Risk Factor iconRisk Factor

Wal-Mart Gift Cards Don't Give

A computer problem in a third-party system operated by ValueLink, which is owned by Colorado-based First Data Corp., caused â''sporadic issuesâ'' with Wal-Mart's gift card verifications, affecting a â''small percentageâ'' of gift card transactions on Wednesday. The day after Christmas is usually a very busy shopping day, so even though only a "small percentage" of customers were affected, it still meant that lots of Wally shoppers were not happy.

According to news reports Nancy Etheredge, a spokesman for First Data Corp., released the following statement Thursday â''We have identified a sporadic system occurrence that caused some consumers to experience delays in gift card verifications on December 26, 2007. The problem has been isolated and we are working closely with our customers to prevent this situation from occurring in the future. The system is performing normally, and we regret any inconvenience this has caused.â'' Etheredge confirmed that multiple merchants were involved, but she declined to name them.

Target Corp., a prime competitor of Wal-Mart, happily pointed out that its customers didn't experience any problems.

Victoria's Smartcard Myki System In More Trouble

The Australian newspaper Herald-Sun reported over the weekend that the A$500m smartcard Myki ticketing project that is already 9 months late, is looking to be even later and cost a lot more money.

The government of Victoria awarded the contract for development of a smartcard ticketing system for public transport to the Keane Australia Micropayment Consortium (Kamco) in July 2005, with a planned go live (public trials) date of March 2007. The new system, if ever completed, will allow passengers to use a single plastic smartcard to travel on a network that spans 270 railway stations, 480 trams and 1,650 buses. Passengers would be able to store value on their cards via self-service machines, the telephone or the Internet.

Software issues have caused many of the schedule and cost problems, surprise, surprise.

The official current projected date is for the Myki system to become fully operational by June 2008, although the government is today saying they hope to see it operational by the end of 2008, but the smart money is now betting for sometime in 2009.

Epidemic of UK Data Breaches Continues Unabated

The London Telegraph reported over the weekend that nine National Health Service (NHS) trusts have admitting to losing over 168,000 patient records. The NHS says that its nothing to worry about since the security of the information went "way beyond" that used for internet banking. However, it also conceded today that it did not know exactly the details of the patient information lost, nor how it was lost.

Those two statements give one confidence, don't they?

In other news, the Royal Mail admitted that last month it sent pension information to the wrong addresses. About 5,500 pensioners in the Leeds area using Post Office card accounts (POCA) have been told that they may have received someone else's information. Post Office officials also said they think only about 120 people actually may have received the wrong information, but they, too, can't be sure.

Regardless, officials said, "The Post Office and its suppliers have apologised for this mistake, customers will be sent their correct statement shortly."

IRS Wastes $3.5 million on ID-Card Program


The Washington Post reported today that the Internal Revenue Service Inspector General released an audit that found that the IRS wasted $3.5 million on a new personnel identification system project required to meet Homeland Security Presidential Directive HSPD-12 Initiative. The projected cost of the project is $421 million over 14 years, and so far around $30 million has been obligated to it.

Among the waste noted in the audit report was $1,940,397 spent on a computer security system that the IRS now doesn't plan to use; $431,035 to establish and maintain an identification badge laboratory to create a test environment for issuing identification badges but the laboratory has now been closed and is deemed unnecessary, and; $188,160 paid to a contractor for 1 person billed at $128 per hour to provide clerical support (e.g., maintaining calendars and meetings, processing trip reports, etc.) over an 11-month period.

The audit said that the contract "statements of work were not specific enough to identify the deliverables and were too general to track the program's work requirements effectively." In other words, the contractors had every incentive to deliver useless services at the highest costs possible.

Cost Overruns Plague UK Public Sector IT Projects

ComputerWeekly reports that a study published by the European Services Strategy Unit claims that the majority of the 105 outsourced public sector Information and Communication Technology (ICT) projects they looked into had significant cost overruns, delays and or terminations. The 105 projects had a total contract value of £29.5 billion with cost overruns totaling £9.0 billion. Within these 105 projects, 57% of contracts experienced cost overruns with the average percentage cost overrun being 30.5%. Some 33% of contracts suffered major delays while 30% of contracts were terminated.

One reason for the problems encountered was that public sector officials often only focus on the procurement stage of projects, without considering the cost of implementation and training, while another was that the private sector contractors overstate their ability to deliver and underestimate the complexity of public service provision.

One more study to add to the dozens of others all depressingly finding the same thing.

Snooping at the IRS


The Wall Street Journal (WSJ) reported a few days ago that there has been an increase in the number of Internal Revenue Service (IRS) employees illegally looking at confidential taxpayer info. As the WSJ says, "Although the number of browsing cases is tiny compared with the IRS's overall work force, the number went up in the latest year. Officials at the Treasury Inspector General for Tax Administration, or TIGTA, say they opened 521 investigations in fiscal 2007, up from 448 the prior year -- and the highest since a 1998 taxpayer-privacy law was enacted."

"During the latest year, there were 219 "adverse administrative actions" against IRS workers, including firings and suspensions, a TIGTA official says. That's up sharply from 104 such actions the prior year."

No word from the UK on the number of HM Revenue & Custom employees who have been caught snooping on UK taxpayers.

Seattle Bus Tunnel Computer Still Out

Seattle's newly renovated downtown bus tunnel will remain closed through Friday (UPDATE: now Monday, 24 December; UPDATE 2: Make that 26 December; UPDATE 3: Make that until further notice; UPDATE: Opens on 27 December.) due to a computer malfunction, reports the Seattle Times.

According to the Times story, "Sound Transit, which recently led a tunnel-retrofit project, found suspected flaws in two or three circuit boards and will also replace five or six similar boards, said its light-rail director, Ahmad Fazel. Replacement boards were being flown to Seattle Wednesday night, he said."

"Fazel said the Seattle tunnel controls include a backup mode. But, he said, the flawed circuit boards were staying "on" even after they failed, disrupting the backup program, he said. Manual controls exist at each of the tunnel's five stations, but without the computer system, the stations would not be united, he said."

Updates on AMT, DC Tax Fraud & UK ID Messes


A few updates on a couple of earlier blogs.

Well, first, Congress has passed an Alternative Minimum Tax (AMT) patch for one year. However, Treasury Secretary Henry Paulson Jr. said that tax refunds will still likely be delayed because Internal Revenue Service (IRS) computers need to be reprogrammed - guesses are a best case three week delay, seven weeks for the expected case, and a worst case scenario of ten weeks. But because the patch expires at the end of 2008, we get to go through this all over again next year.

A new story in the Washington Post indicates that the DC tax scam may have started in 1990. So now the scam looks like it has been going on for possibly seventeen years, instead of the nine years last believed, which was an update from seven years which itself was a revision of the three year time frame first thought. No one now is even hazarding a guess about how much money was pilfered.

Finally, the London Telegraph reported today that "details of thousands of doctors, including religious beliefs and sexual orientation" were available to anyone logging on to the Medical Training Application Service site. Given almost the daily disclosures, one wonders how many more data breaches exist throughout UK government organizations.

The Telegraph also reported this week that "Sir Gus O'Donnell, the Cabinet Secretary, has advised ministers to toughen the penalties for improper disclosure of personal data after reviewing the way Whitehall departments deal with sensitive information." The penalties suggested includes jail time for civil servants.

Big IT Troubles at DHS


In the first of a three-part series on the Department of Homeland Security (DHS), BusinessWeek notes that some $3 billion in DHS information technology contracts, "accounting for 60% of the agency's 2008 IT budget, are underperformingâ''whether because they're behind schedule, over budget, or lack a qualified project manager or definable parameters. In dollar terms, Homeland Security accounts for about half of the troubled government IT projects tracked by the Office of Management & Budget (OMB)."

The article goes on to quote Clark Ervin, who was DHS Inspector General from January 2003 to December 2004: "When these contracts go awry, it's not just a question of millions of dollars or tens of millions or billions of dollars wasted, but it also means that the security gaps that those contracts are intended to address are left unaddressed." (Listen to an interview Ervin did with IEEE Spectrum last year.)

DHS says not to worry, though, because "great progress" is being made in getting the challenges posed under control.

Computer Problems Do In Seattle's Bus Tunnel Operations

Seattle's newly renovated downtown bus tunnel has been shut down for the second time this week due to a computer malfunction, reports the Seattle Times. The tunnel reopened for weekday bus service on Monday, Sept. 24, 2007.

According to the Times story, "All of the systems in the tunnel â'' such as ventilation, lighting and signals â'' are controlled by a computer system installed during the recent retrofit of the tunnel. The computer is based at Sound Transit's new operations center in Sodo."

The tunnel handles 1,076 bus trips on 18 routes on a typical weekday.

There is no word as to when the tunnel will be re-opened.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City
Load More