Archive for January, 2011

Cost of Identity Theft (Graphic)

January 30th, 2011

In their latest blog-post, Mashable has talked about the infographic created by Sam Franada of Lines & Moodswings for KGBPeople which is based on data from Wikipedia, the I.D. Theft Center and other sources.

According to the info-graphic it is mentioned that 10% of Americans have had their identities stolen, and on average lost around $5,000.

The average cost for businesses worldwide leads to a staggering $221 billion each year.

Identity Theft

Enhanced by Zemanta

Two Unencrypted Laptops and an iPad of NFL Employees stolen

January 30th, 2011
The new NFL logo went into use at the 2008 draft.
National Football League

National Football League Employee’s Laptop Stolen

If an encryption software had been used to protect the data, there would be minimal chances of Identity theft from the stolen devices. In a fresh incident, two more National Football League (NFL) employee’s laptops have been stolen at the Dallas Convention Center on Sunday.

The stolen laptops belonged to a private investigator and a security consultant based in California. Both employees were preparing the Dallas Convention Center for the NFL Experience. The convention center is hosting the NFL Experience, an interactive theme park with games, displays, autograph sessions and a memorabilia show. These laptops not only stored sensitive information but also not protected with encryption software.

Similar Incident Happened just two weeks ago

A similar incident happened earlier this month in Arlington, a laptop containing NFL and Super Bowl XLV credential information was stolen from a car parked outside a restaurant. According to Arlington police, several thumb drives and security credential artwork were also stolen with the laptop. These devices belonged to a NFL employee working on Super Bowl XLV.

In this case police arrested three people, but was not able to recover the laptop. In the current case Police do not have any suspects but believe that the above two incidents are not related.

NFL Employees left Devices Unattended

Dallas police Sr. Cpl. Kevin Janse said, “Someone stole two laptops and an Apple iPad that had been left unattended for about 25 minutes inside a ballroom at the location. The property belonged to two employees hired by the NFL. None of the devices contained information that would compromise or jeopardize the security of any Super Bowl-related events”, he added.

According to Janse “The devices contained no important security or otherwise sensitive information relating to the Super Bowl” and there was no security concerns related to the theft. The stolen devices were left unattended at a Starbucks kiosk for 25 minutes inside a ballroom.

Janes further said, “The laptop theft was nothing more than a crime of opportunity and that the suspects probably didn’t even realize who the owners of the property were”.

This is just a case of carelessness of NFL employees. It’s a dumb activity to leave important devices at an unfamiliar coffee shop for Twenty Five Minutes. The NFL said that theft didn’t compromise security and only artwork for credentials that was subsequently changed after the theft. We can only hope that NFL would be more active towards securing the data as this was the second laptop theft case in one month.

How Alertsec Xpress Would Have Helped

The above mention situation shows how much Full Disk  Encryption is necessary to stay secure and protect your data from the laptop thefts. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

Department of Health and Human Services Announced an Internal Data Breach

January 28th, 2011
The Department of Health and Human Services he...
Health and Human Services Headquarter

Every week we post  news about data breach incidents, some of which also involves the identity theft and activities around financial security. Data breach news, may be not the best way to remind you of the need for security but through this we make you aware that don’t just read or watch the news. To stop such cases you need to act and take immediate action like using data protection and data encryption software like Alertsec Xpress.

Department of Health and Human Services

The latest news of data breach is of the North Carolina Department of Health and Human Services. DHHS has announced an internal data breach that computer disks belonging to the Division of Services for the Deaf and the Hard of Hearing are missing. DHHS claims that the missing disks accidentally fallen in the landfill as there a renovation process was going on in the North Carolina DHHS office.

According The DHHS press release, “a set of computer disks belonging to the Division of Services for the Deaf and the Hard of Hearing (DSDHH) may have been accidentally discarded and likely taken to a landfill”.

This statement makes it clear that they were also not sure about the disk taken to a landfill. Might be, the disks were stolen while offices were being renovated. Although the breach is not clear but according to the NC Senate Bill 1048, it is a case of data breach and DHHS has to inform the victims of the breach.

Disks were Locked Under a Secret Code

The disks contained personal information of clients who had applied for services from the Equipment Distribution Service within DSDHH from January 2005 through December 2008. For the security measure disks were encrypted since 2008.  Although disks were locked under a secret code but that code was very easy to crack.

For precautionary measures DSDHH is sending the letters to each person whose information was stored on the missing disk. This letter included the information related to the incident and guidance how they can protect themselves from identity theft. DHHS also notified the Consumer Protection Section about the breach and contacted the State Bureau of Investigation.

Concerned or Affected Citizens can Contact DSDHH

DSDHH has added a link to consumer protection information on the division’s website at www.ncdhhs.gov/dsdhh and prepared staff to answer questions from concerned citizens who may have been affected.
Clients with questions or concerns should call (800) 662-7030 (English/Espanol) or TTY for the hearing impaired at (877) 452-2514 between 8 a.m. and 5 p.m. weekdays. In the Triangle, call (919) 855-4400 or (919) 733-4851 (TTY for the hearing impaired). Questions or concerns can also be e-mailed to care.line@dhhs.nc.gov.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.  Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

Health Net is Paying Fine to settle Complaint of Data Breach

January 26th, 2011
Health Net logo
Health insurance giant Health Net

Health Net has been fined to pay $55000 to settle a complaint of data breach by the state of Vermont. This case arose when an unencrypted portable hard drive was missing from the Health Net. This drive contained Social Security numbers, health information and financial information of approximately 1.5 million people. Affected number of people also included 525 Vermonters.

According to the Vermont Attorney General’s office, “Health insurance giant Health Net is ready to pay $55,000 to settle a complaint that it did not inform customers that personal information had been lost along with an unencrypted computer hard drive”.

Vermont Residents didn’t get Inform about Breach

This incident took place approximately two years ago on 14th May, 2009. But Health Net did not start notifying the affected people until more than six months later. When Health Net notified the Vermont residents, they told to them, “the files on the missing drive were not saved in a format that could be easily accessible” so we believe the risk of harm is very low. However report of the Vermont attorney general’s office mentioned, the files which are saved on the missing drive were in TIF format, which can be easily viewed using many types of freely available software.

Attorney General William Sorrell said in a statement “Consumers expect and the law requires that personal information should be treated with the utmost care. Identity theft remains one of the fastest growing crimes in America. Companies must be careful to prevent Vermonters’ sensitive information, especially their medical records, from falling into the wrong hands” he added.

Security Breach Notice Act and HIPAA

According to the Security Breach Notice Act, “Data collectors notify affected individuals of security breaches in the most expedient time possible and without unreasonable delay”. But Health Net violated this law by not notifying the Vermont residents till the six month of the breech. Health Net also violated the Health Insurance Portability and Accountability Act by failing to secure the protected information. HIPAA provides protections for personal health information and gives patients an array of rights with respect to that information.

The complaint against the Health Net alleges that it also violated the Consumer Fraud Act by misrepresenting the risk posed to affected individuals in the company’s notice letters. This data breach put at risk the personal data of 446,000 Connecticut members. For that, the Connecticut Insurance Department fined Health Net and its affiliates $375,000.

HITECH granted state attorneys general HIPAA enforcement authority in February 2009. Since this is the second HIPAA enforcement action, the first one was the Connecticut’s AG. These breaches are reminder calls for companies that they should take the significant steps like implementation of Encryption Software and Computer Protection programs to assure its members that they are protected.

How Alertsec Xpress Would Have Helped

The information saved in the lost drive might be secured if Health Net used drive encryption software from the companies like Alertsec Xpress. To stay secure, and protect your data from breach incidents, it is vital to use a data security/recovery software. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

University of Sydney Failed to Secure Student’s Private Information

January 23rd, 2011

Data Breach at University of Sydney

University of Sydney is the Another victim of Data Breach

A security flaw in managing web data caused another data breach and this time the victim is University of Sydney. In this data breach the detailed records of the thousands of University students were leaked. The past and present student’s vulnerable data were stored online where they could be easily accessible and down-loadable. The lost record of the students contained student full name, home address, email address as well as the courses they studied and the cost of that course.

A security expert said that it took less than five minutes to access the records of around 55 students. To access the any student’s information you need only that student’s ID number, but just by entering the numbers in the internet browser’s address bar brings students’ private information randomly.

New South Wales Investigation Report

New South Wales is Australia’s most populous state and located in the south east of the country. The office of NSW Privacy Commissioner is investigating this data breach incident. NSW acting privacy commissioner, John McAteer said in a statement that judging from the information; it appeared the university might have violated section 12(c) of the NSW Privacy and Personal Information Protection Act 1998.

According to this act, “a public sector agency that holds personal information must ensure that the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse”.

Vice-chancellor Sent Email to Inform the Students

This website was made aware of the breach after it revealed that the website of University of Sydney was sabotaged and altered by a hacker. After this website informed the University of the Breach, it blocked the access to the vulnerable part of the website.

The vice-chancellor and principal Michael Spence, sent an email related to data breach to all students. In the mail he said that unfortunately a malicious hacker managed to access the university’s home page and some high level corporate web pages, last week. So the university had engaged two of Australia’s leading web security organizations to investigate this matter.

Law enforcement authorities were not informed about Breach

A spokesperson said that the incident had not yet been reported to any law enforcement authority. According to newspaper information, the university was told about this security threat in February 2007, but did not take any action to secure the information.

Michael Spence, declined to comment on the possibility of an earlier report, but said that he was “appalled to be notified that some records could be accessed in this manner”. He said that the university would take action immediately to close it.

As threats of data security are growing nowadays, it must for the organizations to do proactive assessment and mitigation of threats. By taking the proper measures and by using the data encryption software companies can secure their customers confidential data. It’s crucial for the organizations to safeguard websites from the security breaches.

How Alertsec Xpress Would Have Helped

To stay secure, and protect your data from breach incidents, it is vital to use a data security/recovery software. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta