Log in

Archive for June, 2010

Top Data Breach Incidents

June 19th, 2010

: Data Security Breaches

ABC News has published a list of 10 severe data breaches that have affected the industry in this decade beginning from 2000.

The list of data breaches has been compiled by a San Diego-based non-profit, called the Privacy Rights Clearinghouse. The list includes exhaustive list of data breaches by government agencies, institutions and corporations. Some of these incidents highlight the breaches of all kinds and including the number of people affected.

Let us analyze some of these incidents

2009 — Heartland Payment Systems

The Heartland payment systems was billed as the largest credit card crime of all time. Princeton, New Jersey based Heartland processes card payments for restaurants and other businesses. The computers which were processing 100 million transactions for 1,75,000 merchants were penetrated by hackers. In January this year, Heartland was notified by Visa and MasterCard notified Heartland about suspicious transactions.
2007 – TJX Companies

4 years ago, the Massachusetts-based TJX informed that more than 45 million customer records in 2003 and 2004. Over $20 million were spent in investigating the incident, hiring the lawyers and notifying the customers. This incident exposes the security vulnerabilities of retailers.
2009 – U.S. Department of Veterans Affairs

Information of around 76 million veterans was compromised when a defective hard drive was sent for repair and recycling without first having the data on it erased. Apparently, the hard drive contained millions of social security numbers.
2005 – Card Systems

CardSystems, an Atlanta based payment transactions processor suffered a breach incident when more than 40 million card accounts were exposed to potential fraud. Infact, the leaked details that were used by hackers belonged to Mastercard accounts (68,000), Visa accounts (100,000) and other brands (30,000).
2006 – Theft of Veterans Laptop with Personal data

Way back in May 2006, a laptop that contained personal information for millions of veterans was stolen in a burglary from the Maryland based agency. Apparently, over 17.5 million veterans were at risk and were offered to cover the cost of monitoring their credit for one year.
2008 – Bank of New York Mellon

When the Bank of New York Mellon lost a box of computer data tapes with information such as Social Security numbers, names, addresses and possibly bank account numbers, the personal information of more than 12.5 million people was compromised.As a settlement amount, Connecticut was paid $150,000 by the bank and was also promised credit monitoring and fraud alerts for the affected people for 36 months.
2007 – Certegy Check Services

A St. Petersburg, Florida-based financial services firm, Certegy revealed the theft of customer records by an employee that included credit card, bank account and other personal information. The volume estimates of the data breach incident was found out to be $ 8.5 million.

For further insights about the breach incidents, do check out the ABC News article on 10 of the Top Data Breaches of the decade.

Security against Data Breach with Alertsec Xpress

Why do data breach incidents happen in the first place? Perhaps your organization didn’t take the requisite steps or there was some level of negligence with the handling of data.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Top 10 Data Breaches of the Decade (abcnews.go.com)
Heartland Slowly But Steadily Settles IT Breach Lawsuits (spectrum.ieee.org)
Heartland settles with MasterCard for $41 million (riskpundit.com)

1 comment »

Posted in Data Protection, data breach

Tags: business computer security software Credit card data breach data security Financial services Heartland Payment Systems Mastercard Merchant Services TJX Companies Visa

Data Breach at San Bernardino Community Hospital

June 15th, 2010

: Image via Wikipedia

The Community hospital of San Bernardino has been reprimanded with a fine of $325,000 for violating confidential patient data in a major data breach incident. Apparently, the fine was imposed on the hospital because there was unauthorized access of the medical information of 204 patients by an employee. Initiialy, the fine was calculated at a value of $250000.

However, another $750000 was added when a separate case involving the unauthorized access of medical records of 3 more patients was found out.

Diane E. Nitta the hospital administrator said that hospital has,”enhanced staff education efforts around patient privacy (and) put in place expensive security measures that guard against inappropriate access to our patients’ records.”

According to the official spokeswoman of the hospital, Tobey Robertson none of the information was used to harm the patients.

How did these incidents happen?

In the first case, a radiology technician had obtained access to computerized medical records of 204 patients without a clinical need for the information.
In the second incident, a clerk had let a friend enter a restricted area, where the person heard confidential patient information given by three patients during the admitting process.

Apparently, the Department of Public Health has fined 5 authorities for data breach and the hospital is one of them.

Frequent incidents like these highlight the structured use of computer security software and data encryption software which ensures the protection of data and prevents loss of information incase of theft and losses.

Stay Secure with Alertsec Xpress

Why do data breach incidents happen in the first place? Perhaps your organization didn’t take the requisite steps or there was some level of negligence with the handling of data.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Nine California hospitals fined for serious medical errors (latimesblogs.latimes.com)

No comments »

Posted in data breach

Tags: computer security software data breach data encryption software data security Facilities Health Hospital Medical record Medicine privacy Public health Radiology San Bernardino San Bernardino California security United States

Ireland Considering New Data Breach Notification Rules

June 11th, 2010

: Data Security Concerns in Ireland

Close on the footsteps of its neighbouring countries, Ireland is also looking at the data protection rules with more details. According to these rules an organization should report a data breach incident to the authorities incase of any incidents involving loss of personal data of more than 100 people.

According to William Malcolm, a privacy lawyer with the law firm Pinsent Masons Ireland has had its share of high-profile data breaches which has spurred the creation of the code of practice.

As per the proposal by Ireland’s privacy regulator data losses will now be declared to Ireland’s Data Protection Commissioner in line the draft code of practice published by the Commissioner.

Can the organizations avoid reporting?

Yes, they can certainly avoid the report of data breach if their data is encrypted and protected by a strong password. In addition, they can also escape reporting if their devices are using a remote memory-wipe feature which is activated on the lost device.

Some experts foresee the masking of critical incidents as the problem with data breach notification guidelines. They believe that due to these rules there is a possibility that major incidents could get hidden and lesser known events exposed.

A couple of years ago, the government of Ireland had recommended the creation of an official guidance which would highlight the the time to report the incidents. The office of the data protection commissioner has published the proposed draftcode of practice on its Web site and starting June 18 it would be available for public comment.

According to Irish Data Protection Commissioner Billy Hawkes, “I have sought to bring forward a draft Code as quickly as possible after the Review Group report to respond to public concern in relation to organisations losing personal data under their control while at the same time not imposing an undue burden on those organisations”.

What if data loss involves less than 100 people?

If the loss incident involving less than 100 people includes sensitive personal data or financial information then that must be reported as well.

What would the report constitute?

The report would include the following:

Type of the data compromised
What action has been taken
How people have been informed or the reason for not informing people
What kind of actions have been taken to limit the problems for affected people.

Data Security with Alertsec Xpress

Why do data breach incidents happen in the first place? Perhaps your organization didn’t take the requisite steps or there was some level of negligence with the handling of data.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles by Zemanta

Ireland publishes proposed data breach notification rules (go.theregister.com)
ICO will not compel companies to report data losses (v3.co.uk)

No comments »

Posted in Uncategorized

Tags: alertsec AlertSec Xpress data breach Data Protection Acts Data Protection Commissioner Government of Ireland Ireland Law privacy Review Group

Digital River Data Breach Incident

June 9th, 2010

When hackers executed a “highly unusual search command” against Digital River’s secured servers the data belonging to almost 200,000 individuals was exposed leading to massive data security breach.

Direct Response Technologies which is a Pittsburgh based subsidiary of Digital River sells a leading software program called as DirectTrack. With DirectTrack companies can create and manage affiliate marketing programs. Once the data is gathered by the programs it is stored on Digital River’s servers, and access to it is tightly restricted with passwords and other security measures.

It was when 19-year-old Eric Porat of Brooklyn tried to sell the purloined data for as much as $500,000, the investigators got hold of him.On being questioned, Porat has also said that he has obtained the information from India, but hasn’t revealed how he has got the same. According to Digital River the information was apparently stolen by New Delhi hackers with some level of support from a contractor working for Digital River.

According to reports Eric Porat had approached a company called Media Breakaway and had made repeated requests to them for buying the information. His idea was to sell the data to the highest bidder.

This type of data is very helpful for organizations that are interested in targeted marketing activities. The crucial data included names, email addresses, websites, and unique user-identification numbers for 198,398 individuals. The data was collected by affiliated marketing companies through a software created by Direct Response Technologies (Digital River subisidary) and was stored on password-protected servers.

Digital River Marketing Solutions Inc. has filed the lawsuit on May 13 listing Porat and his company, Affiliads, as defendants seeking information on how they obtained Digital River’s data and what they’ve done with it.

Data Security with Alertsec Xpress

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Digital River Servers Breached, 200,000 Individuals Records Stolen (pindebit.blogspot.com)
Hack on e-commerce co. exposes records for 200,000 (go.theregister.com)
Digital River up after analyst says McAfee deal possible (taragana.com)

No comments »

Posted in Data Protection, computer security software, data breach

Tags: Brooklyn business computer security software data data security software Digital River India Marketing Media Breakaway Security (finance) Software license

Laptop Theft at George Washington University

June 8th, 2010

: George Washington University

According to the latest new reports by an independent news paper of George Washington University, atleast four laptops have been stolen from the cars that were parked inside the campus garages or from University-owned buildings over the course of last two weeks. These reports have been official confirmed by a University spokeswoman and the police department at George Town university.

As a data security focussed company, we have always emphasized on ways to prevent laptop theft incidents and secure your data.

First Incident

The University spokeswoman Michelle Sherrard confirmed that the car windows were smashed and two laptops were stolen. It was on May 26, that a contractor told the University Police that he had parked his car in the the Medical Faculty Associates building garage. On his return, the passenger-side rear window was smashed and his laptop was found missing from the vehicle.

Second Incident

The next laptop theft incident happened on June 1 in the Academic Center. The university police department were told by a faculty member that her laptop and wallet were stolen from the secured office.

Third Incident

On 3rd June, another car window was smashed at the Marvin Center garage and the laptop was stolen from the back seat of the car. The incident was confirmed by a student who logged a complaint with the George Town university police department.

As a matter of fact, the UPD officers were also approached by a second complainant, who said that his car window was also smashed and his GPS unit had been stolen. It is obviously quite shocking that no suspects or witnesses were found.

How do you protect yourself?

What has happened with the university students could actually be a real time case with you? There are many times when we carelessly leave our laptop in our unattended office or probably in the backseat of car. While there is not much you can do to prevent laptop thefts, what you can certainly do is prevent the theft of data present inside the laptop.

What we really need to understand is the loss of laptop not only means the loss of physical device but actually the real loss is of critical data that is inside the laptop.

The real issue that we need to solve is how do we secure our data?

By using a data encryption software from Alertsec.

Use Alertsec Xpress

A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.