Nature Conservancy Says Spyware Compromised Employee Data

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via The Washington Post.

[snip]

A human resources employee at the Nature Conservancy in Arlington used his
laptop last month to visit a sports Web site. A short time later, computer
technicians at the world's largest environmental organization noticed a
torrent of data flowing out of its computer network.

The bad news arrived in the in-boxes of Conservancy staff members a week
later: The employee had inadvertently downloaded a spyware program from the
Web site, which allowed the software to seize personal and financial
information about thousands of Conservancy employees from his hard drive.
The rogue program moved the information through a sophisticated network of
servers in a number of countries, cloaking the final destination.

Officials say 14,000 people are in danger of having their identities
stolen. The hijacked data includes names, home addresses, Social Security
numbers, payroll direct-deposit account numbers, bank routing numbers, and
benefits and beneficiary information. Those affected include employees,
former employees and dependents of employees who worked for the Conservancy
between 2000 and Aug. 3 of this year.

[snip]

More:
http://www.washingtonpost.com/wp-dyn/content/article/2007/10/04/AR200710040
2263.html

People may wonder at times why security breaches at public websites
is a big deal. 

Well, wonder no more. :-)

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHBb2Aq1pz9mNUZTMRAoxSAKD3LpZJ879CaocX4EMS8SwYol+x7wCgpt1l
hqYb96NEQJV81vu+KKZTU3Y=
=YMct
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.