Archive for July, 2010

« Older Entries

Tesco Bank Data Breach & Verizon’s Security Report

July 30th, 2010
Verizon logo
Image via Wikipedia

Tesco Bank Incident

The personal and financial details of dozens of Tesco Bank customers have been leaked resulting in possible fraud. The cause of the incident has been attributed to the action of staff who sent the unprotected personal data in the post.

The data was being sent over post from Manchester to Glasgow and was lost somewhere between that. Customers of the bank were already fuming over a dispute with Tesco Bank as they were levied charges for controversial payment protection insurance on Tesco credit cards.

From their side, Tesco is blaming a ’service provider’ for the data loss. Also the employee who is responsible for sending the details is a a staff member from taxpayer-owned Royal Bank of Scotland (RBS) an was working as a contractor for Tesco Bank. The Royal Bank of Scotland has taken full responsibility of the incident but has refused to divulge further details and answer questions about the incident.

The loss was discovered by Tesco Bank last month. On incident discovery, Tesco bank started contacting customers about the problem in July and as a gesture for the loss offered two years of free insurance against potential losses arising from the breach.

Apparently, the impact of the incident is small due to less customers but having said that the incident opens the slack procedures adopted by financial service companies to secure confidential customer information.

A spokesman of Tesco Bank said: ‘Tesco Bank and the service provider have robust rules and procedures for handling customer information. ‘There is no record of the correspondence being sent by courier or recorded delivery. That leaves the possibility that it was sent by standard mail, contrary to ours and our suppliers data handling procedures. ‘Therefore, we have taken the precaution to inform our customers and take steps to safeguard their accounts.

Verizon Data Breach Report

In another news, Verizon has published a thorough report detailing out the number of data breach incidents resulting in theft of electronic records. As an encouraging statistic, it is nice to see the total number of compromised data breaches going down to 143 in (2009) compared with 285 (in 2008).

The report which is slightly contrasting to the study conducted by Ponemon institute, attributes the dip to law enforcement success, including the arrest of Alberto Gonzales in 2008.

Some statistics from Verizon’s report:

  1. 96% of breaches could have been avoided through simple or intermediate controls.
  2. 141 breaches from 2009 investigated by U.S. Secret Service (84) or Verizon (57) involved a patchable vulnerability
  3. More than half of the breaches were discovered by outsiders after a long period of time (60% of breach incidents).
  4. The organized criminal groups were behind 85% of the data stolen in 2009

The full report can be downloaded from Verizon Business Web site.

The biggest gap indicated by Verizon’s report is inadequate expenditure on security processes, systems and software. While organizations have started investing on data security software and laptop encryption software, there is still a long way to go in terms of adoption among most enterprises.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

No comments »

Posted in data breach

Tags:

Cost of One Breach = $1 Million To $53 Million via Ponemon Report

July 26th, 2010
A diagram showing the reverse side of a typica...
Image via Wikipedia

According to a recent study conducted among 45 Every week there is atleast one attack on organizations and the cost of these attacks varies from $1 million to $53 million per year, according to a newly published benchmark study of 45 U.S. organizations hit by data breaches.

Background about the study

The study conducted by Ponemon Institute has been titled “The First Annual Cost of Cyber Crime Study” (PDF). The average cost of cyber crime for american companies is a loss of $3.8 million a year. Primarily this covers all aspects ranging from detection to investigation to containment and recovery.

Over a course of ‘4′ week period, Ponemon Institute conducted interviews with 45 organizations from various verticals. The people who are handling the data protection vertical and IT practitioners from various organizations were interviewed. These people shared the average volume of threats faced by them everyday.  The number of attacks experienced by these companies in a week were ‘50′ which is higher than one successfull attack per organization.

The second study conducted by Digital Forensics Association is called as “The Leaking Vault” (PDF). The details of this reports are again quite surprising and have also come as a strong eye-opener to all the involved organizations.

It has been found out that among the 2,807 data breaches which were publicly disclosed worldwide during the last five years, the cost to the victim firms was a whopping $139 billion.

Results from the report

Some underlying statistics from the report:

  • Nearly half of all of the reported breaches have comefrom a laptop, which was stolen in 95 percent of the cases signifying the important of encryption software.
  • Actual hacks accounted for the most stolen records during 2005 to 2009, with 327 million of the 721.9 million covered in the report.
  • It was also found out that Web-borne attacks, malicious code, and malicious insiders are the most costly types of attacks
  • The costs are as follows:
  • Web-based attack – $143,209
  • Malicious code – $124,083
  • Malicious insiders – $100,300

More than one third of security breaches during the ‘5′ year period exposed Social security numbers clearly indicating that leakages expose SSNs. At the second rank are the credit cards which are exposed 14 percent of the times. At an overall level malware leads the attacks at 25% followed by SQL injection attacks at 24%. The stolen credentials were found out in 16 percent of the cases.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles by Zemanta
Enhanced by Zemanta

3 comments »

Posted in Uncategorized

Tags:

Celebrities Suffer in Hell Pizza attack in New Zealand

July 25th, 2010
Hell Pizza
Image via Wikipedia

The customer’s database of Hell Pizza – a popular pizza company in New Zealand has been attacked resulting in data theft of several celebrities.
Most of the customers whose details have been stolen are celebrities including DJ Mike Puru, Target presenter Brooke Howard-Smith, comedian Dai Henwood, entrepreneur Seeby Woodhouse and former Green Party MP Nandor Tanczos. To provide the proof that the details have been cracked, the hackers have released the personal details of several celebrities in the New Zealand.

Some of the details that have been taken are email and home addresses, phone numbers, pizza orders and passwords. To confirm the incident, Hell has also called the cops and provided an email warning to its 230,000 customers for change in the internet passwords.

Green Party MP Nandor Tanczos said that he is not too worried by people knowing his taste in vegan pizzas but is off-course concerned by other information going out in open.

DJ Mike Puru said, “It does scare me to think how easy it is to get that information. I can confirm I do like chicken tenders.”

The only person is not affected by the hack attack is comedian Dai Henwood.

He said, “My Twitter has been hacked, my Facebook has been hacked and I’m pretty sure half of New Zealand has my phone number already. I have nothing bad to say about Hell.”

The director of Hell Pizza Warren Powell mentioned that data attack is a major concern for the company and is a matter of serious issue. He said anything that causes problems for the customers is not acceptable and the company is trying its best to location the source of security breach.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles by Zemanta
Enhanced by Zemanta

No comments »

Posted in Hackers, data breach

Tags:

Ministry of Defence has lost 1000 Laptops in 6 Years

July 24th, 2010
Usb floppy drive
Image via Wikipedia

As per the new statistics, the Ministry of Defence has lost or has overseen the theft of over 1000 computer laptops in the last ‘6′ years according to the new figures.

According to the latest update, the 11 Whitehall departments were the worst sufferers and have seen the loss of ‘340′ laptops which have accounted to losses over £600,000. These figures are in addition to the data lost from 2004 to 2008 which showed that the MoD had reported around 747 lost/stolen laptops which brings the total number of stolen laptops in the past six years to 1087. Due to this the cost to the taxpayer is more than £1 million.

Sir Edmund Burton has strongly criticized the department in a report prepared in June 2008.  At that time, a Royal Navy laptop containing records of 600,000 recruits and potential recruits to the armed forces was stolen.

Out of the ‘340′ laptops lost in the last 2 years, the MoD department has revealed that 120 laptops were stolen and 220 were lost. Only 25 laptops were recovered. In addition, there were 593 CDs, DVDs and floppy disks, 96 hard-disk drives, 215 USB memory sticks and 13 mobile phones which went missing. Out of these, laptop encryption software was present on 157 laptops.

The monetary value of these storage and removable media devices like CDs, DVDs, floppy disks etc. has been estimated at £620,193. Out of these only £45,804 of equipments have been recovered. » Read more: Ministry of Defence has lost 1000 Laptops in 6 Years

No comments »

Posted in Uncategorized

Tags:

South Shore Hospital Data Breach Incident

July 20th, 2010
First 4 digits of a credit card
Image via Wikipedia

The back-up computer files which contained the personal information of 800,000 people may have been lost when they were sent to a third part contractor for destruction. The data breach of these 800,000 records has been reported by the Massachusetts Facility.

Although the contractor has not been identified by the officials, it is generally believed that the files were never received by the officials. As per the knowledge of an independent security consulting firm, special hardware and technical knowledge is required to open information in the files.

Apparently, these files were shipped for destruction in February as the file format in which they were stored was no longer in use. It was in June that the hospital realized that the contractor never received some of these files. The ones that were received by the contractor were destroyed.

While there is no news on the misuse of information present in the files, the incident does bring about serious concerns for the thousands of patients for whom there is a big identity risk.

About the Data

The backup computer files is believed to have included individuals’ full names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, protected health information including diagnoses and treatments relating to certain hospital and home health care visits, and other personal information. The bank account information and credit card numbers for a very small subset of individuals are also believed to have been present on back-up computer files.

The files contained information on physicians, volunteers, donors, patients, employees and other business partners who were associated with South Shore between Jan. 1, 1996, and Jan. 6 2010.

Richard H. Aubut, president and chief executive officer of the Weymouth hospital said, “We are sorry for any concern we are causing anyone at this time,’’ “We are still searching for those files.’’

Richard added that the hospital is no longer using offsite data destruction services and has put the required policies which will ensure that the backup data will not be lost.

According to the Massachusetts law the companies are required to inform the state attorney general whenever they come to know about theft or loss of personal information. Over the last three years, the attorney general office has received 1,370 such notifications.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

No comments »

Posted in data breach

Tags: