Archive for October, 2013

Adobe : 38 million accounts affected in data breach

October 31st, 2013

US-based Adobe Systems, which sells Photoshop and Acrobat software, told that accounts and passwords of 38 million users had been compromised by cyber criminals.

An Adobe spokesperson said “Our investigation has confirmed that the attackers obtained access to Adobe IDs and what were at the time valid, encrypted passwords for approximately 38 million active users”.

The California-headquartered firm said it has informed all the affected users and has reset their passwords.

As told by Adobe, the company faced two attacks from cyber criminals who stole credit card data of 2.9 million customers. Its security team had discovered the sophisticated attacks involving illegal access of customer information and source code of many Adobe products.

the spokesperson further added “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident regardless of whether those users are active or not”.

Products made by Adobe are used by film and video makers, web and graphic designers, creative professionals, professional publishers, enterprises and individual consumers. The products are widely used on the Internet, including reading and viewing of documents.

Adobe users avail its various offerings through accounts for which they pay a particular fee depending on the services.

“Our investigation is still ongoing, and we anticipate the full investigation will take some time to complete,” the spokesperson said.

Geographies where the accounts had been compromised have still not been revealed. Adobe has offices in about 34 countries across North America, Asia, Australia and New Zealand, Europe, Middle East, Africa and South America.

It also has a significant presence in India with R&D offices in Bangalore and Noida and sales offices in Bangalore, Noida and Mumbai.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach: Effects on Business

October 29th, 2013

A data breach is a traumatic experience for every person involved, and it can have negative long-term effects. Your business may deal with loss of revenue from customer turnover and brand mistrust for months or years.

According to a survey, two-thirds of adults in US would not return to business if their personal information was stolen. The survey further provides insight into what types of businesses consumers would most likely stop doing business with if their confidential information was stolen.

“With every data breach comes a cost, including lost productivity, a damaged reputation, and most importantly, decreased revenue when customers take their business elsewhere. This research confirms that by failing to make security a priority, businesses can discourage once-loyal customers from returning. It could also stop potential customers from ever patronizing your business.” said John Otten, marketing manager at Cintas.

Banking, healthcare and lawyers as being under the most scrutiny by people When asked which types of organizations patrons would stop doing business with if their personal data were compromised. More than 55% said that they would change their banks and 39% would get a new lawyer. 46% said that they would switch insurance companies, 42% would go to a different drug store/pharmacy and 40% would get a new doctor or dentist. 35% said that they would not return to their hospital.

Consumers want to know if their money is in safe hands and going to where it is intended when they give to a cause. Accordingly, 38% said they would donate to other charity/non-profit organization, while in the event of a breach, 24% said that they would no longer donate to educational institution they attended.

The survey comes as data breaches continue to be reported, and are being perpetrated via a number of vectors.

A former Broward Health Medical Center employee took documents containing the personal information of nearly 1,000 patients from the Fort Lauderdale health system. The records contained names, addresses, dates of birth and insurance policy numbers.
About 960 patients, treated at Broward Health’s main facility, were notified via letters. These simply informed them that their registration documents had been “inappropriately removed.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Seton McCarthy Clinic: Laptop stolen

October 23rd, 2013

A laptop was stolen from a Southeast Austin medical clinic, it had thousands of patients’ personal information. Now the hospital is doing damage control to make sure their patients don’t become victims of identity theft.

The laptop was stolen from the Seton McCarthy Clinic, as told by the Seton Healthcare Family. The clinic is located at 2811 E. Second St.

According to a press release from Seton, its investigation determined that the stolen laptop included demographic information about patients seen at Seton McCarthy, Seton Topfer and Seton Kozmetsky community health centers and the Seton Total Health Partners program.

“Obviously the more information exposed the greater the risk. Identity theft is one of the fastest growing crimes in the U.S. and globally, and it happens on a daily basis. So many people put information on Facebook, Twitter, LinkedIN, that even if an identity thief gets a small amount of information, they can go on to the Web and underground chat rooms and engineer the rest of the identity.” said Joe Ross, president and co-founder of identity protection company CSID.

The laptop did not have encryption software installed as required by Seton policy due to a missed technology glitch during installation, said Saton.

A letter was sent out to all patients who were at risk more than two weeks after the laptop went missing. Information is also available on Seton’s website,

Patients who receive notification letters and have questions can telephone, toll-free, (855) 724-2743.

Ross further said “We’ll monitor your credit file. We’ll alert you if there are any changes in your credit. They’re offering criminal or court record monitoring to alert you if someone has used your identity to commit a crime”.

While hospital officials don’t believe someone took the laptop with the goal of stealing identities, they’re playing it safe just in case.

Austin police are handling the case but say they have exhausted all leads and have suspended the case for now. Officials with Seton Healthcare say they have enhanced security at all facilities and so far no patients have come forward with any reports of identity theft.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Health information of 729,000 patients at risk

October 21st, 2013

Two laptops were stolen from an administration building of a Gabriel Valley-based hospital group. This laptop theft resulted in compromise of health information of 729,000 patients.

The stolen laptop contained data of patients treated at AHMC hospitals: Garfield Medical Center in Monterey Park, Monterey Park Hospital, Greater El Monte Community Hospital in South El Monte, Whittier Hospital Medical Center, San Gabriel Valley Medical Center and Anaheim Regional Medical Center.

The laptops were swiped from a video-monitored office on a medical campus that according to officials is gated and patrolled by security. The suspects broke into the office and stole two password-protected laptops.

AHMC spokesman Gary Hopkins, said the Alhambra police was called by the hospital group as soon as the theft was discovered.

The stolen laptops contained data including patients’ names, Medicare/insurance identification numbers, diagnosis/procedure codes and insurance/patient payment records, According to the information given by hospital group. Some of the files contained the Social Security numbers of Medicare patients.

As there was no evidence that the information was accessed, but that cannot be ruled out. “We regret any inconvenience or concern this incident may cause our patients” AHMC Healthcare Inc. officials said in a statement.

AHMC Healthcare had already hired an auditing firm to perform a security risk assessment and it was following the recommendations, officials said. Administrators will now follow a policy of encrypting all laptops.

“Affected patients may want to place fraud alerts on their credit files and order their credit reports to look for fraudulent activity” said hospital officials.

Under federal law, hospitals with medical data breach involving more than 500 people needs to be reported. The breach of 729,000 files would rank as the 11th largest in the nation when compared to data on the U.S. Department of Health & Human Services website. In California, two other medical groups have had larger data compromises involving more patients.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Laptop stolen: contained unfinished novel

October 18th, 2013

A laptop containing an aspiring novelist’s five years’ work was stolen by thieves during a break-in at his Hallaton home.

Just 30 pages away from completing his novel, Remi Mowla was left devastated by the theft, his family told.

Remi is an English literature graduate and had been working on the book for five years and had written about 400 pages, the subject of which he had kept a closely guarded secret.

The Apple MacBook Pro laptop on which it was written was taken from the Mowla’s home in Medbourne Road, Hallaton.

Remi’s dad Masoud Mowla said his son was too upset to speak about losing his laptop.

He said: “Remi is absolutely devastated. He can’t cope with it, he’s so upset. I think it will take him a few months to get his head around it”.

“I’m not saying it was going to be a masterpiece but to put that much into it – it was so precious to him but is worth nothing to anyone else.”

The family has offered a £2,000 reward for any information which leads to the arrest and conviction of those responsible and the return of the laptop.

Police are appealing for information about the break-in – which happened between midday.

“The victim is very keen to get it back and is offering a reward for its return and any information which leads to the arrest of those responsible.” said Det Cons Peter Lockey.

“Two men were seen walking from the direction of Sutton Bassett into Market Harborough and one of them was wearing a hi-visibility jacket. We would appeal to anyone who saw these men or the men themselves to contact us so we can eliminate them from our enquiries.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

DaVita notifies 11,500 patients of laptop theft

October 16th, 2013

Laptop theft continues to be a major source of healthcare data breaches, as a Colorado-based kidney care company, DaVita alerted 11,500 patients and some employees of a breach.

According to a notice on the Davita website “DaVita has determined that personal information belonging to approximately 11,500 patients was on the laptop at the time of the theft. In most cases, this information included details such as name, clinical diagnoses (e.g., end stage renal disease), insurance carrier name, claims payment data and dialysis treatment information. For approximately 375 patients, the information stored on the laptop included Social Security numbers. Personally identifiable information for a very small number of DaVita teammates was also stored on the laptop. All affected individuals will receive letters with additional information”.

An unencrypted but password-protected laptop was stolen out of an employee’s car. The stolen laptop included data such as names, clinical diagnoses, insurance carrier names, claims payment data and dialysis treatment information and Social Security numbers of 375 patients’ were on the laptop. After alerting law enforcement, DaVita said that it’s in the process of notifying patients of the breach and will be providing one year of credit-protection services, including credit monitoring, identity recovery assistance and identity theft insurance through ID Experts.

“We sincerely apologize for any inconvenience or concern this incident may cause our patients. DaVita has reviewed its encryption practices and implemented additional safeguards to protect against any future instances of non-compliance with our encryption policies and procedures” said Skip Thurman, a DaVita spokesperson.

According to DaVita, the mandated encryption on the device had been unintentionally deactivated.

How did DaVita not know that the encryption had been turned off? They could have encrypted the laptop before it was stolen, if they had proper notifications set up to monitor technical safeguards.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

16 million affected by Data Breach last year

October 14th, 2013

Around 16 million people were affected by data breach incidents last year and more than a quarter of them went on to suffer from identity theft, according to new research.

The worst hit were those who lost payment card and Social Security number data and suffered the highest rates of fraud in the retail, financial and healthcare sectors.

In America, 4.4 million people were notified that their payment card information had been compromised in a data breach, and subsequently suffered fraud on their existing credit or debit cards. In addition, 1.26 million Americans were notified that their Social Security numbers were compromised in a data breach and became victims of identity fraud.

Recent massive data breaches like the one at Adobe, in which as many as 3 million encrypted credit card details maybe have been compromised, have highlighted just how much data can be stolen in one go.

As many as 270,000 Americans who were notified that their online banking credentials had been compromised in a data breach last year also went on to suffer fraud on their financial accounts.

A further 324,000 subsequently became victims of fraud against their checking, savings or current accounts.

Al Pascual, senior analyst of security, risk and fraud at Javelin Strategy and Research said “By breaching the data stores of businesses in the financial, healthcare and retail industries, criminals can obtain the fuel they need to execute various fraud schemes, and these crimes have crippling consequences”.

Opportunities to identify thieves has increased than ever before because of increasing moves towards digitization of patient records in healthcare, and the rise of online banking.

“Identifying and protecting the sensitive information typically stored by these industries is essential for mitigating the risk of a data breach and, therefore, the risk of financial loss to data custodians, consumers and third-party businesses,” Pascual said.

The following steps can be taken to identity theft arising from data breaches:

  • Locate and identify sensitive data.
  • Classify sensitive data accordingly.
  • Secure data based on risk profile.
  • Develop policies to mitigate future data management issues.

For now, the hunt of identity theft continues, and as long as organizations make themselves such easy and lucrative targets, we can assume the amount of data breach incidents are only going to rise.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Reduce Data Breach attacks – 3 steps guide

October 12th, 2013

In its 2013 Data Breach Investigations Report, Verizon Enterprise reports that 74 percent of data breach incidents in small businesses are “crimes of opportunity” – which means that the crime which occurs is because a hacker notices a weakness and exploits it. In addition, the report shows that nearly half (48 percent) of data breaches are enabled by in-house mistakes, often made by employees who have little or no familiarity with data security protocol.

Such breaches expose technology contractors, freelancers, and consultants who work with these companies to third-party cyber liability. To help tech professionals reduce the risk, TechInsurance has issued guidelines for educating clients about how to prevent data breaches.

“Most of our clients are pretty sophisticated in terms of technology, but they may not think about advising their clients on security basics. Often, that’s because they don’t realize that, even if their own security measures are top-notch, their clients’ security lapses can expose them to costly cyber liability claims.” said Ted Devine, CEO of TechInsurance. He added that, while third-party cyber liability insurance can pay for those claims, preventing them is the best way to keep premiums low and avoid the hassle of litigation.

IT professionals should take the following steps to minimize clients’ exposure to preventable data breaches:

  1. Provide training:

48 percent of data breaches are caused by employee error. Reviewing the practices for storing data, sharing files, and transporting hardware helps non-tech workers to protect their data.

  1. Encourage standard security measures:

76 percent of data breaches are possible because a hacker is able to guess a password. Remind clients to create strong passwords, update passwords regularly, use antivirus software, encrypt sensitive data, limit access to sensitive information, and have protocol in place for off-premises work.

  1. Encryption:

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Increasing tax related Identity Theft

October 10th, 2013

A report from the U.S. Treasury Inspector General for Tax Administration (TIGTA) states that during 2011, 1.5 million fraudulent tax returns were processed, and refunds totaling $5.2 billion were issued to the wrong people.

In calendar year 2012, the Internal Revenue Service identified almost 1.8 million incidents of tax-related identity theft. This figure includes approximately 280,000 incidents in which taxpayers contacted the IRS alleging that they were victims of identity theft. As of midyear 2013, over 565,000 cases have been reported to the IRS.

In an address to tax professionals in Grapevine, Texas, on July 30, 2013, then-IRS Principal Deputy Commissioner and now IRS Acting Commissioner Daniel Werfel stated that there are more than 3,000 IRS employees working on identity theft. That’s more than double the number at the start of the 2013 tax filing season. On average, it takes the IRS approximately six months to resolve a tax identity theft issue. However, as the IRS is one of the federal government agencies that have been shut down as a result of the most recent budgetary gridlock within the Administration and Congress, the resolution of tax identity theft issues may take even longer once the IRS is reopened.

IRS is beginning to implement screening filters that help to prevent false returns from being processed. In addition, the IRS has started to issue identity theft PINs to those taxpayers who have been identified as victims of tax-related fraud.

Taxpayers who complete and file IRS Form 14039 (Identity Theft Affidavit) receive an Identity Theft Protection PIN (IP PIN) once their identity has been verified. Returns filed with the IP PIN will be processed as a legitimate return in the usual manner, meaning that even though a taxpayer previously had a tax-related identity theft problem, the use of the unique IP PIN issued by the IRS will allow future returns to be processed in a normal time frame.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data Breach at Saint Louis University

October 8th, 2013

A health data breach at Saint Louis University (SLU) affected 3,000 patients. Few SLU employees received a phishing scam mail and gave out their account information by mistake.

About 20 SLU email accounts were accessed by the phishing culprits. These email accounts had protected health information (PHI) of about 3,000 people and about 200 Social Security numbers as well. According to the spokesman, employees’ financial information was the main target of the scam. And while no unauthorized financial transactions occurred, 10 employees changed their direct deposit information.

Affected students were offered one year of free credit monitoring and identity theft protection and restoration to affected students.

The University discovered that some SLU employees provided their account information in response to a sophisticated phishing email scam they received.

A full-scale investigation was started immediately after the University learnt about the incident. Employees who were targeted by the email scam were notified, and their accounts were secured. While about 10 employees had direct deposit information changed, no unauthorized financial transactions occurred.

As it appeared the main target of this scam must have been the direct deposit information of these employees. However, during the investigation, the University learned that the incident also resulted in unauthorized access to about 20 SLU email accounts belonging to approximately 3,000 individuals which contained their personal health information. This was mostly limited to diagnosis, procedure and medical chart information. The email accounts contained about 200 people’s name and Social Security Numbers. At present, there is no evidence to suggest that someone accessed any of the personal information in the emails.

All individuals whose information was in the email accounts affected by the incident are being notified by the University. SLU has also notified law enforcement officials and has engaged the services of a global leader to avoid such incidents in future.

University is providing the affected individuals with one year of free continuous credit monitoring and identity theft protection and restoration. Instructions for signing up for these free services are enclosed in the notification letters.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta