Log in

Archive for the ‘data encryption’ category

Goldman Sachs programmer Sergey Aleynikov’s data theft conviction overturned

February 21st, 2012

Goldman Sachs programmer Sergey Aleynikov’s data theft conviction overturned

Today’s new story is a classic case of data theft wherein an employee on his last working day stole code and transferred it to his new employer! Does it not sound like the last story we covered about SunPower Vs SolarCity? What is it with employees who think they can get away by stealing data from their employer’s office? Are they trying to get even in some way?

Well, let us see what made the judges overturn Sergey Aleynikov’s data theft conviction!

It all started in June 2009

On his last day at work, Aleynikov stole trade secrets from his employer, Goldman Sachs. Apparently he sent hundreds of thousands of lines of source code for Goldman’s high frequency trading system to a server in Germany, in order to build a HFT system for his new employer, Teza Technologies. Aleynikov also sent copies of these files to his home computer. He was found guilty of data theft and was sentenced to eight years in prison. He was lucky enough to be released last week after a panel of judges at the U.S. Court of Appeals reversed his conviction. Why was the conviction overturned is a question yet to be answered by the court.

The case is U.S. v. Aleynikov, 2nd U.S. Circuit Court of Appeals, No. 11-1126. The lower court case was U.S. v. Aleynikov, U.S. District Court, Southern District of New York, No. 10-00096.

Kevin Marino, Aleynikov’s lawyer’s argument

According to Kevin Marino the only code taken by his client was open source was orginally written by him. Marino further added that Aleynikov only intended to use the code as a ‘cheat sheet’. “There is no trade secret,” Marino said in court. “He took it to make his new job easier; he never intended to harm Goldman.”

Sergey Aleynikov’s comes out of prison

“Justice occasionally works,” was what the Russian-born programmer, Sergey Aleynikov, had to say.

According to him he “just jumped all over the place” at 6 a.m when he read an email from his lawyer informing him that the 2nd U.S. Circuit Court of Appeals in Manhattan had reversed his conviction. The words were, he said, “‘we won!’”

“This is such big news to me that I don’t have time to think about what will happen tomorrow,” said Aleynikov, dressed in a gray sweat suit and white sneakers. “Today, it’s a victory.”

What this news means for the intellectual property world?

The court’s reversal of Aleynikov’s conviction is a major setback for organizations who are fighting to curb intellectual property crime that includes computer code.

“The government wanted to send a very strong message about online economic espionage,” said Joel Reidenberg, a professor at Fordham University School of Law and director of the Fordham Center on Law and Information Policy.

“This is a fast-growing crime, not just from theft of trade secrets but also the hacking into computer systems of American companies,” he said. “It poses increasingly significant risks to the U.S. economy.”

Protect yourself with Alertsec

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Hard Disk, Identity and Information loss, Lawsuits and settlements, Security Flaw, computer security software, data breach, data encryption, identity theft

Tags: Aleynikov business Crime Data theft Employment Fordham University School of Law Goldman Sachs identity theft Insurance policy Kevin Marino Manhattan Marino Sergey Aleynikov Theft United States Court of Appeals University of Victoria

SunPower ex-employees accused of stealing data – Rival company SolarCity also sued

February 20th, 2012

SunPower Solar Plant - SunPower accuses SolarCity of data theft

Loyalty has taken a different face in today’s fast-paced, money-minded world. Employees run where the money is more. They don’t bother about their employer anymore. Whatever happened to loyalty and honesty?

Today’s news story about data breach shows to what length an employee can go to make money and break rules. You will get a feeling that you are watching a spy thriller!

SunPower Vs SolarCity

SunPower, the California-based, solar panel maker and power plant builder, sued its rival SolarCity and five ex-employees for allegedly stealing secured data and passing it on to SolarCity when they joined the company last year.

The suit

Apparently SolarCity misused the data by poaching SunPower’s customers. The suit was filed in U.S. District Court for the Northern District of California. According to the suit, a 10-year veteran of SunPower, Tom Leyden, downloaded proprietary information from SunPower’s servers and its accounts onSalesforce.com just before he left the company to join its rival SolarCity. He joined as vice president of commercial sales last August. He later (ex- managing director of SunPower’s East Coast operations) recruited three SunPower employees – Dan Leary, Felix Aguayo and Alice Carthcart – to SolarCity. SunPower alleged that these three employees along with another ex- SunPower employee Matt Giannini, downloaded proprietary sales data from the company’s computers before resigning.

“The forensic analysis established that, shortly before heaving SunPower, defendants Leyden, Giannini, Leary, Aguayo and Carthcart connected personal USB devices and used them to steal tens-of-thousands of computer files containing SunPower confidential information and non-confidential proprietary information,”. “These files included at least quotes, deals, proposals, contracts, and files containing forecast analysis, market analysis, business analysis and information downloaded from the www.salesforce.com database.”

“Leyden connected at least three personal USB storage devices within days of leaving SunPower,” the suit adds. “At least one of these devices was a portable external hard drive with 2 terabytes of storage capacity.”

SolarCity’s statement

SolarCity’s commercial market share has grown significantly in the past few years and this growth threatens SunPower,”. “Over the past few months, following its acquisition by a foreign oil company, a number of SunPower’s best salespeople decided to join SolarCity.”

“SolarCity takes trade secret issues very seriously and we will ensure that we act in accordance with the law,” the company spokesperson further added.

About SolarCity

SolarCity was the brain-child of Lyndon and Peter Rive and is one of America’s largest solarinstallers. Tesla Motors’ chief executive, Elon Musk is the chairman of SolarCity’s board of directors. Till date it has completed more than 17,000 installations.

About SunPower

SunPower designs and manufactures high-efficiency solar cells and solar panels for residential, commercial and utility clients and boasts of more than 5,000 employees worldwide.

How can Alertsec help protect data?

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Uncategorized, computer security software, data breach, data encryption

Tags: business California data breach Elon Musk Employment Peter Rive SolarCity SunPower SunPower Corporation Tesla Motors United States District Court for the Northern District of California USB mass-storage device class

The University of North Carolina at Charlotte is the latest victim of data breach

February 16th, 2012

English: University of North Carolina at Charlotte

The UNCC investigates data breach

We have been covering news reports about data breaches across organizations and healthcare centers. Schools and Universities are also targets of data thefts. This story comes from Charlotte, North Carolina. The UNC’s sever has been hacked and students are being informed about the data theft.

Tune into these details

An online security breach has been reported from the Charlotte college campus and authorities are scrambling to figure out how much data has been compromised. The breach hit Wednesday afternoon and since then students and the staff are being informed.

An email was sent out to all students which said ”potentially significant data exposure of its Information Systems.”

According to University officials, important data was available on the Internet which actually should not have been there at all. But perhaps due to some staff’s mistake it went online and now it was at risk of getting exposed. The breach was discovered last month but was admitted only now.

Student comments:

Javon Hargrove said “I don’t understand it, he said. ”I’m just playing it by ear I guess to try to make sure it gets resolved and my information wasn’t stolen.” “I’ve actually changed, like, all of my passwords for the websites through campus so hopefully that will help,” he said.

Hassi Payne, a freshman, is glad the University waited to tell the news all these days.

“It’s definitely good they waited, I think, because it, they kind of got more of sense what was going on so the public didn’t freak out, “she said.

What does the University’s Vice-Chancellor have to say about the incident?

“We have corrected the issues that we are aware of,” Jay Dominick, Vice Chancellor of Information Technology said. “But we are still conducting a full assessment.” ”While the University has taken aggressive action to address the incident, this firm will perform further analysis to determine if any data were wrongfully accessed or remain vulnerable.”

The Vice chancellor continued “I also want to assure you that the University is taking this issue very seriously,” Dominick continued. “As we learn more about it, we will share more with you. On behalf of my entire organization, I apologize for the mistake and promise that we will do everything in our power to ensure that it does not happen again.”

A toll-free number and website has been set up for students to get the latest update on the event.

According to the UNCC leaders the investigation might run into several weeks. The moment the University learns that any of hits student’s data is at risk, it will immediately inform the concerned student.

AlertSec’s security services

Not only Corp-orates but schools and universities ought to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

To protect information on laptops with encryption is of paramount importance if you want to comply to today’s legislation, not to mention the peace of mind for people managing security for a mobile workforce. We have found Alertsec Xpress to be secure, yet easy to use and implement.

No comments »

Posted in Data Protection, computer security software, data breach, data encryption

Tags: alertsec AlertSec Xpress Charlotte Charlotte North Carolina data breach information security Information Systems Information Technology List of mayors of Charlotte North Carolina North Carolina North Carolina's 9th congressional district organization Republican Party (United States) security Sue Myrick United States University of North Carolina-Charlotte

ICO fines Croydon Council for negligence – Children data stolen from Pub

February 13th, 2012

Croydon council has to pay a heft fine for data breach

Data related to children is the most sensitive one, especially when it is about sex abuse victims. This data ought to be ‘heavily’ guarded in the sense that it must be encrypted so that it does not get into the hands of hackers. Misuse of such data can lead to dire consequences. Today’s story talks about negligence shown by the Croydon Council wherein children data was stolen.

As the story unfolds

The ICO (Information Commissioner’s Office) fined CROYDON Council n amount of £100,000 after a bag carrying papers related to child sex abuse victim was taken from a pub.

According to the ICO CROYDON Council had breached the Data Protection Act because it did not encrypt the data and failed to follow security measures.

Well, obviously the council is not happy about it and is considering appealing the verdict. It feels this fine is a bit too heavy.

Apparently a social worker, an employee of the council, had taken this bag along to a pub that he was visiting. Needless to say the bag was unlocked. A perfect opportunity for a thief and he made the most of it! This happened in April 2011. The worst part is that these documents were related to a child abuse case and 6 other people who were a part of it.

ICO head Stephen Eckersley’s comments:

“We appreciate that people working in roles where they handle sensitive information will – like all of us – sometimes have their bags stolen.

“However, this highly personal information needn’t have been compromised at all if Croydon Council had appropriate security measures in place.

“One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient.

“Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training.”

The council did inform the concerned parties immediately but that cannot be given as an excuse for leaving vulnerable data unattended. The bag has not been found till date.

CROYDON’s comment:

“The council is perplexed and frustrated by the commissioner’s general criticism of our data protection and information handling guidance, as many of our internal measures and policies appear to have been disregarded in reaching this judgment.

“The council also believes, having taken advice, that the level of fine is wholly disproportionate to the breach.”

Time to implement security measures and quality assurance technology

The above story shows we are living in a volatile world where anything and everything can go wrong in a jiffy. We have to be prepared for the worst, especially this information world of Internet. Information is flowing at an immeasurable speed hence all the more need to secure it from falling into the hands of the wrong people. The above report is a wake-up call for all the council and Information companies. In short check and double check.

As of now it is not mandatory for private bodies to disclose data breaches. But sooner than later, that law will come into effect and hopefully the common-man will breathe a sigh of relief.

Bring in Alertsec

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. There are no short cuts to Data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Encryption, computer security software, data breach, data encryption

Tags: AlertSec Xpress breach notification breach notification laws Check Point Computer security Council Tax Croydon Croydon College Croydon Council Data Protection Act 1998 Encryption ICO identity theft Information Commissioners Office Information privacy Information sensitivity London London Borough of Croydon Needless Norfolk security Sexual abuse

The Eircom Group admits to a major data breach – records of 7000 customers stolen

February 12th, 2012

In one of the recent posts we talked about the lurking dangers behind using laptops. This post is another example of how vulnerable mobile devices like laptops, smart phones are. There’s always a chance of them getting stolen especially when you are traveling or leave them unattended.

The Eircom Group Laptop Theft Story

The company admitted on Friday that 3 of its laptops were stolen. 2 from Eircom’s offices at Parkwest in Dublin between December 28, 2011 to January 2, 2012. The third was stolen from an employee’s residence on December 19. It goes without saying that data on all these machines was not encrypted.

More than 6,845 eMobile and Meteor customers, as well as 686 employees have lost their data.

EIRCOM’s statement

“The data at risk for the vast majority of customers is personal data including names, addresses and telephone numbers. There is a small group of approximately 146 customers where financial data including bank account details may be at risk.

“Separately, there is also a risk to data held within 404 Meteor customers. The data specifically concerns post-pay customers who applied online between January and July 2011.

“The personal data at risk includes details such as an applicant’s name, address, and telephone numbers as well as a range of documentation used to support a customer application such as passport and drivers licence details, various photo ids or utility bills which all may have been used to establish proof of identity.

“In some cases financial data such as bank account, laser or credit card details is also at risk.”

Due to this theft, the company’s policy is under the scanner. As of now it is not known if the stolen data has been misused in any way. According to Data Commissioner Billy Hawkes this is one of the most serious breaches so far. The other concern expressed by the commissioner is that Eircom was late in informing its customers about the breach. “Encryption of laptops where you do permit personal data to be stored on them is bog-standard security so it’s extremely surprising that in two separate incidents Eircom laptops were not encrypted,” Mr Hawkes said.

Precautionary steps being taken by Eircom

“More than 20 customer care agents and account managers have initiated a contact programme to telephone all 550 customers whose financial data may be at risk.

“The agents will notify the customers of the risk and inform them of the specific data involved. They will also answer any questions or concerns they may have. In addition, all impacted customers will be notified by letter.

“As a precautionary step, we have contacted the Irish Banking Federation, who has notified their members of the potential risk to data for affected eMobile and Meteor customers.”

The number 1 laptop encryption service – Alertsec

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now Powered by Check Point Full Disk Encryption