Log in

Archive for August, 2010

Personal data of psychology patients and unemployed Oregon residents stolen in multiple car robberies

August 19th, 2010

: Data Breach at Oregon

Personal data of thousands of Portland, Oregon psychology students and unemployed residents was stolen in two car burglaries last week. About 4,000 Portland, Ore. psychology patients and 2,900 unemployed state residents will be affected by this data breach.

A laptop containing patient names, Social Security numbers and diagnoses was stolen from the car of Oregon psychologist David Gostnell during the weekend of Aug. 6. The stolen laptop did not have any data security or encryption software installed.

In another incident, a data storage device containing the names and Social Security numbers of unemployed residents of Multnomah County in Oregon was stolen from the car of a Portland Community College (PCC) employee on Aug. 5.

Gostnell runs a private practice in northeast Portland and works at Oregon Health & Science University. Only the records from patients he privately treated were stolen. Though his laptop was password protected, but a disc left in the CD drive contained a partial backup of the hard drive, including sensitive patient information. His briefcase, which contained patient evaluation records, was also stolen. All of those records were recovered in a nearby trash bin shortly after the theft.

Individuals who were privately treated by Gostnell can call (877) 461-7657, if they have questions about the matter.

Meanwhile, in the PCC related incident, a flash drive was stolen that contained the personal information of participants in the Oregon Food Stamp Employment Transition Program, which is operated at PCC and provides support and job-hunting skills for unemployed Oregon residents. A PCC employee who worked at multiple sites was transferring the data from one site to another when the theft occurred. The flash drive was in a bag that was stolen from the car.

Dana, the spokesman for PCC said, “There is no evidence that any name or Social Security number has been used so far”. He also added that PCC has sent letters to affected individuals and has offered them a one-year subscription for credit-protection services.

The college also has posted credit protection information online.

How to prevent data breach?

In cases of laptop theft, the insurance company may cover the hardware loss, but the data might be lost forever, or in worst cases might land in the wrong hands. Thus, data security software is required which will reduce the theft to merely that of hardware. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Source: http://www.oregonlive.com/, The Oregonian, “Car thieves get personal data on Portland psychology patients, unemployed Oregonians,” Aug. 12, 2010.

Security Briefing: August 13th (liquidmatrix.org)
GadgetTrak 3 Released – Making it Easier to Track Stolen Laptops (themactrack.com)

No comments »

Posted in Uncategorized

Tags: Multnomah County Oregon Oregon Oregonians Portland Portland Oregon security Social Security number United States

Laptop of Portland Psychologist stolen, 4000 patients face possible identity breach

August 17th, 2010

Dr. David Gostnell, a Portland psychologist is alerting 4,000 patients after his laptop, which contained personal health information, was stolen from his car on July 7.

The laptop contained clinical evaluations, with patients’ full names, Social Security Numbers & diagnosis. Gostnell’s briefcase was taken as well, but was recovered from a nearby garbage bin. It contained individual evaluation records. The theft was reported to the police the next day.

Although the laptop was password protected but he was not using any computer protection software. Also, there was a disc in the CD drive that contained a partial backup of the hard drive, Gostnell said. He also added, the breach doesn’t involve any patients he evaluated at Oregon Health and Science University Hospital. Patients at his Northeast Portland practice, however, should call 1-877-461-7657.

He doubts if the laptop was stolen for the purpose of identity theft and believes that till now none of the personal information has been misused or leaked.

According to OHSU’s website, David Gostnell, Ph.D. is a clinical assistant professor in the Departments of Neurological Surgery and Medical Psychology, consulting with neurosurgeons and other physicians in chronic pain conditions and performing pre-surgical psychological assessments.

At OHSU and in his private practice in Northeast Portland, he assesses and treats patients with neurological disorders. He also acts as a consultant with Kaiser Permanente.

How Alertsec Xpress Would Have Helped

If you use a laptop encryption software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

No comments »

Posted in Uncategorized

Tags: Crime David Gostnell Hardware Health identity theft Portland Oregon Social Security number Theft

Department Of Veteran Affairs begins posting Data Breach report online

August 16th, 2010

: Image via Wikipedia

The Department of Veterans Affairs (VA) has begun posting reports about data breaches on its website, once again showcasing its transparent policies.

Since VA is the largest healthcare organization on the planet and has thousands of contractors, it experiences a variety of data breach incidents each month. It must notify Congress monthly about both routine and major data breaches, a requirement imposed in the aftermath of several security break-downs during the past year.

For example, a report (PDF) from July 5 to August 1 shows the agency lost two PCs, 13 BlackBerry devices and six laptops. It also reported 103 of so-called “mis-mailed” incidents, and 90 “mis-handling” incidents. The report said, all of the lost laptops were encrypted. Now, the public can see those reports for themselves, as VA has begun to post them online since August 11.

“We gain a lot with transparency,” VA chief information Roger Baker said about making the report public. “When you see what normally happens and how they are handled, it lends a bit of confidence what we’re going to do when more serious ones occur,” he added.

“For example, losing smart phones is a common security problem at VA, as it is elsewhere. However, it’s difficult to impose consequences for the losses. There isn’t a cost benefit to denying the issuance of another smart phone to physicians and other professionals who lose them because the devices are inexpensive relative to the productivity gains they provide,” Baker said.

“I don’t take losing a couple of hundred dollars of taxpayer money lightly,” he said. “But compared with a doctor that we may be paying $300,000 a year, I don’t want them spending time trying to figure how to get a new Blackberry. I want them to have a new Blackberry in their hands so they can be certain of providing patient services.”

VA also has a policy of encrypting mobile devices in order to reduce the potential for the misuse of personal or confidential information by making the device unusable when it it lost or stolen.

Since taking his position, Baker has made a conscious effort to streamline the IT operations at the VA, with data security being a priority. The posting of the reports also shows how far the agency has come in terms of transparency and accountability for its IT operations, which has been criticized for serious in-efficiency in the past.

Also, Baker has put into place an accountability program that flags IT projects behind schedule or over budget. This program saved the agency $54 million in its fiscal-year 2010 budget.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

No comments »

Posted in AlertSec Xpress, Data Protection, data breach

Tags: data breach data security Encryption Personal computer Roger Baker security United States Department of Veterans Affairs Veterans Affairs Department

Personal details of Westfield Bondi Junction exposed in Data Breach

August 14th, 2010

The personal details of people that shop at Westfield Bondi Junction have been exposed on the Internet, following a direct marketing email mishap on Monday night, the 9^th of August.

Westfield has already notified the subscribers to its mailing list stating that customer details were visible on the web for eight hours. In a note sent to customers, Westfield said it experienced a “technical problem” with a link in an email newsletter sent to subscribers, asking them to update their contact details.

“As a consequence, the personal information of people who updated their details between 6.18pm on Monday 9 August 2010 and 2.30am on Tuesday 10 August 2010 may have been able to be viewed by other subscribers clicking on the link during that time,” the note stated.

The shopping giant also claimed that within three hours of the newsletter being sent, its staff was made aware of the problem and the issue was resolved by 2.30 am on Tuesday.

According to the company’s privacy policy, Westfield would usually collect only the names and email addresses of subscribers, and the owners of shopping centers it builds or leases. It also collects domain information and IP addresses, and logs user’s browsing behavior whilst on the Westfield site. Their privacy policy also mentions that its customer database “is protected by a firewall as well as host-based security.

Westfield remained unavailable for comment when it was approached to reveal how many customer records were exposed and the nature of personal information contained within them.

“The data is not transmitted over the Internet once it has been stored in the database. If Westfield ever has a requirement to transmit the data over the Internet (For example, to make an off-site backup) it will be in encrypted form. The electronic environments are real-time monitored by Westfield and a third party specialist security monitoring company”, the privacy policy states.

Westfield described this matter as a ”one off occurrence due to a technical problem which has now been remedied and will not occur again.

“However, you should be aware that any personal information you uploaded during this period may have been viewed during this time,” the shopping giant told customers. ”If you receive any unusual emails, telephone calls or other communications you should treat these with caution.”

Currently there is no formal data breach notification requirement in place under Australian law that would require Westfield to notify its customers, but the Australian Law Reform Commission expressed a desire for the Federal Government to introduce such a law in a report released two years ago. In its absence, Australia’s privacy commission has sought organizations to create a voluntary code to self-regulate.

Secure your organization with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

For security and technology observations, consider following us on Twitter.

No comments »

Posted in data breach

Tags: Bondi Junction New South Wales Cryptography IP address Personal computer privacy security Twitter Westfield Bondi Junction

Leakage of personal information leaves students & employees of six Florida universities exposed

August 13th, 2010

Six colleges in Florida had their students and employees’ personal data exposed due to a state library service center software glitch. The information was publically available on the Internet for 5 days.

Students, faculty, and employees at Broward College, Florida State College at Jacksonville, Northwest Florida State College, Pensacola State College, South Florida Community College, and Tallahassee Community College, all are at risk of exposed personal data, according to The College Center for Library Automation (CCLA), which provides automated library services and electronic resources to Florida public colleges.

Private information such as Social Security Numbers, names, driver’s license and card numbers of an estimated 126,000 students and employees was available on the internet after a library services firm serving the colleges inadvertently left the information in its database exposed for five days. The personal information in CCLA’s database did not include financial data or library usage records, and it was exposed between May 29 and June 2.

Six state community college colleges were affected because their borrower records were contained in temporary work files that were being processed at the time the breach occurred. The library agency learned of the incident on June 23, after a student reported finding his Social Security Number on the internet through a Google search.

The CCLA did not provide details of what the software upgrade entailed or why the upgrade left the database exposed, except that the compromised records had been stored in temporary work files that were being processed when the breach occurred.

“We pride ourselves on protecting private information and deeply regret this inadvertent exposure,” said Richard Madaus, CEO of CCLA. “I apologize to those involved for any worry or inconvenience this may cause them. We will continue to enhance our technology to safeguard all of the information entrusted to us.”

He also added “We’ve had some new grad hires who said when they took tests in college, they had to write their SSN on top of the test” to identify themselves, he says. “I think that’s changing, but there still are some old systems out there that need to be updated.”

The affected individuals are being notified by snail mail. Moreover, the agency has started with the investigation after discovering the breach, and the case has also been turned over to the county sheriff’s office. Also, the CCLA has set up a webpage about the breach and recommends that people affected by the breach place free fraud alerts on their credit files and check their credit reports for suspicious activity.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.