Log in

Archive for the ‘data breach’ category

Global Payments Inc. may have been breached months earlier than initially reported.

May 5th, 2012

Global Payments breach much higher than initially reported

We have an update on our last past about Global Payments Inc. Let us quickly referesh your memory and then get on to the update.

Previous post: A massive data breach at Global Payments has exposed 1.5 million credit card accounts. Visa, MasterCard and American Express firms process their payments through Global Payments. Thieves managed to access credit card numbers, security codes and expiration data. This breach has led Visa to think twice about Global Payment being its vendor.

Present: Global Payments Inc’s situation has gone from bad to worse. The talk in the town is that Global Payments may have been breached a lot earlier than reported. Two of the aggrieved card members said that the window for compromise dates back to June 2011. The issuers names have been kept anonymous.

As per Visa’s alerts the breach occured between Jan 2012 and mid February. According to Global it communicated this to the affected people on March 30. The possibility that a much higher number of credit cards had been affected (approximately 10 million) by the breach cannot be ruled out. Hackers had managed to steal customer names, credit card numbers, expiration dates and the security number.

Looking at the current picture, the fact cannot be denied that they were aware of the scheme since June 2011, eight months ago. The new investigation leads confirm this. It further confirms that not 1.5 million but 7 million records were breached!

According to Global Payments CEO Paul Garcia the company found out about the breach internally on March 8 and immediately alerted the card associations. Garcia further added that their initial disclosure was “forced by wild speculation in the press regarding this matter and our company.”

Global Payments spokeswoman Amy Korn’s comment

Ms Korn declined to comment but said the company would be releasing additional information about the breach in a statement on its Web site soon.

Statement by Global

“We have not publicly communicated any time periods and there is a full investigation underway. It would be premature and inappropriate for us to speak to or confirm any timeframes until the investigation is complete,. “The company sincerely apologizes for any concern this has caused, and please know that we continue to work with industry third parties, regulators and law enforcement to assist in all efforts to minimize cardholder and customer impact,” it said.

Shareholder Lawsuit

There is a strong possibility that Global Payments may face a shareholder lawsuit. Law firm, Robbins Umeda, specializing in securities litigation, released a statement saying that it was “investigating possible breaches of fiduciary duty and other violations of the law by certain officers and directors at Global Payments.”

Alertsec offers measures to combat data security issues

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: Access (credit card) AlertSec Xpress American Express Bundled payment Check Point Credit card data breach Enter your zip code here Global Payment Mastercard Visa

Google employees were aware of Street View data breach

May 2nd, 2012

Google Street View Car - Is it snooping around collecting personal data?

These days ‘googling around’ or have you ‘googled’ has become a part of English vocabulary although the word does not really have any meaning! But google is synonymous with search and we have almost stopped using the word search and easily use the word ‘google’ ! Such is the power of this search engine and the company that has coined this term – Google Inc. It is clear that we just can’t do without Google and consider it to be perfect and flawless! Well, Google just recently made a mistake and is under scrutiny. Let us read how.

Google’s Street View cars were collecting personal data

According to the FCC report, one of Google’s engineers, Marius Milner, informed colleagues and a Senior Manager about collecting unencrypted Wi-Fi data.

The history

In May 2010, the ICO found out that Google had not collected any personal data. However, later in 2010, ICO claimed that Google had in fact collected personal details and thus had broken the law. Nevertheless, at that time ICO decided not to fine Google.

Present

The FCC report says that personal data was very much collected by Google and that Google was fully aware of it.

ICO’s statement

“We will study the Federal Communication Commission’s report and consider what further action, if any, needs to be taken,” said the statement.

“Google provided us with a formal undertaking in November 2010 about their future conduct, following their failure in relation to the collection of Wi-Fi data by their Street View cars. This included a provision for the ICO to audit Google’s privacy practices. The audit was published in August 2011 and we will be following up on it in June to ensure our recommendations have been put in place.”

What does Google have to say about this?

Google spokeswoman Jill Hazelbaker, informed that the company was willing to make the entire document available but withhold the names of individuals.

“While we disagree with some of the statements made in the document, we agree with the FCC’s conclusion that we did not break the law,”Hazelbaker said.

“We hope that we can now put this matter behind us.”

FCC’s investigation

The engineer, Milner, invoked his Fifth Amendment right against self-incrimination and declined to testify.

What personal data did Google collect?

Google’s Street View cars collected names, addresses, telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files, and other information from Internet users in the US.

Public reactions to the scandal

Some people think that the engineer who collected this data, should be sent to jail as this was a grave error. A few think FCC should be fined big time as it failed to report this in time to the ICO. The agency should have immediately reported this issue to the public, the media and the Congress.

Adding to the public’s confusion

The above is a raging debate. Some feel a mountain has been made out of a molehill as Google has always been ’snooping’ on people’s data. It does it with Gmail, so what’s the big deal now?

Alertsec understands privacy and protects it

Whatever the matter, privacy breach and collecting personal data without informing the individual, amounts to breaking the law. Let us try to protect our personal data. Alertsec protects data via data encryption. It also encrypts business laptops. Why wait?

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption

Tags: Enter your zip code here FCC Federal Communication Commission Google Google Street View ICO Jill Hazelbaker Marius Milner New York Times Personally identifiable information Search Engines Searching Street View Wi-Fi

London Marathon Website in jeopardy – Site leaks sports persons data

April 28th, 2012

London Marathon Participants details exposed

We have been bringing to you several bizarre and interesting stories from the data breach world. A lot of our stories were about IT company data breaches and Medical info breaches. But today’s story comes from altogether another genre of websites. This time data belonging to sports persons has been inadvertently disclosed on the website. Let us get to the bottom of the story.

London Marathon website leaks data

The personal data of 38,000 London Marathon participants was mistakenly published online on April 23; the day after the Marathon event took place. According to the BBC report, the event organizers published the details on the marathon’s web site that were accessible to anyone logging onto the web site on Monday. The details included personal data of celebrities who had taken part in the marathon, including Chef Gordon Ramsa, Nell McAndrew and Labor Party politician Ed Balls.

The problem was first discovered when a television presenter was contacted by a lady who had found her home address on the London Marathon web site. Apparently she saw her address on the section in which commemorative medals could be ordered. The race organizers apologized and now the issue has been resolved.

As to how long the data was actually available on the website is still not known.

The Apology

Nick Bitel, the chief executive of the London Marathon, said: “We apologize for this error, and are grateful to the BBC for bringing it to our attention.

“We immediately made sure that the glitch was corrected.

“We do not believe that this has led to a substantial number of individuals’ details being accessed by members of the public.”

Data Protection Act

Comment by the spokesman for the Information Commissioner: “This is something the Information Commissioner will need to look in to to see how it has come about.

“It’s the reasons these things come about that determine the course of the investigation. ”Every case is different and we will certainly be making inquiries.” As per the Data Protection Act appropriate measures must be taken against accidental loss of personal data.

The act further states that any breaches could be considered either a civil or criminal offence depending on the circumstances.The organizers have tried to downplay the error but if proved then it could amount to a criminal offence.

Negligence can cost embarrassment, monetary loss and bad publicity

The above news item shows that it does not have to be a breach of the data protection act only if a hacker breaks a security code or steals data. Even negligence leading to data exposure is a criminal offence and one has to be extra careful to safeguard personal data of people. You never know how a personal data can be misused in today’s cyber world.

Alertsec can help with data security issues

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on computers.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: BBC data breach data security Ed Balls Enter your zip code here Google Hackers Information Commissioner information security Information Technology London London Marathon Marathon Matt Cutts Monday Nell McAndrew Personally identifiable information Website

Cyber attacks on the increase: UK firms losing billions in data breaches

April 26th, 2012

Cyber security taking a back seat at UK firms causing data breaches

Billions of dollars are lost annually because firms do not take cyber-security seriously. Data breaches are on the rise and they have become a part of life. In a way firms have accepted them and have become complacent. This article talks about the growing need of cyber security policies.

UK firms losing billions to data thefts

Today’s article focuses on data breaches in the UK which are on the rise. 70% of large firms were victims of data breaches in the last one year. The rate is evry alarming and something serious needs to be done about it.

The average cost of the worst security breach a big firm faced by was between £110,000 and £250,000 and £15,000 to £30,000 for small companies. According to PwC one fifth of organisations spend less than 1 per cent of their IT budget on data security.

Chris Potter, PwC information security partner, commented

“The UK is under relentless cyber-attack and hacking is a rising risk to businesses. The number of security breaches large organisations are experiencing has rocketed and as a result, the cost to UK plc of security breaches is running into billions every year. Since most businesses now share data with their business partners across the supply chain, these numbers are startling and make uncomfortable reading for business leaders.

Potter further added -

“Large organisations are more visible to attackers, which increases the likelihood of an attack on their IT systems. They also have more staff and more staff-related breaches, which may explain why small businesses report fewer breaches than larger ones. However, it is also true that small businesses tend to have less mature controls, and so may not detect the more sophisticated attacks.” “If security is doing its job it goes unnoticed and it’s hard to measure the business benefits, so investment in security often ends up losing out against other competing business priorities.”

Warning signs

The above is a clear indication that companies are getting complacent about their IT security. 12% of businesses blame it on senior management and 20% spend less than 1% of their IT budget on information security. The chief cause is that it is hard to measure the business benefits from spending money on security defenses. Unfortunately, only 20% of big firms analyze return on investment on their security expenditure.

The bottom line

The hard truth is “the cost to UK plc of security breaches is running into billions every year,” “These numbers are startling and make uncomfortable reading for business leaders.”

Corporate security with Alertsec

Alertsec Xpress uses Check Point Full Disk Encryption software. The software encrypts and decrypts data on the fly making it transparent to the user and to applications. One of the issues with traditional disk encryption software is that access time increases. In independent tests, Check Point Full Disk Encryption delivered the best performance results when compared with other major products on the market, with less than 2% degradation in disk performance.

Full disk encryption protects information by encrypting all data stored on a hard drive. This includes the operating system and empty space, as well as installed programs and files. This technology makes it impossible for an unauthorised person to read your files.

No comments »

Posted in Computer security, Data Protection, Hackers, computer security software, data breach, data encryption

Tags: AlertSec Xpress business Check Point Computer security Consultants Cyberwarfare disk encryption Enter your zip code here Hackers information security Information Technology London Private sector PwC security Small business

Dead folks stirring in their graves as their identities get stolen: Study proves

April 24th, 2012

Credit card frauds tracked by ID Analytics

As if stealing identities of living folks was not enough, ruthless ID thieves are breaking into data of dead people and stealing it! ID theft is becoming a common way of stealing personal data of people without them even knowing it. Hackers make use of malicious software to steal information from other people. Today’s post talks about the lurking dangers of ID theft. What is bizarre is that this report shows that even dead people’s identities are getting stolen!

Survey by ID Analytics

For this particular study it scanned around 100 million applications. It compared social security numbers and other data with that of the data of Social Security Administration’s Death MAster file that tracks down identities of people who have died.

A recent survey undertaken by ID Analytics show that almost 2.5 million dead people become victims of data theft annually. Not many people are aware of identity theft. It is very important to bring more awareness into the field. ID Analytics tracks forms that people fill out during credit card registration. They check for fraudsters.

The firm has been studying fraud trends for a long time now.

What Stephen Coggeshall, chief technology officer at ID Analytics, had to say about the collected data

“This study brings to light a significant problem, as we see fraudsters intentionally using identities of the deceased at the rate of more than 2,000 per day,” Coggeshall said. “We have no sense of where criminals are getting the numbers, but a certain portion of them probably are coming from public sources, like the Death Master File,”.

What the study showed was that around 1.6 million applications are examples of a fraudster using a fake SSN that matches the SSN of a dead person. The study found out that there were approximately 800,000 instances per year where a deceased person’s identity is intentionally misused and hundred thousand cases where a dying person’s identity is also misused.

What the study also found out was that seriously ill people are being targeted by criminals. There were approximately 2 million cases of Social Security Numbers being used in credit applications where the SSN holder was terminally ill and about to die in the next couple of months.

More about ID Analytics

ID Analytics deals with consumer risk management with patented analytics, proven expertise, and real-time insight into consumer behavior. It combines proprietary data from the ID Network®–one of the nation’s largest networks of cross-industry behavioral data–with advanced science, ID Analytics provides information about identity risk and creditworthiness. A lot of U.S. companies and critical government agencies rely on ID Analytics to help make their risk-based decisions that help increase revenue, reduce fraud, drive cost savings, and protect consumers. ID Analytics is a wholly-owned subsidiary of LifeLock, Inc. The website URL www.idanalytics.com

Alertsec, the leader in data encryption services

You cannot afford to wait any longer. Alertsec Xpress, the market leader in data encryption, is the need of the hour. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption providers in security, performance, strength and ease-of-use for administrators and users. Alertsec also offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.