Office of Personnel Management: 4 Million People’s Personal Information Compromised

OPMhackers

The U.S. Office of Personnel Management announced late Thursday afternoon that it lost 4 million people’s personally identifiable information as a result of a data breach.

Chinese hackers cracked the federal government’s systems in December, according to the Washington Post.

OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. As a result, in April 2015, OPM became aware of the incident affecting its information technology (IT) systems and data that predated the adoption of these security controls.

The human resources arm of the federal government conducts background checks on employees. It will begin notifying those affected starting next week.

From the Associated Press, which initially broke the news of the data breach:

In November, a former DHS contractor disclosed another cyberbreach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.

DHS said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyber threats, identified the hack of OPM’s systems and the Interior Department’s data center, which is shared by other federal agencies.

The former director of the National Security Agency, Mike McConnell, in the wake of the Anthem breach (allegedly perpetrated by Chinese hackers) earlier this year [37:00]:

A lot of the speculation revolving around that potential nation-state sponsored attack assumed that the Chinese might be interested in building databases on people in businesses and governments.

The idea is that while a hacker might not be able to breach the security of. say, the President’s computer, that person might be able to infiltrate all the systems surrounding the Commander in Chief, in essence making the job of spying easier.

Heartland Payment Systems Reports Stolen Computers, (Potential) Data Breach

In a letter to those affected: 

What Happened?

Heartland Payment Systems, Inc. (“Heartland”), was notified on May 8, 2015 that your personal information may have been compromised. An incident occurred at our office in Santa Ana, California. Many items, including password protected computers belonging to Heartland were stolen. One of these computers may have stored your Social Security number and/or bank account information processed for your employer. We have seen no evidence suggesting that the data has been accessed on the stolen computers or used in any way, and we have no reason to believe any such use will occur. We have involved state and federal regulatory and law enforcement agencies to assist us in determining how to proceed with the matter at hand. Heartland continues to monitor the situation carefully and has increased its internal security and review procedures to watch for any unusual activity. We are providing this notice to you out of an abundance of caution so that you can take steps to help protect your information from unauthorized use, such as the steps detailed in the enclosed state notification requirements.

The Princeton, NJ payment processor may sound familiar because several years ago it disclosed a monmumentally more severe event.

From Wikipedia:

On January 20, 2009 Heartland announced that it had been “the victim of a security breach within its processing system in 2008”.[5] The data stolen included the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards; with that data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.[6] One estimate claimed 100 million cards and more than 650 financial services companies were compromised; at the time, it was characterized as the largest ever criminal breach of card data.[7]

An American computer hacker, Albert Gonzalez, was sentenced in March 2010 to 20 years in prison for his role in the hacking ring that broke into the Heartland computer systems.[8]

On May 1, 2009, Visa and Heartland issued a statement that Heartland successfully validated its compliance with PCI DSS and was returned to Visa’s list of PCI DSS Validated Service Providers.[9]

I-285 Crash: Plane Not So ‘Popular’

Image (75)

Not long after I published a story on the history of the Piper Cherokee Lance that crash landed on the eastbound lane of i-285, a reader reached out to me.

A self-identified attorney and a flight instructor took issue with the headline: ‘“I-285 crash: a popular plane’s past”

Additionally, he pointed out some troubling statistics that he said he’d gathered. Overall, he presented an interesting argument. We went over his letter several times and refined his point:

That, perhaps, the plane’s model (which was only manufactured from 1976 to 1979) was difficult to fly at low altitudes and that difficulty can’t be ruled out as the cause of the crash.

The Lance was not Piper Aircraft’s finest hour. Rather, it was an attempt to add sizzle to its predecessor, the Cherokee Six.  

A later version, the Piper Saratoga, had a fairly long shelf life; but not the Lance.

For balance, it should be noted that, that plane wasn’t free from notable accidents. JFK Jr. died after crashing one off the coast of Martha’s Vineyard.

Earlier versions of the Lance, such as the one that crashed into I-285, were comparatively  ‘heavy’ and difficult to fly, especially at slow speeds. Later versions of this model, the Lance II and the Turbo Lance II,  particularly with the T Tail design, made the plane even more difficult to control at slow speeds.

I think it’s important to emphasize, again, that the Cherokee Lance (PA-32R-300) did not have that problematic T Tail design, and was basically a Cherokee Six with retractible landing gear.

Due largely to ‘challenging’ flight characteristics, the ‘Lance’ production  was short lived. Sales plummeted. Between ‘76 and ’79, Piper built less than 2,000 of them [per AOPA].

According to the Aircraft Owners and Pilots Association [AOPA], of the 1,941 Lance Aircraft built, there have been 127 fatal accidents. That’s a rate of .065 – roughly double the ‘popular’ Cessna 172,  with about 43,000 built [more than 20 times the number of the Lance].

Today, a little more than half of the Lances built are still ‘registered’. Eighty percent of Cessna 172s, meanwhile, are still in the sky.

So, assuming nothing wrong with fuel or mechanically with the engine, then as an aviator for 45 years, my guess is this crash may have something to do with the plane; not just the pilot.

On a hot day, with a heavy, somewhat underpowered plane, the pilot who died shortly after taking off from DeKalb Peachtree Airport earlier this month, had his hands full in a Lance.

This Atlanta-area lawyer didn’t want his name attached to the letter, so I was unable to get it published in the newspaper.

Still, I thought it important enough to share, here.

Fla. School District Begins Monitoring Students, Staff Social Media Accts

From the Orlando Sentinel:

What Orange County students — and staff — post on social media sites such as Twitter, Facebook and YouTube is now being monitored by their school district to “ensure safe school operations,” the district announced this morning.

Central Florida’s largest school district said it had a new licensing agreement for software that would allow it to monitor a number of social media sites for posts “that may impact students and staff.”

Spokesman Shari Bobinski said the monitoring program is now up and running, though not at full scale. Security staff began using it about a month ago.

From the Insurance Journal (2013):

The issue of social media and how far school districts should go is garnering national attention because of a monitoring program Huntsville City Schools started in 2013.

The district paid a former FBI agent $157,000 to operate SAFe, or Students Against Fear, a monitoring program that targeted 600 of the system’s 24,000 students and resulted in expulsion of 14 students.

Huntsville said it started the program after receiving a tip from the National Security Agency involving a threat against a teacher. The NSA said it has no record of contact with school officials.

Regardless of what led Huntsville to start the program, the American Civil Liberties Union views what students post on social media sites as free speech that shouldn’t lead to punishment at school.

“The ACLU is concerned about the systemic monitoring of student speech across the country,” said Randall Marshall, legal director of the ACLU of Alabama.

When The Broadway Diner Died, So Did Red Bank

In late July, the Red Bank Broadway Diner abruptly shut down; Growing up in Monmouth County, the spot was a rite of passage.

Elvis has left the building. The diner is out of business.

Bacon Cheeseburger. Medium Rare. And a Coca-Cola.

My usual. Every Friday and Saturday sometime after three in the morning for the last four years I lived in New Jersey at the Broadway Diner in Red Bank at the end of Rt. 35.

I moonlighted over the weekends as a bouncer at a bar a few miles up the road. Grew up in a neighborhood close by. And, during my tenure at that Diner’s counter, I made friends out of the waiters, waitresses, busboys and hostesses; threw out unwieldy customers, often for the reward of a free slice of coconut-custard pie; and learned every cranny of that greasy little spoon, including the wall-mounted jukeboxes at every table (which didn’t work).

Diners — especially those in New Jersey — are like that.

Continue reading