Zynga Faces Class-Action Lawsuit over Alleged Privacy Breach

Zynga Faces Class-Action Lawsuit over Alleged Privacy Breach

---

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 23 Oct 2010 23:42:40 -0400

---

http://blogs.sfweekly.com/thesnitch/2010/10/zynga_facebook_lawsuit.php

No matter what they do, some companies seem chronically incapable of
playing peacefully in the sandbox of American capitalism with others.
San Francisco-based game developer Zynga -- the wildly successful firm
behind such popular Facebook applications as FarmVille and Mafia Wars
-- is one of them, and  is now facing a class-action lawsuit driven by
customer allegations of privacy abuses.

The lawsuit, filed Monday in San Francisco's federal court by
Minnesota resident Nancy Graf, comes on the heels of a Wall Street
Journal investigation into the sharing of users' personal data by
Facebook and Zynga. The Journal found that Zynga games such as
FarmVille and FrontierVille were sending information identifying
gamers to third parties, which use the data to assemble profiles of
internet users and track people online for advertising purposes.

Even those who have set their Facebook privacy settings to the
strictest level can be affected by such breaches, according to the
Journal, which also reports that this sort of sharing of user data by
app developers is in violation of Facebook's rules. (Facebook is also
coming in for its share of the blame, as evidenced by a similar
lawsuit in Rhode Island.)

Graf's lawsuit asks for an injunction to prevent continued sharing of
user information, as well as monetary damages. The suit doesn't state
how much she is seeking.

Health insurers say data on 280, 000 Pennsylvania clients may be compromised

http://www.philly.com/inquirer/business/20101020_Health_insurers_say_data_on_280_000_Pennsylvania_clients_may_be_compromised.html

Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan said
Tuesday that a portable computer drive containing the names,
addresses, and health information of 280,000 Medicaid members in
Pennsylvania has been lost.

The affiliated companies together insure 400,000 people on medical
assistance in Pennsylvania.

The companies said the portable computer hard drive, used at community
health fairs, was lost within the companies' corporate offices.
Keystone's headquarters is in Southwest Philadelphia and AmeriHealth
Mercy's is in Harrisburg.

The computer drive included members' health plan identification
numbers and some of their health information, the insurers said.

Also stored on the drive were the last four digits of 801 members'
Social Security numbers, plus complete Social Security numbers for
seven others.

Illinois AG sues Payday Loan Store over improper disposal of customer data

http://www.databreaches.net/?p=14735


Attorney General Lisa Madigan today filed a lawsuit in Cook County Circuit
Court against The Payday Loan Store of Illinois, Inc. (PLS), for allegedly
failing to safeguard customer data as promised. The Attorney General filed
the suit after learning that documents containing customers’ personal
information had turned up in trash bins outside four store locations.

“Data security is absolutely critical to protecting consumers from identity
theft,” Attorney General Madigan said. “Businesses that collect, use and
ultimately dispose of sensitive personal information must live up to their
promises to protect that information from unauthorized access in order to
protect the financial privacy of consumers.”

PLS, which sells high-cost, short-term loans throughout Illinois, provides
customers with a privacy policy that promises the company will protect their
customers’ personal information by maintaining physical, electronic and
procedural safeguards in compliance with federal regulations. The Attorney
General’s complaint alleges, however, that PLS did not maintain those
safeguards and instead disposed of customers’ personal information in
publicly accessible trash containers.

The complaint alleges that a concerned individual alerted Bolingbrook police
that he had found documents containing sensitive information in a trash
container behind the PLS location in Bolingbrook. The police retrieved
approximately two boxes of documents containing nonpublic personal
information, including Social Security numbers, driver’s license numbers,
financial account numbers and PLS loan account numbers.

Computer security at Tech questioned

http://www.dchieftain.com/dc/index.php/news/2263-computer-security-at-tech-questioned.html

A procedural mishap at New Mexico Tech's Computer Center may have
allowed the Social Security numbers of a few thousand people to be
publicly available to anyone with a Tech computer account for nearly
five years.

William Colburn, Tech graduate, former Tech employee and Tech
Community College instructor and current Tech student, said he found
copies of an accounting file containing more than 3,000 Social
Security numbers stored in two locations on a publicly searchable disk
on the TCC server.

Tech's Public Information Officer, Thom Guengerich, said the problem
has been taken care of.

"We don't dispute that some files were accidentally and inadvertently
made open," Guengerich said, in a telephone interview on Thursday,
Oct. 14. "When it came to the university's attention, they were
deleted."
[..]

ACCOMACK: County laptop stolen on employee's trip to Vegas; residents' SSNs compromised

http://www.delmarvanow.com/article/20101014/NEWS01/101014035/1002/ACCOMACK--County-laptop-stolen-on-employee-s-trip-to-Vegas--residents--SSNs-compromised

ACCOMAC — An Accomack employee had a county-owned laptop computer stolen
while on a personal vacation to Las Vegas, and with it the names and Social
Security numbers of roughly 35,000 county residents.

In some cases, actual addresses of county residents also may have been
included in computer files.

“It was taken there without permission,” said County Administrator Steve
Miner of the computer.

Miner said the worker remains employed. The matter was discussed during a
closed meeting of the Board of Supervisors on Wednesday.

“We really haven’t resolved the personnel side of this,” he said.

The incident happened on the evening of Oct. 7. The county waited seven days
before issuing a prepared release to media warning citizens of it.

He said letters will be sent to affected residents “very soon.”

Miner said the county began determining what was on the computer immediately
after its theft.

“We have since been trying to work on the problem,” he said. “That was not
something we knew, in terms of files. That took some forensic work. Then we
had to figure out what it meant.”

Neither Miner nor the release named the employee who had the computer
stolen.

[...]

Microsoft: ‘Unprecedented Wave of Java Exploitation’

Microsoft Corp. today warned that it is seeing a huge uptick in attacks against security holes in Java, a software package that is installed on the majority of the world’s desktop computers.
In a posting to the Microsoft Malware Protection Center blog, senior program manager Holly Stewart warned of a “unprecedented wave of Java exploitation,” and confirmed findings that KrebsOnSecurity.com published one week ago:  Java exploits have usurped Adobe-related exploits as attackers’ preferred method for breaking into Windows PCs.

Image courtesy Microsoft

Stewart said the spike in the third quarter of 2010 is primarily driven by attacks on three Java vulnerabilities that have already been patched for some time now. Even so, attacks against these flaws have “gone from hundreds of thousands per quarter to millions,” she added. Indeed, according to Microsoft’s one-year anniversary post for its Security Essentials anti-malware tool, exploits for a Java vulnerability pushed the Renos Trojan to the top of the list for all malware families (malware and exploits) detected in the United States.
My research shows the reason for the spike, and it precedes the 3rd quarter of 2010: Java exploits have been folded into a number of the top “exploit packs,” commercial crimeware kits sold in the hacker underground that make it simple to seed hacked or malicious sites with code that exploits a variety of browser flaws in a bid to install malware.

http://krebsonsecurity.com/2010/10/microsoft-a-tidal-wave-of-java-exploitation/utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+(Krebs+on+Security)

Three Banks Closed on Oct. 15

Federal and state banking regulators closed three banks on Friday, Oct. 15.
These closures raise the total number of failed institutions to 149 so far in 2010.
These are the latest failed banks:

Security Savings Bank, F.S.B, Olathe, Kan.

Security Savings Bank, F.S.B., Olathe, Kan., was closed by the Office of Thrift Supervision, and the Federal Deposit Insurance Corporation was appointed receiver. The FDIC arranged for Simmons First National Bank, Pine Bluff, Ark., to assume all of the deposits of the failed bank.
The nine branches of Security Savings Bank, F.S.B. will reopen as branches of Simmons First National Bank. Security Savings Bank, F.S.B. had $508.4 million in assets.
The estimated cost to the Deposit Insurance Fund (DIF) will be $82.2 million. WestBridge Bank and Trust Company, Chesterfield, Mo., was closed by the Missouri Division of Finance. The FDIC was appointed receiver. The FDIC arranged for Midland States Bank, Effingham, Ill., to assume all of the deposits of the failed bank.

WestBridge Bank and Trust Company, Chesterfield, Mo.

The sole branch of WestBridge Bank and Trust Company will reopen as a branch of Midland States Bank. WestBridge Bank and Trust Company had $91.5 million in total assets.
The estimated cost to the DIF will be $18.7 million. Premier Bank, Jefferson City, Mo., was closed by the Missouri Division of Finance, and the FDIC was appointed receiver. The FDIC arranged with Providence Bank, Columbia, Mo., to assume all of the deposits of Premier Bank.

Premier Bank, Jefferson City, Mo.

The nine branches of Premier Bank will reopen as branches of Providence Bank. Premier Bank had $1.18 billion in total assets.
The estimated cost to the DIF will be $406.9 million.



http://www.bankinfosecurity.com/articles.php?art_id=3015

Massive Health Insurance Fraud Alleged

Armenian-American Crime Ring Targeted in Medicare Case

October 14, 2010 - Howard Anderson, Managing Editor, HealthcareInfoSecurity.com

Federal authorities have charged 44 alleged members and associates of an Armenian-American organized crime enterprise in connection with two massive health insurance fraud schemes.
In addition to a $100 million scheme to defraud Medicare -- the largest single Medicare fraud case -- members of the crime ring also were charged in connection with a separate scheme to defraud private health insurers in the New York area, federal authorities say.
The Medicare indictment alleges defendants operated at least 118 bogus medical clinics in 25 states that submitted the fraudulent claims.
"There were no real medical clinics behind the fraudulent billings, just stolen doctors' identities," says Janice Fedarcyk, FBI assistant director-in-charge. "There were no colluding patients signing in at clinics for unneeded treatments, just stolen patient identities."

http://www.bankinfosecurity.com/articles.php?art_id=3009