Skip Links * Go to page content * Go to site-wide navigation * Go to Contact Us page * Newsletter Subscriptions * Newsletter Archives * White Papers * Reports & Guides * Webcasts * Downloads * Podcasts * This Week In Print * IT Jobs * Community * Slideshows * New Data Center * Solution Centers * 2011 Data Center Switching Challenge * 2011 Wi-Fi Challenge * CITRIX^® Virtual Computing Perspective * Executive Resource Center * Iron Mountain Solving Information Management Challenges * Masters of Converged Solutions * Riverbed WAN Optimization * Trend Micro™ Securing Your Journey to the Cloud alt text Click Here Network World * News * Blogs & Columns * Subscriptions * Videos * Events + Face-to-Face + Virtual * More ____________________ search * Security * LAN & WAN * Unified Communications * Cloud Computing * Infrastructure Management * Wireless * Software * Data Center * SMB Networking * IT Careers * Toolshed * Tech Debate * Community + Cisco Subnet + Microsoft Subnet + Open Source Subnet * Anti-malware * Compliance * Cybercrime * Firewall & UTM * IDS/IPS * Endpoint Security * SIEM * White Papers * Webcasts * Tests * Ethernet Switch * Router * IPv6 * Service Providers * Metro Ethernet * MPLS * VPN * WAN Optimization * White Papers * Webcasts * Tests * VoIP * E-mail services * Videoconferencing * Collaboration / Web 2.0 * White Papers * Webcasts * Tests * SaaS * White Papers * Webcasts * Tests * Network Management * System Management * Identity Management * Patch Management * Application Management * Asset Management * White Papers * Webcasts * Tests * 3G & 4G * Smartphones * Mobile Apps * Wi-Fi * WiMAX & LTE * Wireless Management * Wi-Fi Security * White Papers * Webcasts * Tests * Windows * Linux * Applications * CRM * ERP * Business Intelligence * White Papers * Webcasts * Tests * Virtualization * Disaster Recovery * Server * PC * Network Storage * Storage Management * Green IT * White Papers * Webcasts * Tests * Broadband * Collaboration * Equipment * Mobile * Networks * Security * Storage * White Papers * Webcasts * Tests * White Papers * Webcasts * Tests * Cool Tools * Gearhead * IT Asked & Answered * White Papers * Webcasts * Tests * White Papers * Webcasts * Tests * Tests * White Papers * Webcasts * Solution Centers Paul McNamara Buzzblog Paul McNamara [-- Select NWW Blog --............................] Previous Article Next Article Disney data thief hit Johnson & Johnson, too By Paul McNamara on Mon, 07/23/07 - 10:56am. IFRAME: http://www.facebook.com/plugins/like.php?href=http://www.networkworld.com/co mmunity/node/17741?ts0hb=&story=htbox&layout=standard&show_faces=false&width =350&action=recommend&font&colorscheme=light&height=45 * Email * Comment * Print A document on file with the state of New Hampshire indicates that the employee of a Disney contractor caught in a federal sting selling the credit-card information of Disney Movie Club members also victimized customers of Johnson & Johnson. How many others he targeted is anybody's guess ... and the fact we have to guess should be considered everybody's problem. First to draw attention to the Johnson & Johnson involvement was a staffer from the security Web site attrition.org who writes under the name "d2d." From his post (which includes non-Disney-like language): A (now former) employee of Alta Resources allegedly stole an undisclosed number of credit cards, and subsequently attempted to sell them to undercover law enforcement, per Paul McNamara's article. ... Apparently, Alta Resources also lost data for another client: Johnson & Johnson. We didn't find this in the press, however. We found it via the Granite State (Live free or die!). The state of New Hampshire posts their data loss notification letters online, and a letter dated July 9th, 2007 blames Alta Resources for a data loss incident, and mentions the same "employee fraud" situation as the Disney breach. Unless Alta Resources has had TWO employees defect with customer data, then this could be the same breach as the aforementioned Disney breach. As "d2d" notes, the piecemeal nature of these reporting requirements makes it virtually impossible for anyone to ascertain the scope of a given data-breach incident, which in turn may allow companies to avoid the full public-relations hit that can come when a big number gets attached to these stories. The Johnson & Johnson disclosure involves only a handful of customers, according to the document, but this is a single incident report to a single state agency, and, of course, the population of New Hampshire can be counted on your fingers and toes. In my interview July 7 with a Disney spokesman, I asked at least three times for some indication of the number of club members involved and got nowhere as he repeatedly claimed to be prevented from disclosing that information because the case was still under investigation. ... What hogwash. More from "d2d": This (Johnson & Johnson revelation) might indicate that Alta Resources had a much more significant breach than has been reported (or not reported, as it were). What other companies' clients lost data through Alta's possibly rogue employee? ... Since nobody is willing to disclose anything beyond what individual states require, we can't say for sure. Federal data loss reporting legislation anyone? Sounds like a heck of a good idea to me. Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up. The 7 Wonders of the Internet ... A Buzzblog community creation. Microsoft 'silently' restores root certificates that users distrust and remove. When a cell phone goes through the washer. Diggers dig nothing more than Digg. Nothing says summer like a Christmas catalog on July 10. Disney Movie Club members victimized in latest data-breach horror show How to avoid having to hire an American: lawyerly advice. The emoticon is turning 25: You can thank this guy :-) ... or not :-( And vote in our poll. Even Apple doesn't know why time stands still on the iPhone. Casino bans author of Word for being lucky. BlackBerry owes this guy a girlfriend. Tags * Security * data breaches * privacy Welcome, visitor. Register Log in About Buzzblog + RSS + Contact Requires Login Archives July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009See all Categories Apple Cyber Monday Digg Gartner Gartner magic quadrant MrBabyMan Orbitz Pingdom Security Twitter UNIX ZL Technologies e-commerce e-mail archiving iPhone identity theft iphone apps online shopping social networking Sponsored Links Resource Center Network World's Daily Newsletter Stay up to date with the most important tech news (Submit) Sign-up Network World, Inc RSS The Connected Enterprise + About Us + Jobs @ NWW + Contact Us + Subscribe to Network World Magazine + Newsletter Subscriptions + Advertise + Reprints & Links + Partnerships + AdChoices Other IDG Sites + CFOworld + CIO + Computerworld + CSO + DEMO + GamePro + Games.net + IDG Connect + IDG Knowledge Hub + IDG TechNetwork + IDG Ventures + InfoWorld + ITwhitepapers + ITworld + JavaWorld + LinuxWorld + MacWorld + Network World + PC World Copyright © 1994 - 2011 Network World, Inc. All rights reserved. * Terms of Service