked into, the discount stores' operator agreed to have its information audited but avoided paying federal fines. TJX was one of three firms that agreed to settle charges that it "failed to provide reasonable and appropriate security for sensitive consumer information," federal regulators said yesterday in two unrelated data-breach decisions. Data broker Reed Elsevier and its Seisint subsidiary also avoided fines but have agreed to obtain third-party audits biennially for 20 years under a separate settlement with the Federal Trade Commission. The FTC did not impose financial penalties against the companies because it lacks the authority to do so. The commission has asked Congress for such authority since 2005.
State Department workers viewed passport applications containing personal information about high-profile Americans, including the late Playboy playmate Anna Nicole Smith, at least 20 times since January 2007, The Associated Press has learned. An internal department review has found the additional instances of department employees or contractors looking at computerized passport files of politicians and celebrities, according to preliminary results. It has not been determined if the new cases also involved improper peeking, officials familiar with the review said Wednesday. Smith's case, however, seems legitimate, the officials said. The review is not complete and the exact number of cases was not yet clear.
Sen. Lamar Alexander (R-Tenn.) wants to scrap a three-year-old anti-terrorism law that his fellow Republicans drafted in response to the Sept. 11 attacks. And with his new power in the GOP conference, he may have a chance. Alexander�s target is the 2005 Real ID Act, which mandated that states adopt uniform federal standards for driver�s licenses. When Congress returns next week, Alexander plans to file an amendment to the fiscal 2009 homeland security appropriations bill that would halt the program until the government finds a way to reimburse states for its cost.
A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years' worth of clinical trial data, including names, medical diagnoses and details of the patients' heart scans. The information was not encrypted, in violation of the government's data-security policy. NIH officials made no public comment about the theft and did not send letters notifying the affected patients of the breach until last Thursday -- almost a month later. They said they hesitated because of concerns that they would provoke undue alarm.
Cell-phone companies can tell not only where your phone is, but as long as it's on, they can trace where it's been � whether the phone is in use or not. And that technology is becoming a staple of law enforcement investigations. The tracking technology is a common feature of cell phones, mandated since 1999 so 911 dispatchers could easily trace the location of emergency calls. Newer phones, such as the iPhone owned by Lewis, the BlackBerry and other models that access local wireless Internet networks (wi-fi), can be tracked even more precisely than conventional cell phones.
The State Department says it is trying to determine whether three contract workers had a political motive for looking at Democratic presidential candidate Barack Obama's passport file. Two of the employees were fired for the security breach and the third was disciplined but is still working, the department said Thursday night. It would not release the names of those who were fired and disciplined or the names of the two companies for which they worked. The department's inspector general is investigating.
After reading about how Internet companies like Google, Microsoft and Yahoo collect information about people online and use it for targeted advertising, one New York assemblyman said there ought to be a law. So he drafted a bill, now gathering support in Albany, that would make it a crime � punishable by a fine to be determined � for certain Web companies to use personal information about consumers for advertising without their consent. And because it would be extraordinarily difficult for the companies that collect such data to adhere to stricter rules for people in New York alone, these companies would probably have to adjust their rules everywhere, effectively turning the New York legislation into national law.
A measure to expand the collection of DNA samples from people arrested for violent crimes and burglary has run into strong resistance from the NAACP and members of the Maryland Legislative Black Caucus, who walked out of a House caucus meeting Tuesday in frustration. Opponents are fighting the bill because they say it's too broad and requires DNA collections from innocent people who haven't been convicted of any crimes. Initially the bill, which is one of Gov. Martin O'Malley's priorities this session, would have required that DNA samples be kept by law enforcement, even if people ended up being exonerated. The measure has been amended so that authorities would have to inform someone of the right to expunge the sample, if the charges are dropped or the person is acquitted.
A security breach at an East Coast supermarket chain exposed more than 4 million card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday. Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique card numbers were exposed, placing the case among the largest data breaches ever. The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products. The company is aware of about 1,800 cases of fraud reported so far relating to the breach. No personal data such as names, addresses or telephone numbers were divulged -- just account numbers.
The FBI improperly obtained personal information about Americans as part of terrorism investigations in 2006, but steps were taken by the agency to prevent future privacy abuses, an upcoming Justice Department report says. The long-anticipated audit, to be released Thursday, is expected to show a fourth consecutive year of privacy breaches by FBI agents using so-called national security letters to gain access to telephone, e-mail, and financial records of Americans and foreigners without a judge's approval.
European regulators on Tuesday approved Google�s acquisition of DoubleClick, a significant player in the $37 billion online advertising business, brushing aside complaints that the combination would allow Google to extend its Internet dominance. Shortly after, Google announced that it had closed the $3.1 billion acquisition and said the integration of the two companies may result in some job cuts.
Five years ago, Congress killed an experimental Pentagon antiterrorism program meant to vacuum up electronic data about people in the U.S. to search for suspicious patterns. Opponents called it too broad an intrusion on Americans' privacy, even after the Sept. 11 terrorist attacks. But the data-sifting effort didn't disappear. The National Security Agency, once confined to foreign surveillance, has been building essentially the same system. A debate is brewing among legal and technology scholars over whether there should be privacy protections when a wide variety of transactional data are brought together to paint what is essentially a profile of an individual's behavior. "You know everything I'm doing, you know what happened, and you haven't listened to any of the contents" of the communications, said Susan Landau, co-author of a book on electronic privacy and a senior engineer at Sun Microsystems Laboratories. "Transactional information is remarkably revelatory."
Several thousand law enforcement agencies are creating the foundation of a domestic intelligence system through computer networks that analyze vast amounts of police information to fight crime and root out terror plots. As federal authorities struggled to meet information-sharing mandates after the Sept. 11, 2001, terrorist attacks, police agencies from Alaska and California to the Washington region poured millions of criminal and investigative records into shared digital repositories called data warehouses, giving investigators and analysts new power to discern links among people, patterns of behavior and other hidden clues. Authorities are aware that all of this is unsettling to people worried about privacy and civil liberties. Mark D. Rasch, a former federal prosecutor who is now a security consultant for FTI Consulting, said that the mining of police information by intelligence agencies could lead to improper targeting of U.S. citizens even when they've done nothing wrong.
U.S. postal authorities have approved more than 10,000 law enforcement requests to record names, addresses and other information from the outside of letters and packages of suspected criminals every year since 1998, according to U.S. Postal Inspection Service data. In each of those years, officials approved more than 97% of requests to record the information during criminal inquiries. In 2004, 2005 and 2006, the most recent year provided, officials granted at least 99.5% of requests, according to partial responses to inquiries filed by USA TODAY under the Freedom of Information Act. When the government's warrantless surveillance of electronic communication has come under fire, civil liberties advocates say, the USPIS' limited disclosure raises serious questions.
The FBI improperly used national security letters in 2006 to obtain personal data on Americans during terror and spy investigations, Director Robert Mueller said Wednesday. Mueller told the Senate Judiciary Committee that the privacy breach by FBI agents and lawyers occurred a year before the bureau enacted sweeping new reforms to prevent future lapses.