Log in

Archive for the ‘Data Protection’ category

Amazon’s shoe retailer Zappos attacked – Data of 24m gets affected

January 18th, 2012

Zappos center in Kentucky

You love shopping online, don’t you? It is easy, less time consuming and you can do it in your Pajamas ! No need to drive in the middle of the night to shop and waste a gallon of gas! Just a click of a button and your gift is at your door-step.

Hang on! The ‘easy’ shopping just got ‘difficult’ because you entered your credit card details online and now they are vulnerable. You thought they were secure but think again.

The recent hacking case of Zappos, Amazon’s shoe retailer, puts doubts in your mind about online shopping.

The news in detail

Information related to as many as 24 million customers was hacked into at the online shoe and clothing retailer Zappos. The retailer has requested customers to change passwords.

Zappos CEO Tony Hsieh posted an open letter online to all Zappos employees. Excerpts from the letter a “cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.” “The most important focus for us now right now is the safety and security of our customers’ information. Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help them through the process of choosing a new password for their accounts,” adding that the existing customer passwords had been terminated.

CEO Tony Hsieh further added, “We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident.”

The hacker most probably gained access to customer name, email address, billing and shipping addresses, phone numbers, the last four digits of the customer card numbers and the customer’s “cryptographically scrambled password.” Fortunately full credit-card and payment information has not been accessed by the hacker. This is the biggest cyber-attack since the Playstation Network hack last year. The site has been closed down for now especially for its international users. According to Zappos Amazon servers have not been affected by the hack.

Security revamp

Zappos is working with the police to investigate the matter and find out if the data was downloaded from its servers. The company has no idea as yet as to how and from where the attack originated. Zappos has discontinued its toll-free number and is responding only via email. Customers have been requested to change their passwords.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, computer security software, data breach, data encryption

Tags: Amazon.com Credit card Customer Email address Kentucky Online shopping Password PlayStation Network Seattle security Tony Hsieh Zappos

Stratfor site relaunched – Story continues

January 15th, 2012

Stratfor relaunches site post hack attack

Stratfor is officially back but its servers are heavily burdened due to its offer of free access. Stratfor CEO criticized the attackers for targeting the company, an email said. Stratfor aka Strategic Forecasting is back online after it was hacked into last month.

The new site

Stratfor relaunched the new site on Jan. 11 exactly 18 days after the hacking group Anonymous hacked into its servers on Dec. 24. The hackers hacked Stratfor’s servers and took away data related to its subscribers and also defaced the site. The information that was dumped online included 75,000 credit card numbers and 860,000 usernames and passwords. Almost 50,000 of the addresses had a .mil or .gov domain. According to a Stratfor spokesperson there was going to be a delay with the site re-launch. The company planned to bring in a team of consultants and experts to tackle the security issues. The company further decided to move all credit card management activities to a third-party company so that customer data remained secure.

According to George Friedman, CEO of Stratfor “This was our failure,”. “I take responsibility. I deeply regret that this occurred and created hardship for our customers and friends.” “I felt bound to protect our customers, who quickly had to be informed about the compromise of their privacy. I also felt bound to protect the investigation,” Friedman said. The FBI had informed credit card companies of the breach and had provided a list of compromised cards, so “our customers were therefore protected,” he said, adding, “We were not compelled to undermine the investigation.” “This attack was clearly designed to silence us by destroying our records and the website,”.

What went wrong?

Apparently Stratfor had failed to encrypt credit card data and had stored the information in cleartext. After the passwords were analyzed, it was seen that security practices were not followed.There was no check on passwords when they were created by users.

Friedman further added “We were no longer an organization that analyzed the world for the interested public, but rather a group of incompetents, and conversely, the hub of a global conspiracy,”. According to him the media had publicized “incompetents” part while the hacking community focused on the “global conspiracy” part.

Relaunch offer

The site was made free to all visitors for a limited time. But that did not last long as due to heavy traffic on the site, it had to be closed down. ”Due to the high volume of interest in our new website, we are currently encountering a service interruption. We are working with outside experts to increase our capacity to handle the increased traffic to the new website,” according to a message posted at Stratfor.com.

Protect yourself with Alertsec

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Identity and Information loss, computer security software, data breach, data encryption

Tags: anonymous Austin Texas Bank card number Check Point Company Credit card Dec. 24 FBI Federal Bureau of Investigation Friedman George Friedman Hackers Personal computer Stratfor YouTube

University of Victoria loses banking data of 11,000 accounts during a break-in

January 11th, 2012

Universities and schools have wealth of data and thus are vulnerable to data thefts. It is of utmost importance to store this data, either online or offline, in a safe place.

Today’s news story revolves around data theft at the University of Victoria, B.C. Canada.

Over the weekend electronic devices like laptops, mobiles and storage devices were stolen from the University. In addition, cheques and a small amount of cash was stolen too. The stolen information contained names, payroll information and social insurance numbers of UVic employees dating back to Jan. 1, 2010. The disturbing aspect of this case is that the information stolen belonged to current and former employees and also contractors. Also disturbing is the fact that some of this information, especially the names, social insurance numbers and banking information was unencrypted.

According to Gayle Gorril, the univerity vice-president “It included … bank account information needed for direct deposits, social insurance numbers and payroll information,” Gorrill told CBC News late Monday. She further added that an information line has been set up on the website and that employees are being contacted. The affected individuals will be reimbursed bank fees and new checks, promised Gorrill.

Saanich police and a forensic investigator are working on the case. According to the Police this work is of more than one person.

What the Privacy commissioner has to say about the theft?

According to Elizabeth Denham, the privacy commissioner, sensitive information must be encrypted at all times. Also public and private organizations must take measures to protect personal data. Denham further said. “A social insurance number is a sensitive piece of information because it’s a key to many other data about individuals, and it’s one of those numbers you can’t change,”. ”We are concerned because this type of information can be used for identity theft and fraud — it’s potentially harmful for individuals.”

UVic employees are constantly calling the Coast Capital Savings credit union’s call centre for information. They have been requested to close their accounts and set up new ones. The employees have also been asked to track their credit card transactions.

Employee reactions

“Number of credit alerts successfully placed on my credit report: None.”

Caitlin Morrison, a graduate student and employee, said, “You would hope that an organization like the university would have better systems in place to avoid such a widespread problem.”

Janni Aragon, a political science instructor, feels that the university should have informed employees immediately.

“I know a lot of my colleagues are angry we found out at the end of business day [Monday],” she said.

More about laptop security from Alertsec

Laptops generally get stolen from the work place, conference centers, hotel rooms, cars, airports and train stations. It is difficult to prevent theft as opportunists are everywhere in our society.

Best bet would be to make sure having a fresh back-up on a server or back-up device.

Lastly, by using encryption software, you greatly enhance the laptop security as there is no way that the information is compromised if lost or stolen.

University of Victoria sign at campus entrance...

Data stolen from the University, suspects at large

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Canada CBC News Coast Capital Savings Data theft Employment Gorrill laptop Monday Theft University of Victoria

Anonymous is back with a bang! This time they breach Stratfor Inc.

January 9th, 2012

Stratfor Inc hacked and credit card data stolen

Anonymous has always been in the news for data hacking and just when we were wondering what they were up to, they are here! This time they have been successful in breaching data of the security Think-Tank Strategic Forecating Inc, based out of Austin.

The details

The group managed to hack into Stratfor’s web site and get data about the company’s corporate subscribers. This resulted in the website being closed down temporarily. Anonymous was proud to announce that they stole passwords, credit card details, and home addresses of about 4,000 people on Stratfor’s private client list. Their plan was to use the credit card information to make fraudulent donations to charities. The hackers described the data on Pastebin, then provided several links to websites hosting the information. According to them some 50,000 of the e-mail addresses released end in “.mil” or “.gov.”

Strangely enough, some representatives of the Anonymous group denied complete responsibility of the attacks. According to an Anonymous spokesman “it does not attack media sources.” The organization has been known for its hacks on Sony’s PlayStation services, the Church of Scientology, as well as companies, banks, and organizations that supported WikiLeaks.

What business is Stratfor into?

The company offers its clients like the U.S. Air Force, the Miami Police Department, and Apple, high-quality economic, political, and even military analysis to clients, delivered daily via email, video, and the Web.

After the hack

Stratfor is offering a free one-year subscription to an identity protection service to those affected. Stratfor’s CEO, George Friedman confirmed on the company’s Facebook page on Monday that the hack disclosed the names of some corporate subscribers along with personal and credit card data.

Barrett Brown, spokesman for Anonymous said “This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade,”. “Many of those contacts work for major corporations within the intelligence and military contracting sectors, government agencies and other institutions.”

Stratfor’s chief George Friedman’s statement

“While addressing matters related to the breach of Stratfor’s data systems, the company has been made aware of false and misleading communications that have circulated within recent days,” said Friedman. “Specifically, there is a fraudulent email that appears to come from George.Friedman[@]Stratfor.com.”

High profile attacks are making the rounds and security agencies are scrambling to get the security policies of such companies in place. Stratfor’s website is under repair as of today and will take some time before it gets back in shape.

Alertsec equips firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: anonymous Austin Austin Texas Consultants Credit card data Facebook George Friedman Hack Miami Police Department Pastebin security Stratfor United States Air Force Website Wikileaks

Another unfortunate coincidence for Telstra – Data breached again!

January 3rd, 2012

Heard of the same company becoming a victim of data breach twice within weeks? Well, it is certainly strange and unheard of but the recent breach at Telstra breaks the pattern! Telstra has experienced another data breach, it is yet to recover from the earlier one!

How did Telstra manage to become a victim for the second time?

The Australian reports that the breach took place Friday morning. Customer data was seen online via a spreadsheet that was deployed by one of the company’s consultants on Editgrid.com. As soon as Telstra learnt about it, the site that contained the sheet was taken down and access to Editgrid was disabled. The company admits that thousands of emails addresses, phone numbers and postal details were leaked but passwords, credit or financial information was not compromised. A total of 1500 customers were affected by this breach.

What did the spreadsheet contain?

The spreadsheet held records of BigPond clients who contacted the telco’s customer service department for technical assistance. In addition the spreadsheet contained ticket numbers and job descriptions of complaintss lodged by Telstra customers. The online file also had details of customer callbacks and information about faulty equipment. According to a Telstra spokeswoman “Our customers’ privacy is paramount and the site was disabled within an hour of Telstra being made aware of it”.

What is Telstra doing about the incident?

Telstra is reaching out to the customers and informing them about the incident. The customers will also be trained about data security.

Telstra back in news for another data breach

The earlier breach

The Privacy Commissioner is currently working on the earlier breach and now has been notified about the second one. No doubt, he is going to be a busy man. In the last breach around 80,000 customers were affected when private information was exposed through a website search tool. Passwords had gotten exposed and Telstra had to reset all of them. Mr Pilgrim, the commissioner, had to look into Sony PlayStation and Vodafone’s major breaches.

Customer data was seen online via a spreadsheet that was deployed by one of the company’s consultants. As soon as Telstra learnt about it, the site that contained the sheet was taken down. The company admits that thousands of emails addresses, phone numbers and postal details were leaked but passwords, credit or financial information was not compromised. A total of 1500 customers were affected by this breach.

As per the latest update, Telstra customers have not yet been contacted about this latest breach. No wonder they are angry and are waiting to hear from the company.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.