Log in

Archive for the ‘Data Protection’ category

Dead folks stirring in their graves as their identities get stolen: Study proves

April 24th, 2012

Credit card frauds tracked by ID Analytics

As if stealing identities of living folks was not enough, ruthless ID thieves are breaking into data of dead people and stealing it! ID theft is becoming a common way of stealing personal data of people without them even knowing it. Hackers make use of malicious software to steal information from other people. Today’s post talks about the lurking dangers of ID theft. What is bizarre is that this report shows that even dead people’s identities are getting stolen!

Survey by ID Analytics

For this particular study it scanned around 100 million applications. It compared social security numbers and other data with that of the data of Social Security Administration’s Death MAster file that tracks down identities of people who have died.

A recent survey undertaken by ID Analytics show that almost 2.5 million dead people become victims of data theft annually. Not many people are aware of identity theft. It is very important to bring more awareness into the field. ID Analytics tracks forms that people fill out during credit card registration. They check for fraudsters.

The firm has been studying fraud trends for a long time now.

What Stephen Coggeshall, chief technology officer at ID Analytics, had to say about the collected data

“This study brings to light a significant problem, as we see fraudsters intentionally using identities of the deceased at the rate of more than 2,000 per day,” Coggeshall said. “We have no sense of where criminals are getting the numbers, but a certain portion of them probably are coming from public sources, like the Death Master File,”.

What the study showed was that around 1.6 million applications are examples of a fraudster using a fake SSN that matches the SSN of a dead person. The study found out that there were approximately 800,000 instances per year where a deceased person’s identity is intentionally misused and hundred thousand cases where a dying person’s identity is also misused.

What the study also found out was that seriously ill people are being targeted by criminals. There were approximately 2 million cases of Social Security Numbers being used in credit applications where the SSN holder was terminally ill and about to die in the next couple of months.

More about ID Analytics

ID Analytics deals with consumer risk management with patented analytics, proven expertise, and real-time insight into consumer behavior. It combines proprietary data from the ID Network®–one of the nation’s largest networks of cross-industry behavioral data–with advanced science, ID Analytics provides information about identity risk and creditworthiness. A lot of U.S. companies and critical government agencies rely on ID Analytics to help make their risk-based decisions that help increase revenue, reduce fraud, drive cost savings, and protect consumers. ID Analytics is a wholly-owned subsidiary of LifeLock, Inc. The website URL www.idanalytics.com

Alertsec, the leader in data encryption services

You cannot afford to wait any longer. Alertsec Xpress, the market leader in data encryption, is the need of the hour. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption providers in security, performance, strength and ease-of-use for administrators and users. Alertsec also offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: AlertSec Xpress Coggeshall Credit card Crime Death Master File Enter your zip code here Federal Trade Commission Fraud ID Analytics identity theft identitytheft Internal Revenue Service LifeLock Social Security Administration Social Security number South American Theft Groups Tax Theft

Backup discs containing personal and health information missing from Emroy Healthcare Data

April 22nd, 2012

Emory Healthcare loses 10 backup disks containing sensitive patient data

How can healthcare companies be so negligent? There is so much sensitive data lying around in a healthcare company that there is simply no excuse but to preserve it well. Unfortunately most of data theft and data breach cases are related to hospital and the healthcare industry. The latest case just affirms the above!

News in brief:

According to Emory Healthcare, a company based in Atlanta, 10 backup disks containing data on 315,000 patients went missing from a hospital storage facility. These disks contained info about surgical patients treated between September 1990 and April 2007.

The news in detail:

The health care system provides clinical care as part of the Robert W. Woodruff Health Sciences Center of Emory University.

The data breach was reported on April 18. The 10 disks contained information on surgical patients treated between September 1990 and April 2007. The disks seem to have vanished from a storage location at Emory University Hospital.

The exact locations were Emory University Hospital Midtown and the Emory Clinic Ambulatory Surgery Center.

228,000 records included Social Security numbers. Rest of the files had patient names, dates of surgery, diagnoses, procedure codes, names of surgeons and anesthesiologists that the patients had seen. The cabinet that contained these discs was not locked even though the office was locked and the hallway had restricted access.

The disks had old data in a software application that Emory had deactivated in 2007. According to the healthcare company, the hospital’s IT systems were not hacked into.

John T. Fox, president and CEO of Emory Healthcare’s statement

“We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information,” , said in a statement. “While we have no evidence at this time that any personal information has been misused as a result of this incident, we want to take all precautions to ensure our patients’ information is safe.”

Ironical is the fact that Fox’s data could also have been hacked into as he underwent surgery during the same period!

What security measures are being implemented post theft?

Emroy’s letter to its patients says “We have taken immediate steps to fortify the protective measures that are already in place,” “New and enhanced data control measures have been implemented accordingly. Those affected by the theft will receive free identity protection services. In addition, the health care system is revamping its current security and privacy policy.

So far there is no evidence to show any of the missing data has been misused. The possibility that the discs could have been simply misplaced cannot be completely rules out at this point of time.

Prevent data theft with Alertsec encryption services

Alertsec is the leader in the field of hard disk encryption as a fully managed service. It provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way.

Alertsec’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

No comments »

Posted in Data Protection, Encryption, Hackers, Identity and Information loss, data breach, data encryption, identity theft

Tags: alertsec April 2007 Atlanta business Cloud computing data breach Data theft Emory Healthcare Emory University Emory University Hospital Emory University Hospital Midtown Health care Health Insurance Portability and Accountability Act Healthcare Information Technology Patient September 1990 Social Security number

The Ninth Circuit’s decision allows an employee to steal data from own company

April 17th, 2012

Seal of the United States Court of Appeals for...

The Ninth Circuit's decision is going to affect organizations significantly

Good news for all those who surf Facebook at work! It ain’t a crime anymore, folks! Thank the Ninth Circuit for it. It has come up with a decision which will sound good to all those who ’steal’ data from their own company.

The Ninth Circuit’s decision

The Ninth Circuit has explained the application of the Computer Fraud and Abuse Act (CFAA) to individuals who breach company computer policies. Staff who intentionally does it to defraud may be criminally charged. Employees who breach access policies for personal reasons where no fraud is involved do not violate the law.

This decision was reached during the case of United States v. Nosal. David Nosal allegedly requested his ex-colleagues to violate company policy and send him a copy of a digital customer list. He was charged by the prosecutors under the CFAA that states that it is illegal when an individual:

“…knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value.”

For the Ninth Circuit to violate the law, an employee must (1) violate the employer’s use restrictions (2) with the intent to defraud (3) and by means of such conduct further the intended fraud and obtain anything of value. The court is fully aware of the decision’s implications but has clarified that it has no intention of “mak[ing] criminals out of millions of employees who might use their work computers … to access their personal email accounts of to check the latest college basketball scores.”

More about CFAA

CFAA is held in 18 U.S.C. 1030, which defines conduct considered to be fraud and abuse of federal computer systems. This computer security law has been changed multiple times since its inception. The reason to bring CFAA into effect was because of the rising data thefts. The act was intended to protect computers and the owners of the information from trespassing, threats, espionage, and use as instruments of fraud.

What will this ruling do to small and medium companies?

This ruling provokes executives and leaders to give a strong consideration to its employees about accessing sensitive data. This decision alters the concepts of computer security, policies, tools, and the previously established laws.

There are chances that this decision will be appealed in the Supreme Court as it might pose a negative effect on the organizations and could be misused.

A litigation attorney’s take on the matter

‘‘The court clearly left open the possibility of prosecution for insider hacking—for instance, if an employer restricted the data that employees can access on company computers,’’. As a result, employers might want to consider adopting better internal security processes to limit employees’ access to specific segments of their networks, and granting access to sensitive information only on a ‘‘need-to-know’’ basis.

Implementing security measures with Alertsec

Time and again it has been proven that most laptops are stolen or valuable document taken from the place of work. Alertsec Xpress is is the web-based service powered by Check Point Full Disk Encryption – the global leader in encryption for laptops and is used by big and small organizations that have recognized the need to protect their information.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, computer security software, data breach, data encryption

Tags: Alex Kozinski CFAA Computer Fraud Computer Fraud and Abuse Act Crime Facebook Fraud Ninth Circuit Supreme Court of the United States United States United States Court of Appeals for the Ninth Circuit

Former Intel engineer, Biswamohan Pani, pleads guilty to data theft charges

April 12th, 2012

Ex-Intel employee charged with Data theft

IT employees have been taking data theft and IT security policies lightly. They think they need not follow them and at times believe they can get away by stealing data. We are not talking about petty thieves here but white-collar employees who can go to lengths to earn money and brand name.

The latest data theft case involves such an IT employee who thought he would get away by stealing data worth $400 billion!

Here goes the story

An ex-Intel engineer, Biswamohan Pani, stole documents worth $200 million – $400 million from Intel. He has pled guilty to stealing the documents and for 5 counts of fraud. Currently he is waiting to hear his sentence.

The case

The case will be heard in US District Court by Judge F. Dennis Saylor in Worcester, Massachusetts. Mr. Biswamohan worked at Intel’s Hudson, Massachusetts location in 2008. He put down his resignation at Intel on May 29, 2008 and requested his last day of work be June 11, 2008. At that time he was already employed by rival AMD and had access to the Intel computer systems.

As he had access to Intel computer systems, he started downloading confidential documents from Intel related to design and manufacture of computer processors. The moment Intel found out, it reported the theft and AMD cooperated with the investigation. What is bizarre is that AMD never asked Mr.Pani to steal the documents, nor were these used by anyone at AMD. Pani is looking at 20 years in prison on each of the five counts of fraud. Pani’s sole purpose for this theft was to boost his career!

AMD official’s statement

“AMD respects the intellectual property of other companies. AMD was completely unaware of Mr. Pani’s actions until we were contacted by the FBI, and we provided our full and prompt cooperation with the investigation.”

The documents were seized by Intel from Mr.Biswamohan’s home.

The justice department’s statement

‘The FBI was able to recover these documents quickly, before Pani could use them to Intel’s disadvantage, largely because Intel reported the theft quickly and assisted the investigation,’.

Corporate espionage and intellectual property theft, in the form of trade secrets, schematics, or other proprietary information is a treasure cove in the wrong hands and a recipe for disaster.

Pani’s lawyer has refused to comment about Pani’s defense.

More about intellectual property theft

More than often intellectual property theft goes unnoticed simply because it cannot be seen the way other thefts are visible. It involves stealing or misusing proprietary information of a company. Intellectual property theft can result in serious financial loss.

Alertsec protects intellectual property theft

It is clear that the security of world’s large corporations is at risk. In the absence of full disk encryption, valuable files can be accessed. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. Data loss prevention systems can also reduce the loss of information. Investing $13/month gives an organization peace of mind. A very small price to pay compared to losing high-quality or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Hackers, Hard Disk, Identity and Information loss, Lawsuits and settlements, Security Flaw, computer security software, data breach, data encryption, identity theft

Tags: Advanced Micro Devices AMD Biswamohan Pani Computer security Data theft Employment FBI Federal Bureau of Investigation Hudson Massachusetts Intel Theft United States district court

Visa drops Global Payments Inc. after data breach

April 9th, 2012

Global Payments Inc. investigates data breach incident

‘Shop till you drop’ say most credit card companies as it is so easy to shop these days with a credit card. It is becoming a paperless world, everything these days is ‘card’ driven. But the following news item makes you wonder if you should go back to the traditional way of paying in cash!

The report in detail

A massive data breach at Global Payments has exposed 1.5 million credit card accounts. Visa, MasterCard and American Express firms process their payments through Global Payments. Thieves managed to access credit card numbers, security codes and expiration data. This breach has led Visa to think twice about Global Payment being its vendor. American Express is investigating the loss towards its customers and Discover Financial Services is in the process of reissuing new cards. Needless to say, the share price has taken a fall; it fell by 3% on Monday and dropped to 9% on Monday.

Few days after the breach, thieves exported the stolen information to Global payments but were not lucky enough to access customer names, addresses and social security numbers.

Emerging details

Global Payment’s spokesperson said “Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained”. The spokesperson further added “We expect to be reinstated once we have been issued a new report of compliance,” noting that the company continues to process transactions for its merchants and customers.

The Statement

Chief Executive Paul Garcia admits that he wasn’t surprised when pulled Global’s name from the list of vendors. There is a strong possibility that Mastercard will follow suit.

“MasterCard is investigating a potential account data and it has alerted payment of card issuers regarding certain MasterCard accounts that are potentially at risk.” The breach is currently going through an ongoing forensic review by an independent data security organization.

Update from Garcia – The breach has been “absolutely contained.”

Measures being taken post-breach

Global Payments is working with regulators, industry third parties and law enforcement officials to minimize the after-effects to those affected by this breach. Compared to other recent credit card breaches, this one appears to be a small one. The Heartland breach was pretty massive wherein 130 million cardholder accounts were exposed. Heartland had to bear about about $147.1 million in costs related to its breach, including about $110 million for settlements with Visa and MasterCard. TJX Cos.breach in 2007 involved 40 million to 90 million card accounts, incurred $256 million in costs.

About Global Payments

Global Payments is contracts with merchants to provide card processing. The company is the seventh-largest merchant acquirer in the U.S. based on the volume of Visa and MasterCard payments it processed in 2011.

Protect your sensitive data with Alertsec’s encryption service

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. There are no short cuts to Data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.