Log in

Archive for July, 2011

UNLV informs data breach to it employees after 3 years

July 29th, 2011

Breach at UNLV reported after 3 years

After 3 years the University of Nevada at Las Vegas (UNLV) has informed its 2000 employees about a data breach that took place in 2008

UNLV currently houses 28,000 students and 3,300 faculty and staff.

How was the breach discovered?

The UNLV Office of Information Technology found out about the breach during a maintenance check on a computer in the school’s Controller’s Office. It appeared that an unauthorized person might have accessed names and social security numbers of employees in 2008.

According to UNLV spokesperson “Though unauthorized access has not been confirmed, the Office of Information Technology continuously works to ensure sensitive data are protected and has taken steps to notify those potentially affected”

An email sent by the school says “If a breach occurred, those affected would be at an increased risk for identity theft”

How much information was leaked?

Information from employees who participated in a computer-purchasing loan program was compromised. In addition Social Security numbers of around 2,000 employees was accessed. Apparently no financial information, such as bank account numbers were accessed.

This is the first large data breach at the UNLV.

A statement issued by the school “Though unauthorized access has not been confirmed, the Office of Information Technology continuously works to ensure sensitive data are protected and has taken steps to notify those potentially affected”.

Student reactions

“I’m sure they’re doing everything they can. But it seems that not even Sony and big corporations can protect you, so we’ll see,” said Oscar Quiroz, UNLV civil engineering student

How is the investigation coming up?

The breach took place 3 years ago but was found out only now. It is not an easy task for the UNLV to find out how it happened considering the time frame. The investigation shows that it was not done by an external hacker. The employee who had used the computer during that period is no longer employed at UNLV hence it is very difficult to find out who the culprit was.

Strengthening Data Security at UNLV

Security policies are being reviewed by the UNLV officials. Training programs are being revised to ensure better data security. New measures are being implemented to protect personal information from internal and external dangers.

The University wants every student to visit this link information on detecting identity theft and what to do if your identity is stolen

Encryption software like Alertsec’s would have helped!

The use of encryption software would have helped to keep files protected on the computer. With encryption installed, none of the information or credentials would have been lost. Alertsec uses industry leading Check Point Full Disk Encryption (former Pointsec) software to create a web based encryption service that simplifies deployment and management of PC encryption

The best way to protect information stored on a PC is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

Alertsec is part of the Durator Group which has been awarded the highest credit rating available.

No comments »

Posted in Computer security, Data Protection, Security Flaw, computer security software, data breach, data encryption

Tags: Check Point data breach data security disk encryption Encryption identity theft security Social Security number

Cloud computing could be the answer to the recent hacking attacks

July 28th, 2011

Time to move to Cloud computing?

It is high time security standards for data are redefined. The recent hacking attacks stress this need and laws against hackers need more strengthening.

Is cloud computing the answer to the hacking question?

The Commission on the Leadership Opportunity in U.S. Deployment of the Cloud, or CLOUD2 — came up with a plan as to how the government should work with industry, academia, and other nations to use Cloud technology effectively.

The government will study viable cloud computing solutions for technology and make a decision about its implementation in federal IT.

The CLOUD2 commission body consists of 71 of the nation’s experts from the cloud computing industry who dedicate more than 2,000 hours of work in person and in the cloud. The Commission is headed by Salesforce.com Chairman and CEO Marc Benioff and VCE Chairman and CEO Michael Capellas.

The CLOUD2 commission is hoping to use cloud adoption to foray into the global IT world and create employment.

“The debate around cloud computing is over – everyone agrees the shift to the cloud is inevitable,” said Marc Benioff, chairman and CEO, salesforce.com and the Commission’s Co-chair. “The Cloud First Buyers Guide for Government provides the best practices for how agencies can evaluate and deploy cloud services, helping them make huge gains in productivity and efficiency.”

According to Michael Capellas, CEO of VCE, a cloud venture backed by Cisco and EMC “Today’s recommendations by the commission will help further accelerate adoption of cloud computing within the government infrastructure,” Capellas said in a statement. “Faster adoption of cloud computing will strengthen the United States’ leadership position in the global marketplace and ignite creation of jobs that will be in high demand over the next decade.”

The 14 recommendations include four important areas of cloud computing

Trust –organizations must trust that the cloud can help secure their data and provide protection against hacking

Transnational Data Flows – Cloud has no national borders. Its full potential will be realized only via data flow across international borders

Transparency- cloud providers will earn confidence from corporate America and government agencies by providing users meaningful ways to evaluate cloud implementations and for vendors to share relevant and reliable information about their capabilities to build trust in the system.

Transformation – For cloud’s implementation there must be a change in how the federal government acquires technology; thereby creating jobs

The Commission has also produced a Cloud Buyer’s Guide, it is available online at http://www.cloudbuyersguide.org/

Presentation of the above recommendations

The committee has presented its recommendations with federal CIO Kundra (outgoing), Commerce Secretary Gary Locke, and Pat Gallagher, director of NIST.

Concerns over cloud

Although companies can benefit from the cloud, they are still concerned about the security risks.

David LeDuc, SIIA’s senior director of public policy says ” “The reality is that most of the fear associated with security as it pertains to cloud computing, is that people think they’ll have less control over the systems and the information. They feel they’re relinquishing direct control of their data,”

Data stays safe with Alertsec

Alertsec Xpress offers a customizable data encryption software solution from Checkpoint, the industry leader in encryption software (former Pointsec). Alertsec has come up with a web based encryption service that helps in deployment and management of PC encryption.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: business Check Point Chief executive officer Cloud computing disk encryption European Commission Federal government of the United States Information Technology Michael Capellas Software and Information Industry Association United States Victorian Certificate of Education

Sony’s mainstay insurance provider refuses to accept liability for damages and compensation

July 25th, 2011

Battle between Sony and Insurer Zurich American Insurance Co. over Playstation hacks

After reading this piece of news you might wish you were not a PlayStation Network (PSN) user!

Sony’s mainstay insurance provider, Zurich American Insurance Co., is refusing to accept liability for damages and compensation regarding the recent hacks where 77 million PSN customer accounts were compromised.

The insurance provider has filed legal papers covering a total of 55 pending class-action lawsuits that customers have lodged against Sony.

The firm has brushed off its responsibility of covering data breach monetary damages as well as any other miscellaneous claims made by Sony.

History

Sony’s PlayStation Network and Qriocity networks were compromised in the month of April. According to their statement “An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services,”

On Tue April 26 Sony confirmed that personal data of millions of customers had been compromised.

On Wed April 27 a class-action lawsuit was filed in the U.S. accusing Sony of failing to protect, encrypt and secure the private and sensitive data of its users.

Present

Nevertheless, Sony has gone ahead and filed insurance claims as it feels it is a fair coverage under previously agreed upon terms.

According to Sony the financial loss from the breaches is more than $178 million this year. The Japan based firm wants the insurer to cover costs related to the 55 class-action lawsuits under a general liability insurance policy written by Zurich.

Customer reactions and cyber risks

Customers are furious about their loss of privacy and waiting for settlements. It is time to redefine cyber security and the legalities there in. Companies are under the impression that general liability insurance covers everything. According to Ty Sagalow, an insurance consultant and founder of Innovation Insurance Group, “There are probably still some risk managers out there that think that their comprehensive general liability policy cover breaches,” says Sagalow, who was one of the main experts in charge of first drafting cyberinsurance policies for Zurich when he worked for the company prior to starting his own consulting shop. “These types of cyberevents are not covered in the typical standard forms of insurance.”

Cyber insurance

Cyber insurance is the insurance which covers loss occurred over the internet . The phenomenon is a recent one and yet to stabilize. Hence organizations like Sony must take into account adding additional coverage that can hold up to court scrutiny when things go haywire.

How can Alertsec help in cases of data breach?

Alertsec Xpress is the security service that protects data stored on your PC. As laptops are used in place of desktops, chances of data getting hacked are more. Unless your laptop is encrypted, you are running a big risk of your data getting compromised.

Encryption software helps enhance the laptop security. Alertsec uses industry leading Check Point Full Disk Encryption (former Pointsec) software that simplifies data protection.

No comments »

Posted in Data Protection, Encryption, Hackers, Identity and Information loss, Uncategorized, identity theft

Tags: breach notification Class action Computer security data breach data security data theft prevention Enter your zip code here Games insurance Liability insurance PlayStation 3 PlayStation Network Qriocity security Sony United States Video game Zurich

Online political activist, Aaron Schwartz, faces jail time for data theft

July 23rd, 2011

Schwartz arrested for stealing data

Heard of sophisticated hacking? Narrated below is a classic case of one such hack.

Harvard researcher and founder of Reddit, Aaron Schwartz, has been arrested in Boston on charges related to computer hacking. It appears he allegedly downloaded articles that he was entitled to get free.

According to Lawrence Lessig, the Harvard center’s director, where Mr.Schwartz recently completed his fellowship said“Aaron has never done anything in this context for personal gain — this isn’t a hacking case, in the sense of someone trying to steal credit cards,” . “That’s something JSTOR saw, and the government obviously didn’t.”

The indictment

According to the indictment the researcher, Aaron Swartz, broke into the computer networks at the Massachusetts Institute of Technology. He wanted to gain access to JSTOR, a nonprofit online service for distributing scholarly articles online. He allegedly downloaded 4.8 million articles and other documents. It won’t be an exaggeration if we say he downloaded the entire library! To top it all he did this without authorization and distributed the documents through file sharing networks.

Post-Indictment

Demand Progress has set up a web page and petition in support of Swartz. They are questioning the indictment and the legal strategy that makes downloading “so many journal articles” a felony that should be punished with jail time. Demand Progress is the website where Aaron earlier worked as an Executive Director. According to the website “the alleged victim has settles any claims against Aaron, explained they’ve suffered no loss or damage, and asked the government not to prosecute.”

Mr. Schwartz is looking at 35 years in prison and $1 million in fines for charges related to wire fraud, computer fraud and unlawfully obtaining information from a protected computer. He was arraigned in Federal District Court after surrendering to the authorities. Surprisingly he has pleaded not guilty to all counts. He was released on $100,000 unsecured bond

History

Aaron released a “Guerrilla Open Access Manifesto,” in 2008 asking activists to fight against the sequestering of scholarly papers.

“It’s time to come into the light and, in the grand tradition of civil disobedience, declare our opposition to this private theft of public culture,” he wrote. One goal: “We need to download scientific journals and upload them to file-sharing networks.”

Attorney’s statement

A United States attorney, Carmen M. Ortiz, said: “Stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data or dollars. It is equally harmful to the victim whether you sell what you have stolen or give it away.”

Was data compromised?

Apparently no personal data was compromised. Around 7,000 institutions are members of JSTOR and pay fees as per their financial position. 14% of subscribers pay no fee at all. The JSTOR archives feature journals focused primarily on the humanities and social sciences.

Alertsec and data security

Organisations and individuals are being trained to deal with their data security in a better way. Companies are required to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is the security service that keeps all your data secure through encryption software.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Lawsuits and settlements, Uncategorized, computer security software, data breach, data encryption, identity theft

Tags: Aaron Schwartz aaronswartz breach notification laws computer encryption software data breach data security Enter your zip code here Filesharing Harvard University Indictment JSTOR Lawrence Lessig Massachusetts Institute of Technology Reddit United States Attorney United States district court

The European Commission plans to implement new rules in the EU

July 19th, 2011

Cyber-attacks on big and small companies are making headlines these days. Valuable information is getting compromised. This has led the European Commission to consider revising the European Union’s personal data breach notification laws.

Most data about customers like names, addresses and bank account details is held by ISP’s and Telecom operators. According to the ePrivacy Directive they are required to keep this data safe and inform users if sensitive information has been compromised. They are also required to inform about data breaches to the relevant national authority.

Sometimes national laws conflict with those implemented by the European Union. What is important at this point of time is to create a law that would be equal for all Member States.Digital Agenda Commissioner Neelie Kroes is currently seeking opinion related to laws and regulations from all Telecom operators ISPs, Member States, data protection authorities, national regulatory authorities and consumer organizations.

“The duty to notify data breaches is an important part of the new E.U. telecoms rules,” she said. “But we need consistency across the E.U. so businesses don’t have to deal with a complicated range of different national schemes. I want to provide a level playing field, with certainty for consumers and practical solutions for businesses.”

In addition, Justice Commissioner Viviane Reding is of the opinion that the data breach notification should also include online banking, video games, shopping and social media.

“It is important that users are notified if someone has unlawful access to their data. A social network with more than 200 million users in the E.U. must stick to E.U. law, even if it is based in the United States and its data is stored in a so-called cloud,” said Reding referring to Facebook.

“Seven days is much too long,” she said, referring to Sony’s delay in reporting a security breach involving 77 million PlayStation Network account holders in April this year.

ISP’s, operators can send in their opinions until Sept. 9. Input is required on security techniques, notifying victims, the means and content of notifications and levels of breaches (based on their seriousness, urgency).

The European Commission hopes that the new rules will help in better data protection thereby reducing the no of data breach cases.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.