Re: Canada: Bell probes theft of personal information on 3.4 million Ont., Que. clients

["Brian Honan" <brian.honan () bhconsulting ie>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remember though that privacy laws differ from jurisdiction to
jurisdiction.  It is possible that if this breach occurred within the
European Union that the compromised data would fall under the data
protection directive.  Under this directive personally identifiable
information can only be gathered for a specific reason, agreed to by
the customer, and protected from unauthorised access.

Brian

Brian Honan
BH Consulting
Helping You Piece IT Together
T:  +353-1-4404065
M:  +353-868114066
E:  brian.honan () bhconsulting ie
W:  http://www.bhconsulting.ie
B:  http://www.bhconsulting.ie/blog

Supporting Global Security Week http://www.globalsecurityweek.com

This message is for the named person's use only. If you received this
message in error, please immediately delete it and all copies and
notify the sender. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you
are not the intended recipient. Any views expressed in this message
are those of the individual sender and not of BH Consulting.
BH Consulting is a registered trade name for BH IT Consulting
Limited, Company Registration Number: 393479 with registered offices
at 49 Luttrelstown Drive, Castleknock, Dublin 15.   

- -----Original Message-----
From: dataloss-bounces () attrition org
[mailto:dataloss-bounces () attrition org] On Behalf Of security
curmudgeon
Sent: 13 February 2008 04:15
To: dataloss () attrition org
Subject: Re: [Dataloss] Canada: Bell probes theft of personal
information on 3.4 million Ont., Que. clients


: (Finally, stealing the equivalent of a phone book makes headlines. 
It
: was only a matter of time...)
: 
:
http://canadianpress.google.com/article/ALeqM5jYxNzISSg8CH4MSvbfAo61t7
ioVQ
: 
: Bell Canada (TSX:BCE) is trying to determine just who has seen a
limited
: amount personal information on some 3.4 million of its clients in
Quebec
: and Ontario after a Montreal man was arrested Tuesday and faces
charges
: of stealing the data.
: 
: The telecommunications company said Tuesday it had recovered the
stolen
: data at a Montreal home but that it was fairly limited and only
included
: names, addresses, telephone numbers and a list of Bell services the
: client subscribed to.

This is where the telco needs to come clean. Name, address and phone
number of listed customers is obviously not any real breach.

That information of *unlisted* customers begins to be more of a
concern.

They also need to define "services" here. Does this include DSL
service? 
Just POTS services like call waiting?

: "There was no identity material beyond name, address and phone
number," 
: Langton added. "(The information is) similar to what you'd find in
the
: white pages or a phone directory."

*Similar*, which does not rule out the possibility of unlisted
customers.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance
monitoring solutions for large and small networks. Scan your network
and monitor your traffic to find the data needing protection before
it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBR7KwI4u28IDxtc99EQLGbQCZAaND2d6iynDfnyiVH/u3PYoVil0AoL8p
zhRqDVen8glOC7FON50DNZu6
=KwuB
-----END PGP SIGNATURE-----

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml