Breach at Yale

Summary: It has become a regular phenomenon. Another serious data breach. This time  its Yale University whose data has been compromised, thanks to Google indexing !

The story

Alumni, faculty and staff belonging to Yale were recently informed that the names and Social Security numbers of 43,000 people affiliated with Yale were accessible via Google search engine for the last 10 months.

Here is an extract from the letter sent by Yale:

“A Yale computer file that contained your name and Social Security number was stored for 10 months in a way that left it accessible to Google Internet searches,” the letter explained. “The computer file was created in 1999 and was inadvertently moved to an insecure section of a computer server in July 2005. At that point, the file was no longer fully protected but could not be located by an ordinary Internet search engine. The situation changed in September 2010, when Google modified its search engine in a way that allowed it to locate files stored on servers like the one holding this file.”

According to Len Peters, Information Technology services director for Yale,
“the file and its directory had innocent sounding names, and someone encountering the file via Google would not be able to figure out what was in it without first opening it up”.

“It was pretty well-hidden, with a very inconspicuous file name,” said Peters, in a statement.

How was the breach discovered?

As soon as Yale discovered on June 30 that its data was left open on an unsecured server, it immediately blocked the FTP server from the Internet and deleted all the server’s data. The compromised victims have been offered identity theft insurance and free credit report monitoring services for two years by Yale.

Google made a major change in Sept that allowed its search engine to index and find FTP servers. Unfortunately Yale university IT officials were oblivious to the change.

Series of University breaches

A similar type of breach was reported in June where Southern California Medical-Legal Consultants Inc. (SCMLC) said that the names and Social Security numbers of about 300,000 people who had filed for California workers compensation had been were exposed. This happened because data on the internal server remained exposed to search engines.

There was another one where a server containing Social Security numbers and other personal information of more than 7,000 former Purdue University students was accessed last week. The breach occurred April 5, 2010, and affected students who took math courses from 2000 through the summer session of 2005, according to the statement.

Protect your servers with Alertsec

Alertsec Xpress offers a customizable data encryption software solution from Checkpoint, the industry leader in encryption software (former Pointsec). Alertsec has come up with a web based encryption service that helps in deployment and management of PC encryption.

The need of a Data encryption software and recovery software is felt by big and small companies in today’s vulnerable data world. The threat could have simply been reduced to an insurance matter by a mere investment of $13/month. Certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

Data Encryption

As the technology is upgrading day by day, people are getting more involved to their work and they have very little time for the things which seem negligible at the starting but can be very dangerous in future. In today’s world 99% people are more interested in sending and receiving data through internet and mobile data storage devices. But among those 995 people 90% people do not encrypt their data though they know that the data contains personal information and the chances of data lose or hacking is very high.

Sending data through internet has high chances of getting hacked. Because the number of hackers are increasing in a rapid rate day by day and those hackers are so efficient in their job that they can easily hack the unencrypted data from the internet. And if those hacked data contains any sort of personal information then they can misuse those data, even they can make some criminal offenses by using those data and without doing anything wrong you will become a criminal. At the time of sending data through internet lot of people can easily access your data if your data is not encrypted.

Another importance of data encryption is that is helps to protect your computer from viruses. Though you may think that your computer/ laptop is protected enough because of the anti-virus and router you are using, but remember keeping your data safe from the hackers is not that easy. And if your computer becomes virus affected, then any other computer presents in your office or home can be easily affected by the virus.

Now internet is available in the hostels, cyber cafe, hotels and those connections have no protection. So the data can easily be hacked of accessed by some other person.

And data encryption also helps to protect the data of different mobile data storage devices. As the data storage devices sometimes contain personal or sensible data, so the loss of any storage device can be very harmful for us. Because any one can misuse those data. But we will keep our data encrypted then we will be sure that no one can misuse those data.

These are the main reason behind the data encryption. Data encryption not only keeps our data safe but also helps us to be tension free.

About Alertsec:-

Alertsec Xpress is the No.1 encryption service provider for hundreds of banks and financial institutions worldwide. They are providing 24*7 customer service system. By offering computer protection software, encryption with lowest TCO (Total Cost of Operation), Checkpoint and Pointec they are assuring to make data secure. For more details about Alertsec log on to: http://www.alertsec.com

Flah Drive

As the number of laptop and data storage device robbery increasing day by day, the negligence of different organizations about the implementation of data encryption software and laptop encryption software come to the notice of ICO. Though ICO is trying hard to make all the organizations aware about the importance of encryption of data but the organizations are showing to less energy to encrypt the laptops and data storage devices. As a result of that any short of data or device loss is making huge effect on the organization.

ICO came to know that recently at Queen Marry Hospital a flash drive which contained the details of the patients of that hospital had been lost. Though the main copy of those data has been stored in a computer with password protection but the data in the flash drive was neither encrypted nor password protected.

The hospital informs that the flash drive contained the names and id numbers of at least 19 patients of them. From this we can easily understand the situation that is going to occur if the incident came to the notice of those patients. And not only in this hospital but this thing is happening in everywhere like; schools, different organizations even in antivirus developing organizations also. A source of the hospital informed that the data was stored in the flash drive from a password protected computer to upgrade the computer. The management of the hospital immediately lodged a report to the police and they assured that the treatment of the patients would not be affected due to this incident.

Such type of incidents shows us the importance of data encryption software, computer security software. If encryption is enabled in our system and storage devices then we do not have to worry about the manipulation of data after the data has been lost. Though a lot of encryption software is available in the market and ICO is trying their best so that every organization uses those encryption softwares to protect their system and data but due to unawareness and negligence most of the organizations show lethargy to implement it in their organizations. ICO has decided to take some serious steps so that every organization will implement those softwares in their organization.

Though the hospital informed the police and the patients and apologized to them for their mistakes, just to put off the light from their fault but everyone can easily understand the effect of this incident.

About Alertsec:-

Alertsec is one of the leading data encryption software providers. Alertsec offers computer protection that is convenient and affordable. Analysis of the total cost of ownership of the Alertsec Xpress solution and the major alternatives show that the benefits of the Cloud Service can cut the TCO by up to half.

In a high security breach malicious hackers have penetrated into more than 75,000 machines in 2500 companies across the US & rest of the world.. Not only have the breached the security, but also they have obtained access to confidential data from commercial and government entitites across the globe.

According to the security firm, NetWitness, the attacks have compromised the login credentials of over 68,000 accounts revealing the new banking site information. Raising serious eye brows about the type of computer security software, the report mentioned a “dangerous new ZeuS botnet (a malicious programme)”.

Apparently, the Zeus botnet tool kit, allows criminals to infect and remotel control of users’ PCs. The Zeus tool kit can be purchased on the payment of some dollars. Swiss anti-spam activist Roman Hüssy operates the ZeusTracker website, which keeps watch on several Zeus control servers that are used by various gangs of criminals.

Alex Cox, who works at NetWitness & uncovered Kneber said, “When we detected the correlation between the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on threats such as Zeus”.

Kneber is described as a command-and-control system botnet based on the ZeuS Trojan and is based on the older version of 1.2 Zeus. First discovered in January, the malicious programme collects login credentials of online financial systems, social networking sites like Facebook & corporate email systems from infested computers and reports the information to miscreants.

NetWitness CEO and former Director of the National Cyber Security Division Amit Yoran said that cyber criminals like the Kneber crew target and compromise thousands of government and commercial organisations globally.

The unaware employees were caught on the backfoot when they downloaded the hacked software from the sites which were administered by the hackers. They were baited into opening emails which contained these infected attachments.

According to Yoran, “Because they’re using multiple bots and very sophisticated command and control methods, once they’re in the system, even if you whack the command and control servers, it’s difficult to rid them of the ability to control the users’ computers” .

According to WSJ, there were many companies hit by this attack including Cardinal Health, located in Dublin, Ohio, and Merck. Once the infected computers were identified they were immediately removed from the network. Also caught were the educational institutions, energy firms, financial companies, internet service providers are even  government agencies were penetrated.

In a statement issued by the security firm, the scope of these attacks scaled across the United States, Saudi Arabia, Egypt, Turkey and Mexico.

To help keep your business data protected in an effective way, explore our secure encryption software solutions. Unlike competitors, our software won’t be hacked and it provides an independent layer of encryption. Try a free 30-day trial now!

Related articles by Zemanta

• Kneber botnet catches 2,500 companies worldwide (guardian.co.uk)
• Virus breaches 75,000 computers, study says (msnbc.msn.com)
• New virus has breached 75,000 computers: Study (calgaryherald.com)