Archive for December, 2013

Personal data theft fears Internet users

December 26th, 2013

A poll conducted by Computer & Communications Industry Association (CCIA) revealed that Internet users are highly concerned about personal and financial information theft and believe strongly that the federal government should do more to protect them.

Ed Black, CCIA President and CEO said “By wide margins this survey clearly shows that ID theft has touched the majority of consumers in some way, and that hacking is more worrisome to consumers than tracking, and that voters want the government to more aggressively go after cyber criminals. Safeguarding users online must become a higher priority for companies and also for the regulators and policymakers charged with protecting consumers.”

“While many surveys ask people whether they care about privacy in the abstract, we were interested in finding out both how they rate security and privacy in comparison and how that manifests in their behaviors online,” said Ross Schulman, CCIA Policy and Regulatory Counsel.

Ross further added “Are they taking steps to protect their security and privacy? What information do they share online and why do they share it? The answers may help policymakers focus on the online concerns that matter most to citizens and understand user trends in everything from social media to online shopping”.

According to the survey, 80 per cent voters say they are more worried the information they share will be hacked to cause harm or steal from them, voters are 5 times more worried about hacking than tracking while just 16 per cent are more worried that companies will use the information they share online to target advertising to them.

50 per cent say they or someone they know had their financial accounts breached online. 55 per cent say they or someone they know had their email account breached and 62 per cent report receiving a suspicious email from someone likely due to that person’s email being hacked.

Overall, 75 per cent are worried about their personal information being stolen by hackers and 54 per cent are worried about their browsing history being tracked for targeted advertising.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Data Theft by Former NATO employee

December 20th, 2013

A former NATO employee was sentenced for seven years in jail by the German court for spying after the IT expert and copying secret data in order to sell it to a foreign intelligence service.

Identified as Manfred K., the 61-year-old man had worked for the transatlantic military alliance at the US airbase of Ramstein in Germany but left his job after a dispute.

The court found “The disclosure of the files would allow a potential enemy of NATO to gain access to the secret network of NATO”.

Court rejected Manfred’s claim that he was trying to point out security gaps when he copied the data and hid it on USB memory sticks in his kitchen and basement.

The court in the western city of Koblenz found that the man copied passwords, server locations and other information for NATO computer systems that would have enabled a cyber attack.

The IT expert, who had worked for NATO for more than 30 years, copied the data in March 2012 and failed in an attempt to obtain more in June but left NATO shortly afterward. He was been in detention since his arrest in August 2012.

Andreas Voelpel, presiding judge said that the data were the “crown jewels” and “operative heart” of the system and would have allowed a foreign power to launch a cyber attack with devastating impact.

According to the Court, Chinese or Russian intelligence services were the suspected potential takers for the data.

The defendant had earlier denied the charge, saying “I was never a traitor. I am not and never was an enemy of NATO, only of the security sloppiness of employees.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Two Horizon Blue Cross Blue Shield of New Jersey laptops stolen

December 19th, 2013

More than 800,000 members of Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) were sent notification letters after two unencrypted laptops were stolen from the insurance provider’s Newark headquarters. The notice was sent to alert the members that their personal information may have been compromised.

The stolen laptops were unencrypted, but what comes as a relief is that they were password-protected. Sensitive information on roughly 840,000 members was stored in the laptops, including names, addresses, dates of birth and Horizon BCBSNJ identification numbers. Social Security numbers and clinical information were also included.

“Our top priority at the moment is making sure our members are protected. We are in the process of notifying our members, who are affected, to apologize for this incident and to provide free credit monitoring and identity theft protection to those members’ whose Social Security numbers were involved” said Thomas Vincz, a Horizon BCBSNJ spokesperson.

Horizon BCBSNJ officials were informed that two laptops were stolen, despite being cable-locked to employee workstations. The insurance company began notifying affected members via mail following an initial investigation with the Newark Police Department.

Horizon BCBSNJ also hired outside computer forensic experts who determined that not all the information contained on the laptops would be accessible due to the configuration of the machines.

The laptops have yet to be recovered and an investigation is still ongoing, Vincz said. The information has not been used in any way and officials with Horizon BCBSNJ do not believe the laptops were stolen for the information the devices contained, according to a statement posted to the website.

Vincz said “Horizon is still investigating the encryption procedures and the use of member information as it relates to the two stolen computers. Horizon is also reviewing its inventory of computers and its security and encryption procedures in general. We will also be enhancing employee training with respect to the security of company property and member information”.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

UNC-Chapel Hill Data Breach affects 6000 people

December 15th, 2013

The University of North Carolina at Chapel Hill is a coeducational public research university located in Chapel Hill, North Carolina, United States. It is the second largest university in North Carolina.

According to UNC-Chapel Hill an online data breach of personal information affects more than 6,000 people, officials are investigating

As the files went online, they contained information belonging to some current and former employees, vendors, and students. Information contained names and Social Security or Employee Tax Identification numbers, and in some instances, addresses and dates of birth.

An information technology manager in the UNC Division of Finance and Administration was informed that some electronic files managed by the Division of Facilities Services became accessible on the Internet.

When university officials learned about the incident, they took steps to block access to the files and began an extensive investigation and the records are no longer accessible on the Internet.

the university began notifying affected individuals by mail.

The university also learned that as part of Google’s automated processes, these files were copied and made publicly accessible. The university asked Google to take the records down immediately, and Google complied.

UNC worked with a consultant to identify potentially affected individuals as soon as it had been confirmed that their personal information was included in the files.

in the notification letter sent to the affected people, Kevin Seitz, interim vice chancellor for finance and administration said “Other than Google’s activities described above, we have not been able to determine whether individual personal information was accessed by others or was misused as a result of this incident”.

“Please be assured that we continue to evaluate our computer and administrative systems and to implement appropriate measures to protect the sensitive information in our possession.”

According to Chris Kielt, vice chancellor for information technology, the university’s prompt, aggressive action underscores its commitment to protect sensitive data. Making sure the files were secured and notifying the affected people as quickly as possible were top priorities, he said in a statement.

To help protect personal information stored on campus servers, Information Technology Services (ITS) has a process in place for regularly scanning servers that have been identified by a unit’s system administrator as storing sensitive data.

“Furthermore, as part of a broader initiative to address the risk imposed by the exposure of sensitive data, ITS is working to formalize the process for identifying and safeguarding sensitive data university-wide,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Target: Credit Card Data Breach on Black Friday

December 13th, 2013

No organization or company would like to hear about data breach incident that may put consumer credit card information at stake. US retailer, Target is investigating a massive data breach that begin this Black Friday, the biggest shopping day in the US.

It was reported that the data breach incident occurred in the Target retail store and not online. It could potentially involve millions of consumer credit cards from all Target retail locations. The theft involves grabbing the data stored on the magnetic strip of cards.

The data stolen would allow thieves to create counterfeit credit cards by transferring the stolen data on to any card with a magnetic stripe. If the thieves were also able to capture debit card PIN data, they could create fake cards and use ATMs to remove cash from accounts.

Target consumers who shopped at their stores were asked to be alert about any suspicious activity on cards that they used at the retailer. A victim told that he and some of his friends became the target of a similar kind of breach last year at a very popular establishment in Virginia that has some outlets in US. Fortunately, security departments at banks were on the lookout and caught most illegal transactions using the fake cards. His wife was actually called by their bank while standing in line buying groceries with her debit card when a simultaneous purchase using a fake card with her information was going on in Texas.

During these situations consumer is usually protected but the process of canceling and reissuing of cards proves to be inconvenient sometimes. Lawsuits between banks, that business and insurance companies are still arguing as to who was ultimately at fault.

Most of the times companies and banks do not like to talk about these issues publicly, but if the result of breach incident proves to be accurate, it will be one of the largest consumer credit card data breaches in history.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data Theft at JPMorgan

December 10th, 2013

A warning has been sent across 465,000 holders of JPMorgan prepaid cash cards issued by the bank that their personal information may have been accessed by hackers who attacked its network.

The cards were issued for corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.

JPMorgan reported the law enforcement as soon as it detected that its web servers used by its site www.ucard.chase.com had been breached.

Bank spokesman Michael Fusco said that since the breach was discovered the bank has been investigating to find out exactly which accounts were involved and what pieces of information could have been taken. He declined to discuss how the attackers breached the bank’s network.

Fusco said the bank is notifying the cardholders about the breach because it cannot rule out the possibility that their personal information was among the data removed from its servers. The cardholders account for about 2 percent of Fusco’s roughly 25 million UCard users.

The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the data breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity.

The bank believes “a small amount” of data was taken, but not critical personal information such as social security numbers, birth dates and email addresses.

Cyber criminals covet such data because it can be used to open bank accounts, obtain credit cards and engage in identity theft. Many states require banks to notify customers if they believe there is any chance that such information may have been taken in a breach.

The bank is also offering the cardholders a year of free credit-monitoring services.

The warning only affects the bank’s UCard users, not holders of debit cards, credit cards or prepaid Liquid cards.

Fusco said the bank has not found that any funds were stolen as a result of the breach and that it has no evidence that other crimes have been committed. As a result, it is not issuing replacement cards.

The bank said it does not know who was behind the attack, though the Secret Service and FBI are investigating the matter.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Laptop stolen from a University of Minnesota student

December 9th, 2013

In yet another campus robbery, a University of Minnesota student studying in the Carlson School of Management was forced to hand over his laptop to a man who claimed to have a gun.

The student chased the robber as he fled and was able to retrieve the computer.

The incident pushes the total number of robberies to 27 this fall with all but four occurring off campus. Most victims were targeted for their cellphones, laptops and tablets. Unnerved students have gotten a steady stream of alerts reporting robberies, muggings and sexual assaults on and near campus, prompting petitions, legislative hearings and increased police patrols.

The robbery on Sunday occurred in the Carlson School atrium on the campus’ West Bank. Although the man robbing the student claimed to have a gun, he didn’t show it, university police said. The student gave the robber his laptop, called for help and then chased the man through the building doors that face 19th Avenue and Fourth Street.

The robber dropped the computer, and the student, who was not injured, picked it up.

The suspect is described as a black man who is 5-feet-6 to 5-feet-8 tall with a medium build, unshaven facial hair and silver caps on his lower front teeth. He was wearing a navy blue hoodie, dark colored jeans and shoes that were white on the top half and red on the lower half.

Police said the suspect appears to have had an accomplice who stood as a lookout. He is described as a black man, wearing dark clothing with a boot-style walking cast on his left foot.

Last month, an armed man confronted a female student in nearby Anderson Hall, demanding the woman turn over her laptop. She handed him an empty bag and he ran. No arrests have been made in that case.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Cottage Health System: Data of 32,755 patients exposed on Google

December 8th, 2013

As a third-party vendor removed electronic security protections from one of the servers, data of 32,755 patients of Cottage Health System of California was exposed on Google. The affected patients were notified about the data breach incident. Patients treated at Goleta Valley Cottage Hospital, Santa Ynez Valley Cottage Hospital and Santa Barbara Cottage Hospital between September 29, 2009, and December 2, 2013 may have been affected by this data breach.

The possible data compromised included patient names, addresses, dates of birth and very limited protected health information for some patients related to diagnosis, lab results and procedures performed. The file did not include any Social Security numbers, driver’s license numbers, health insurance numbers, bank account numbers or any other financial information.

The Cottage Health announcement stated that it quickly removed the server from service and conducted a review of all servers to ensure that appropriate security measures are in place. To avoid reoccurrence, it’s conducting a security protocol audit and implementing additional measures. The organization has offered affected patients a toll-free phone number and identity management services through ID Experts.

Steve Fellows, executive vice president, chief operating officer and chief compliance officer at Cottage said “We deeply regret this incident. Cottage takes its obligation to protect health information very seriously and is taking aggressive steps to safeguard against this type of incident in the future. We want to assure our patients that we are doing a thorough review and have systems in place to address their concerns. We understand that the security vulnerability by our vendor was unintentional and we have no reason to suspect that the limited data exposed might be misused.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Do’s to avoid damage by Data Breach

December 6th, 2013

Have you received any email from an online company informing you that your account has been hacked and that your personal information has been lost in a data breach?

If your answer is yes then you’re not alone. In the past two years, LinkedIn and eHarmony have suffered data breaches that together exposed more than 80 million accounts.

If you’re among the millions of consumers who may have been exposed by a data breach, here are some do’s for you:

  1. Make a note of exactly what kind of information was lost in the data breach, and how it was protected. Names and physical addresses are the least sensitive pieces of information, email addresses and account passwords are more sensitive, Social Security numbersand credit-card numbers are the most sensitive and the most valuable to identity thieves. The company suffering the breach may tell you that even though email passwords or credit-card numbers were lost, they were encrypted and hence safe.
  2. Change the password on your account with the affected company right away, if the company hasn’t already done so for you.  If you use the same password for accounts with other companies, change those as well.
  3. Contact your bank and your credit-card issuers, explain that your accounts are at risk of fraud and ask them to alert you immediately if they detect suspicious activity on your accounts. Professional credit-card thieves will try to “bust out” stolen card numbers with many purchases in a matter of hours, often on weekends when banks are not fully staffed.
  4. Ask your country’s major consumer credit-reporting bureaus to place a fraud alert on your name. This way, if anyone tries to steal your financial identity for example, by trying to open a credit-card account in your name you will get to know.

If you’re a U.S. resident, you should also contact the Federal Trade Commission to create an identity-theft affidavit, and then file a report with your local police force. Make sure you document each phone call made, and each email message and letter sent, during your efforts.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta