Log in

Archive for the ‘computer security software’ category

Pentagon-run TRICARE admits to breach bigger than initially reported

May 7th, 2012

WASHINGTON, DC - FEBRUARY 03: U.S. Rep. Ed Markey (D-MA) demands data security from Pentagon

Carol Keller’s nightmare started last December when she was informed that her personal and medical information had been stolen almost four months earlier, thanks to a Pentagon contractor who had left 25 computer tapes in the back seat of a Honda Civic in Texas. Keller finally knew what had caused the fraudulent purchases from her debit account.

Pentagon Health Insurance Program – Tricare

Keller is among the 70,000 military personnel, retirees, and their families across New England who are victims of one of the largest-ever breaches of medical data. Approx. 4.7 million people may be in deep trouble because of this breach. These military families are dependent on Tricare for their insurance.

Victims such as Keller have filed a class-action lawsuit seeking unspecified damages. It is frustrating that Pentagon relies on contractors and outdated computer storage technologies to house and transport personal information.

Representative Edward J. Markey comments:

“The bottom line is that people in charge of safeguarding our service members’ personal data need to transition from the 20th century to the era of iPads,’’ said Representative Edward J. Markey, who is demanding more answers from the Pentagon on its medical privacy policies. “TRICARE had given me no assurance that it is moving toward such a modern system.’’

The contractor – Science Applications International Corp

The contractor receives about $20 billion a year in Pentagon contracts.

Apparently the contractor “has experienced no fewer than six security failures’’ since 2005. These failures include privacy data, the suit alleges, including a break-in at a company facility in California in 2005 in which the Social Security numbers and financial transactions of 45,000 top military and intelligence officials were stolen.

What the Spokesman for Science Applications International Corp had to say?

“We don’t know what specific instances that they are talking about, whether they are SAIC, whether they might be a vendor of some kind to us, and we don’t want to get into a dialogue about pending litigation,’’.

“Reading the data on the tapes would require knowledge of and access to specific hardware and software, which is commercially available, but would also require knowledge of the system and data structure on the tapes,’’.

He further added that the company has no evidence that the information on the computer tapes stolen last year from a San Antonio parking garage was accessed by outsiders and that it would be difficult to decipher the tapes.

The Plaintiffs

Plaintiffs in this case are Ms Keller, the spouse of a decorated war veteran, the 5-year-old daughter of an Air Force officer, and a retired major. According to them their credit cards were canceled without their knowledge for suspicious transactions; unauthorized withdrawals were made from their bank accounts; and telemarketers hound them.

Data security with Alertsec

Alertsec Xpress is used in all organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Hard Disk, Identity and Information loss, Lawsuits and settlements, computer security software, data breach, data encryption, identity theft, laptop encryption

Tags: Carol Keller December Ed Markey Enter your zip code here Honda Civic IPad Keller New England Pentagon Social Security number Texas TRICARE United States Department of Defense

Global Payments Inc. may have been breached months earlier than initially reported.

May 5th, 2012

Global Payments breach much higher than initially reported

We have an update on our last past about Global Payments Inc. Let us quickly referesh your memory and then get on to the update.

Previous post: A massive data breach at Global Payments has exposed 1.5 million credit card accounts. Visa, MasterCard and American Express firms process their payments through Global Payments. Thieves managed to access credit card numbers, security codes and expiration data. This breach has led Visa to think twice about Global Payment being its vendor.

Present: Global Payments Inc’s situation has gone from bad to worse. The talk in the town is that Global Payments may have been breached a lot earlier than reported. Two of the aggrieved card members said that the window for compromise dates back to June 2011. The issuers names have been kept anonymous.

As per Visa’s alerts the breach occured between Jan 2012 and mid February. According to Global it communicated this to the affected people on March 30. The possibility that a much higher number of credit cards had been affected (approximately 10 million) by the breach cannot be ruled out. Hackers had managed to steal customer names, credit card numbers, expiration dates and the security number.

Looking at the current picture, the fact cannot be denied that they were aware of the scheme since June 2011, eight months ago. The new investigation leads confirm this. It further confirms that not 1.5 million but 7 million records were breached!

According to Global Payments CEO Paul Garcia the company found out about the breach internally on March 8 and immediately alerted the card associations. Garcia further added that their initial disclosure was “forced by wild speculation in the press regarding this matter and our company.”

Global Payments spokeswoman Amy Korn’s comment

Ms Korn declined to comment but said the company would be releasing additional information about the breach in a statement on its Web site soon.

Statement by Global

“We have not publicly communicated any time periods and there is a full investigation underway. It would be premature and inappropriate for us to speak to or confirm any timeframes until the investigation is complete,. “The company sincerely apologizes for any concern this has caused, and please know that we continue to work with industry third parties, regulators and law enforcement to assist in all efforts to minimize cardholder and customer impact,” it said.

Shareholder Lawsuit

There is a strong possibility that Global Payments may face a shareholder lawsuit. Law firm, Robbins Umeda, specializing in securities litigation, released a statement saying that it was “investigating possible breaches of fiduciary duty and other violations of the law by certain officers and directors at Global Payments.”

Alertsec offers measures to combat data security issues

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: Access (credit card) AlertSec Xpress American Express Bundled payment Check Point Credit card data breach Enter your zip code here Global Payment Mastercard Visa

Google employees were aware of Street View data breach

May 2nd, 2012

Google Street View Car - Is it snooping around collecting personal data?

These days ‘googling around’ or have you ‘googled’ has become a part of English vocabulary although the word does not really have any meaning! But google is synonymous with search and we have almost stopped using the word search and easily use the word ‘google’ ! Such is the power of this search engine and the company that has coined this term – Google Inc. It is clear that we just can’t do without Google and consider it to be perfect and flawless! Well, Google just recently made a mistake and is under scrutiny. Let us read how.

Google’s Street View cars were collecting personal data

According to the FCC report, one of Google’s engineers, Marius Milner, informed colleagues and a Senior Manager about collecting unencrypted Wi-Fi data.

The history

In May 2010, the ICO found out that Google had not collected any personal data. However, later in 2010, ICO claimed that Google had in fact collected personal details and thus had broken the law. Nevertheless, at that time ICO decided not to fine Google.

Present

The FCC report says that personal data was very much collected by Google and that Google was fully aware of it.

ICO’s statement

“We will study the Federal Communication Commission’s report and consider what further action, if any, needs to be taken,” said the statement.

“Google provided us with a formal undertaking in November 2010 about their future conduct, following their failure in relation to the collection of Wi-Fi data by their Street View cars. This included a provision for the ICO to audit Google’s privacy practices. The audit was published in August 2011 and we will be following up on it in June to ensure our recommendations have been put in place.”

What does Google have to say about this?

Google spokeswoman Jill Hazelbaker, informed that the company was willing to make the entire document available but withhold the names of individuals.

“While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law,”Hazelbaker said.

“We hope that we can now put this matter behind us.”

FCC’s investigation

The engineer, Milner, invoked his Fifth Amendment right against self-incrimination and declined to testify.

What personal data did Google collect?

Google’s Street View cars collected names, addresses, telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files, and other information from Internet users in the US.

Public reactions to the scandal

Some people think that the engineer who collected this data, should be sent to jail as this was a grave error. A few think FCC should be fined big time as it failed to report this in time to the ICO. The agency should have immediately reported this issue to the public, the media and the Congress.

Adding to the public’s confusion

The above is a raging debate. Some feel a mountain has been made out of a molehill as Google has always been ’snooping’ on people’s data. It does it with Gmail, so what’s the big deal now?

Alertsec understands privacy and protects it

Whatever the matter, privacy breach and collecting personal data without informing the individual, amounts to breaking the law. Let us try to protect our personal data. Alertsec protects data via data encryption. It also encrypts business laptops. Why wait?

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption

Tags: Enter your zip code here FCC Federal Communication Commission Google Google Street View ICO Jill Hazelbaker Marius Milner New York Times Personally identifiable information Search Engines Searching Street View Wi-Fi

Update – Catholic priest, Father McVeigh, releases statement regarding porn images

April 30th, 2012

Cardinal Sean Baptist Brady approves Father McVeigh's sabbatical leave. Father McVeigh releases statement in the light of the laptop theft

We did a post last week about a laptop being stolen from a Priest’s house. Here is an excerpt: Northern Ireland’s police force was investigating the case of a Catholic priest who had managed to project pornographic gay images to a room of primary school parents instead of a presentation on Holy Communion. These were 26 parents of pupils of St Mary’s school in Pomeroy.

Father Martin McVeigh had maintained that he destroyed the memory stick containing offensive material.

Update on this news item

The catholic priest, Father Martin McVeigh, released a statement in his church bulletin.

He said the last month had been “the most difficult of my life”.

“I deeply regret my failure to check, in advance, my presentation,” he added.

The priest explained how he had immediately removed the memory stick from the laptop.

“In my shock and upset and in my concern to ensure that the images would never be shown again, I destroyed it later that evening,” he added.

Fr McVeigh reiterated his innocence and said he recognized the incident “was very serious in nature” and had “caused much anxiety and distress”.

“I apologize unreservedly for the hurt caused,” he said.

“I want to assure you however, that I was not responsible for the presence of the offending images and in this respect I ask you to accept my innocence.”

Cardinal Sean Brady approves Father McVeigh’s leave

Father McVeigh had requested Cardinal Sean Brady to allow him to leave the parish of Pomeroy and to take sabbatical leave. Cardinal Brady had agreed to the request for leave on the understanding that Fr McVeigh would return to the diocese.

According to the Cardinal the diocese would now work to make sure that procedures and policies were put in place for the proper monitoring and use of computers in parishes.

Cardinal Brady further added that there had been an investigation into the computers used by Fr McVeigh.

“These have been forensically examined by an independent technical expert and no inappropriate imagery has been found,” he said.

“However an additional laptop, which was located in the sacristy, was stolen in the period following the 26 March meeting with parents.

“This stolen laptop did not form part the technical examination and its theft was reported to the PSNI.”

Learning from the scandal

Moving ahead, it is important to learn a lesson from this scandal. Laptops and mobile devices need to be well secured and protected from thefts and hacking. Tight security policies need to be put in place, be it for a church, a small business unit or a giant organization like Sony.

Alertsec offers data encryption option

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organizations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Encryption, Identity and Information loss, Lawsuits and settlements, computer security software, identity theft, laptop encryption, laptop theft

Tags: Cardinal Cardinal Brady Cardinal Sean Brady laptop Mary McVeigh Northern Ireland Police Service of Northern Ireland Priesthood (Catholic Church) Sabbatical Seán Brady

London Marathon Website in jeopardy – Site leaks sports persons data

April 28th, 2012

London Marathon Participants details exposed

We have been bringing to you several bizarre and interesting stories from the data breach world. A lot of our stories were about IT company data breaches and Medical info breaches. But today’s story comes from altogether another genre of websites. This time data belonging to sports persons has been inadvertently disclosed on the website. Let us get to the bottom of the story.

London Marathon website leaks data

The personal data of 38,000 London Marathon participants was mistakenly published online on April 23; the day after the Marathon event took place. According to the BBC report, the event organizers published the details on the marathon’s web site that were accessible to anyone logging onto the web site on Monday. The details included personal data of celebrities who had taken part in the marathon, including Chef Gordon Ramsa, Nell McAndrew and Labor Party politician Ed Balls.

The problem was first discovered when a television presenter was contacted by a lady who had found her home address on the London Marathon web site. Apparently she saw her address on the section in which commemorative medals could be ordered. The race organizers apologized and now the issue has been resolved.

As to how long the data was actually available on the website is still not known.

The Apology

Nick Bitel, the chief executive of the London Marathon, said: “We apologize for this error, and are grateful to the BBC for bringing it to our attention.

“We immediately made sure that the glitch was corrected.

“We do not believe that this has led to a substantial number of individuals’ details being accessed by members of the public.”

Data Protection Act

Comment by the spokesman for the Information Commissioner: “This is something the Information Commissioner will need to look in to to see how it has come about.

“It’s the reasons these things come about that determine the course of the investigation. ”Every case is different and we will certainly be making inquiries.” As per the Data Protection Act appropriate measures must be taken against accidental loss of personal data.

The act further states that any breaches could be considered either a civil or criminal offence depending on the circumstances.The organizers have tried to downplay the error but if proved then it could amount to a criminal offence.

Negligence can cost embarrassment, monetary loss and bad publicity

The above news item shows that it does not have to be a breach of the data protection act only if a hacker breaks a security code or steals data. Even negligence leading to data exposure is a criminal offence and one has to be extra careful to safeguard personal data of people. You never know how a personal data can be misused in today’s cyber world.

Alertsec can help with data security issues

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on computers.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides: