Log in

Archive for the ‘Encryption’ category

Laptop Ghost strikes at Oregon National Guard

June 22nd, 2010

A laptop which belonged to the Oregon National Guard member was stolen earlier this week forcing the military to contact all the members who might be impacted by this incident.

As per the details by the Oregon National Guard, the laptop was stolen a couple of days ago on 21st of June from a vehicle. Apparently, the laptop was being used by the guard member to do work from home.

Captain Stephen Bomar, Chief of Public Affairs for the Oregon National Guard, said in a news release, “Although this laptop is password protected, with potential exposure of individual personal information, we are doing everything possible to notify individuals about the theft” .

The Oregon National Guard and The National Guard Bureau are individually contacting service members whose sensitive information may be compromised. Legal services are also available in the event a service member needs it through the Oregon National Guard Office of the Staff Judge Advocate.

Once again the incident raises serious eyebrows about the methods adopted by large organizations to secure data, store data and encrypt sensitive and critical information.

The laptop theft incident is not new as earlier in April this year, burglars had attacked the home of Jerome Avery stealing a laptop from his house.

Visit Source story

Get Laptop Encryption now !!

While huge sums are spent on protecting internal networks from hackers, employees are walking out the front door with laptops that not only have vast quantities of data stored on them, but also have applications connecting to internal networks and protected websites.

80% of information theft results from lost or stolen equipment. 50% of network intrusions take place using credentials from lost or stolen equipment. With laptop encryption installed, none of the information or credentials would have been lost.

No comments »

Posted in Encryption, laptop theft

Tags: Government Military National Guard Oregon Oregon Military Department Oregon National Guard Theft United States

Veteran Affairs Department Suffers Data Breach

May 24th, 2010

: Laptop Encryption by Alertsec

Via techdirt.com- The Veterans Administration (VA) should rename itself to the “Ministry of Data Leaks. It is because every year they report loss of a computer/laptop which contains unencrypted data. As a result, several security gaps are being found out in the Department of Veterans Affairs which can potentially lead to data and information security fraud. Once again, two different data breach cases have been reported. In the first incident, an unencrypted laptop was stolen, which held the social security number and other information of 616 veterans. Somedays later, a log book from a medical lab in Texas containing personal information of 3,265 veterans went missing. While it is not clear whether the data was breached, the alarmbells have rightly started ringing. This incident demonstrates the need for VA to work tightly on issues pertaining to cyber security with contractors.

In the first case, the laptop was stolen on April 22 from the personal vehicle of the contractor’s employees. On the discovery of loss, the authorities were identified immediately and subsequently the VA was notified the following day. In addition, both the user account and server access from the laptop was disabled.

In a letter issued to Shinseki, Mr. Steve Buyer, the party member of the house House of Representatives’ committee on veterans affairs said, “We would like to express our deepest concern about the continued use of unencrypted devices within VA, despite the ongoing efforts to stop such use”.

According to Mr. Buyer, 25 of 69 contracts have nothing in the contract related to encrypted data which is more than 28% of the VA’s vendor contracts.

Mr. Buyer added, “I can only conclude from this incident that VA’s procurement processes seriously lack standardization in content, fail to articulate requirements, and [lack] compliance oversight”.

In response to Mr. Buyer’s statement, VA official Katie Roberts mentioned, “The contractor self reported the incident and has disabled the user account and server access from the stolen laptop. No further access from this laptop is possible”.

It is not the first time that a data breach incident has been reported at VA. 4 years ago a similar incident had been reported after the theft of a VA employee’s laptop which contained data of 26.5 million veterans and 2.2 million service members. On that occassion, the impact of loss for VA was worth $48 million resulting due to notification and a class action lawsuit.

Although there was no report of data usage for illegal purposes, the breach resulted in a unanimous legislation for ensuring the security of veterans’ identity and credit information.

Laptop Encryption from Alertsec

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data (techdirt.com)
Stolen VA Laptop Contains Veterans’ Personal Data (techdailydose.nationaljournal.com)
UK firms ignore encryption (newstatesman.com)

No comments »

Posted in Data Protection, Encryption, laptop theft

Tags: Class action Military United States United States Department of Veterans Affairs United States House of Representatives Veteran Veterans Affairs Department Washington

Laptop theft at New Mexico

May 11th, 2010

: Image via Wikipedia

Laptop encryption is vital not only from a perspective of providing protection against laptop theft but also from a view of ensuring the data present inside laptop is secure and upto date.

A couple of months back, an employee for a company that processes dental benefits claims filed for a stolen car report. Apparently, the vehicle’s trunk contained an ‘un-secure/unencrypted’ laptop which had loads of patient information. On learning about the incident, the New Mexico Human Services Department started sending notification messages to nearly 10,000 users of the government’s low-income health insurance program about potential for ID theft.

The information of patients included:

Name
Health plan identification number
A provider identification number but not the name of the provider

Additionally, the agency has also notified 9,500 New Mexicans who use its Medicaid Salud plan about a possible security breach.

Apart from notification letters, the group has set up a toll-free call line through DentaQuest, 1-877-453-8424, to address queries from people affected by the incident. The helpline operates from 9:00 a.m. to 5:00 p.m. MDT, Monday through Friday.

According to the agency, “The computer was password protected but otherwise did not have safeguards to prevent unauthorized access to the information. At this time, the stolen car and laptop have not been recovered and it is not known whether the information on the laptop has been accessed.”

The theft and security breach has been reported to the U.S. Department of Health and Human Services.

Stay Secure with Alertsec

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For more information, visit our website right now.

Encrypting part of /home (bgoglin.livejournal.com)
Health insurance will be reformed by a little known department (kevinmd.com)
Security Breach Threatens Soldiers’ & Civilians’ Personal Information (homesecuritysource.com)

No comments »

Posted in Encryption

Tags: Cryptography Encryption Hard disk drive Health insurance laptop New Mexico security United States Department of Health and Human Services

“SEEN or HEARD anything?” about the Laptop

April 21st, 2010

: Image via Wikipedia

While delivering his talk in South Korea, Dr. Robert Levine would have got little idea that his laptop would be stolen. A couple of months ago, Dr. Levin, a nuerologist specializing in ears, was conducting a lecture and he later discovered that his laptop containing vital information for over 22 years was stolen from the premises.

According to the analysis done by Mass. Eye and Ear it was determined that Dr. Levine’s laptop contained critical demographic and health information of around 3,526 patients all of whom were treated by Dr. Levine at Mass. Eye and Ear during February 3, 1988 and February 16, 2010. Additionally, the laptop also included info of a small number of participants in research conducted by Dr. Levine at Mass. Eye and Ear who were not also Dr. Levine’s patients, as follows:

67 participants in somatic tinnitus modulation research
One participant in pulsatile tinnitus research.

As per the new rules defined by the legislation, the responsible authority has to inform the affected individuals. Following the regulations, Mass Eye and Ear is informing the patients and research participants about the loss of information.

What kind of information was present?

It is typically believed, that Dr. Lveine’s laptop contained the following types of information:

Name, Address, Telephone numbers, E-mail, Date of birth and age, Sex, Medical record numbers, Dates of service, Medical information, including diagnoses, symptoms, test results, and prescriptions, Name and contact information for patient pharmacies and Research participant status.

The light at the end of this news is that critical information like Social Security numbers, financial account numbers, and credit or debit card numbers were not present on the laptop. Due credit needs to be given to the hospital for taking all the necessary action from their side. Letters have been dispatched to the affected individuals and also a notice has been posted on the website to inform all the individuals whose contact data is out of date.

Individuals who fit into one of the categories above, and who do not receive a letter directly from Mass. Eye and Ear, may contact the Mass. Eye and Ear Breach Response Center at 877-313-1395 to determine if they are affected.

According to the hospital, the computer was password protected and contained a tracking device called as “LoJack.” The hospital contacted contacted LoJack and they discovered the installation of a new operating system on the computer following the theft. It was also discovered that the software through which information about the affected Mass. Eye and Ear individuals was not installed again.

On April 9 it was determined that it was unlikely that continued monitoring of the computer would lead to its retrieval, and a command was sent by LoJack to the computer permanently disabling the hard drive and rendering any information, including information about affected Mass. Eye and Ear individuals contained on the hard drive, permanently unreadable.

Although there is no risk of exposure of financial information, it is believed that the information of the patients could be used to obtain medical care or medications in their name.

John Fernandez, Mass. Eye and Ear president and CEO said, “Mass. Eye and Ear apologizes to those affected for any concern, inconvenience, or risk that this incident may cause,”. “We regret that this incident occurred and are taking appropriate steps to protect individuals associated with Mass. Eye and Ear who may have been affected by this breach and to limit or prevent where possible such breaches in the future.”

About Alertsec Xpress

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution.For more information visit us at www.alertsec.com

2 comments »

Posted in Data Protection, Encryption

Tags: Debit card Health care identity theft information security LoJack Social Security number South Korea Theft

Lawsuit filed against Countrywide

April 11th, 2010

: Image via Wikipedia

There is a serious threat to the data of customers in organizations worldwide. Apparently this is the data that contains information about their names, ages, social security number etc. As IT systems become an inherent part of organization’s assets with that we are also witnessing increase in incidents reporting data loss. The impact of this data loss is huge leading to financial implications.

The latest casualty are customers of Countrywide financial. The disturbed customers of Countrywide Financial have filed a class-action lawsuit over the 2008 data breach that enabled company insiders to steal and sell their personal information. According to a Courthouse News Service report, the class-action lawsuit on behalf of 16 plaintiffs seeks $20 million in damages, plus punitive damages.

The data theft was originally attributed to a single employee working over a two-year-period has now exposed tens of thousands of customer records. According to the lawsuit alleges that Countrywide Financial employees have stolen and sold “tens of thousands, or millions” of customers’ personal financial information.

While going through one of the news-stories, we discovered the letter that was sent to the customers. Here is a copy of the letter:

According to the lawsuit the defendants were slow to admit the massive breaches of confidentiality, and offered little or not support. The complaint stated, “Countrywide delayed several months before informing their customers.” “Finally, Countrywide informed only certain of their customers by letter and offered in settlement to refer the customers/borrowers to counseling, when it was Countrywide that needed to review and repair its internal procedures.”

Have a comment? Share your thoughts by commenting on this blog-post.