Log in

Archive for the ‘Hard Disk’ category

Yahoo admits data breach – 450000 user passwords stolen

July 13th, 2012

Yahoo network breached! 450000 user passwords stolen

Did you check your yahoo email this morning? Hold it right there! Don’t open the account. It could be hacked! Reports are just coming in that Yahoo has been hacked and that 450000 user passwords have been stolen. You could be one of them.

The news in detail

Hacker group D33D broke into Yahoo’s network and stole the login information of about 450,000 individuals who use Yahoo and other popular Internet email services that include Gmail, AOL, Verizon.net, and MSN.

The hacker group stole email addresses and passwords of people signed up for the Yahoo Contributor Network which is a place for budding writers, photographers, and videographers who want to publish their work on the Internet. Users here have a choice to use an outside email address to join the network and hence the stolen information had user names and passwords for accounts on multiple email services.

Yahoo spokeswoman Dana Lengkeek’s statement

“Users whose network passwords matched their email passwords were vulnerable to being hacked. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users, and notifying the companies whose users accounts may have been compromised,” . “We encourage users to change their passwords on a regular basis, and also familiarize themselves with our online safety tips at security.yahoo.com.”

Why did Yahoo not encrypt?

It is hard to believe that Yahoo did not even take the basic safety precaution such as encrypting passwords. The best thing for anyone to do so as not to get their accounts hacked is to keep changing their passwords more than often.

An authority on security said “The key thing is from a corporate perspective: perhaps invest more in security,”. “If Yahoo! didn’t [encrypt their passwords], they were probably cutting corners on other things.” There’s no way to know if you’re hacked, but a password change is probably a good idea. “I would recommend if people know that they use that particular network, change their password,” he said, “and if they feel uneasy about it, change their password anyway.”

Why did D33Ds do what they did?

According to D33Ds they stole the data and put a note describing the download “as a wake-up call and not as a threat.” The hacker group wants to prove how vulnerable Yahoo really is.

What is Yahoo doing to prevent this from happening again?

Yahoo is in the process of fixing this critical bug that led to the data breach. It also plans to change affected users’ passwords and notify companies with accounts that might have been compromised.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Hard Disk, Identity and Information loss, computer security software, data breach, data encryption, full disk encryption, identity theft

Tags: AOL Associated Content Email address GMail LinkedIn MSN Password Ross Levinsohn security SQL injection User (computing) Yahoo Yahoo Contributor Network Yahoo Mail

Glasgow City Council’s laptop containing customer details stolen

June 17th, 2012

Glasgow City Council falls prey to laptop theft

Are councils jinxed? You wonder as data breaches seem to be following so many of these councils! There’s either a data breach reported or laptop stolen from councils! Lessons are learnt the hard way but in this case what other way will these councils learn to protect their customer data?

The case of the missing laptop

Thousands of people and businesses were in shock when they found out that the laptop containing their personal information and bank account details was stolen from Glasgow City Council.

The theft took sometime either on Monday 28^th or Tuesday 29 at the council offices located on Cochrane street. The Information Commissioner is looking into the matter. According to the Strathclyde Police, the laptop was password-protected but not encrypted. It was not clear how much data was missing till last Wednesday.

The laptop contains data related to 17,692 companies and 20,143 individuals. The data has names and addresses and, in the case of 16,451 customers, bank account details. Currently a complete internal audit is being carried out.

Comment by the Council Spokesperson

“We are in the process of writing to the people affected by this theft to alert them to the data loss and offer them advice about what steps they might need to take.

“We’ve also provided them with a phone number they can use to contact us if they have any questions.

“We are sorry that this has happened and apologize for the inconvenience it has caused. Anyone with any information on the theft should contact Strathclyde Police.”

He added: “Customers should remember that no one from the council would ever call at their home or telephone them to ask for personal information, such as banking details.

“A bank will never ask for a customer’s PIN or for a whole security number or password.”

Comment by Glasgow SNP group leader Graeme Hendry:

“This is a matter of deep concern, with the personal details of some very vulnerable people amongst those stolen from council property.

“This is not the first time that such a data breach has occurred in Glasgow City Council – with information relating to social work and psychological reports having previously been lost – but the sheer scale of this loss is staggering.

“An investigation is now under way, and if the people of Glasgow are to have any confidence in their council’s data security in future, they must fully explain how such a huge data loss could occur, and what steps will be taken to prevent this in future.

“As part of this, the council must explain why it seemingly took over a week for them to realize the extent of the data loss, and almost a further week for this to be made public.”

Helpline for the affected

The affected customers can contact us on 0141 287 0400 between 9am and 5pm, Monday to Friday. In case anyone has information on the theft or who wants to report suspicious activity should contact their local police office.

Alertsec wants you to encrypt your laptops and stay secured

Alertsec Xpress is a very easy and convenient service which enables us to secure valuable information on our laptops. Alertsec Xpress has found the ultimate way of deploying the protection via the web. They have found the ultimate way of deploying the protection via the web. They are the no.1 encryption service provider for hundreds of banks and financial institutions worldwide.

No comments »

Posted in Computer security, Data Protection, Hackers, Hard Disk, Identity and Information loss, Uncategorized, data breach, data encryption, identity theft, laptop encryption, laptop theft

Tags: Bank account Customer data breach Data loss Encryption Glasgow Hardware Information Commissioner laptop Notebooks and Laptops Personally identifiable information Politics of Glasgow Strathclyde Police

Tel Aviv’s D.A. charges six people with a massive data theft: Personal details of millions of Israelis exposed

May 14th, 2012

Tel-Aviv - A massive data theft surfaces. The DA charges six people of stealing and selling data

Data breach/ data theft can take place in multiple ways. By accessing unauthorized data, by stealing diskettes or USB sticks. By stealing documents, by copying data and selling it to another vendor without authority. Also what is disturbing but true is that the perpetrators are often people who are of a decent background, earning good money. Some of them do just because it gives them a ‘technological high’, some do it because they think it will help them in their career.

The latest data theft news from Israel proves that the perpetrator was somebody who came from a good educational background but wanted to make a fast buck.

Data theft news from Israel – In brief

Tel Aviv’s District Attorney charged six people with a major data theft that leaked the personal details of millions of Israelis.

The stolen data contains full names, ID numbers, and addresses, dates of birth, family status, and names of siblings. In addition, it includes an extensive search engine allowing users to determine extended family relations of any Israeli in the database.

The perpetrators sold the data to Haredi charities.

Data theft news – In detail

This data theft took place in 2006 and it contained detailed personal information on nine million Israelis including minors, deceased persons and citizens living abroad.

Shalom Bilik, a former Social Affairs Ministry contractor, who had access to the database during his work at the ministry, copied the data and took it home without permission. Bilik’s contract with the ministry ended in 2006 and soon thereafter, he began to provide computing services to an ultra-Orthodox organization in Jerusalem. He used to install the database on computers there.

The persons indicted other than Bilik are Avraham Adam, Yosef Vitman, Haim Aharon, Moshe Moskovitz and Meir Leiver.

Adam worked at the ultra-Orthodox charity. He used the stolen data after Bilik gave it him. He later passed the data on to Vitman, who volunteered at the charity. Vitman then sold a copy of the stolen database to an independent computer consultant called Aharo who combined it with a copy of the voter registration database and eleven other databases. Aharon later sold the combined database to other people and gave it to a computer programmer, Moskovitz, who in turn sold it to other people.

Moskovitz then updated the database with a sophisticated search program and named the final database ‘Agron’ (‘Glossary’). He allegedly stole it to other interested parties. The database finally ended up with Leiver who then decided to call it aRi and sold it overseas.

The Indictment

According to the indictment, the six men are charged with various offenses under the Privacy Protection Law, which attract a maximum five-year prison sentence. Bilik is also charged under the Penal Code with removal of a document from custody and passing it to a third party, which attracts a maximum five-year prison term and Leiver is charged with destroying evidence, after allegedly attempting to disrupt the investigation by deleting computer files.

Alertsec strives hard to protect data

Alertsec’s encryption service helps protect data and secure your computer systems. Alertsec Xpress offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Hard Disk, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: Bilik Computer security Crime data breach Data theft Encryption Enter your zip code here Haredi Judaism Israel Israelis Jerusalem Tel Aviv Theft USB flash drive

Payroll data of home-care workers goes missing in the mail – Los Angeles County news

May 12th, 2012

Data breach of home-care personnel in the County of Los Angeles

Another breach where data of home-care personnel goes missing! We cannot stress enough the importance of protecting health-care data. It is so crucial and sensitive and the chances of it getting misused is very high, especially data belonging to ill people and vulnerable children.

Payroll data goes missing

700,000 people who offer or get home care for the elderly and disabled have become victims of data breach. Their payroll data has lost its way in the mail, as told by an internal government email.

According to the email, the breach was found out on Wednesday. Hewlett Packard handles the payroll information for workers in California’s In-Home Supportive Services program. According to them the data disappeared en route in the mail to a state office in Riverside.

“While we continue to investigate, at this time we can’t confirm whether the information was damaged, lost or stolen,” the email said.

As soon as it was learned that the package had disappeared, an investigation started and as of now the Police are looking into the theft. The affected parties are being notified via email. The spokesperson for the California Department of Social Services, Oscar Ramirez, has confirmed the breach.

Security policies are being changed to avoid such mishaps.

Comment by lobbyist, Deborah Doctor

“That’s unbelievable,” said Deborah Doctor, a lobbyist at Disability Rights California. “This will be very worrying.”

According to Ms Doctor the worst hit are the low-income people in the program for whom English is often not their first language, while others are too blind to read notices from the government about the missing data.

Approximately 40% of employees and recipients in the program are based out of Los Angeles County.

Late night update

According to a news release sent out late Friday said, “The package containing the information was reported as damaged while being shipped by the U.S. Postal Service and the information contained in the package was incomplete upon delivery.”

The package that contained the data was mailed on April 26 and arrived May 1. The state was not notified for another week. The breached data from October to December 2011, for 375,000 workers included names, Social Security numbers and wages. State identification numbers may have been leaked for about 326,000 recipients.

Time to use Alertsec to protect your vulnerable and sensitive data

Data encryption is the key here. Alertsec is into data protection and it does a fine job of securing data.

Alertsec Xpress includes pre-boot authentication, which ensures that only authorised users are allowed to access the computer. A common misconception is that a bios password conveys the same level of security as the pre boot protection included in Alertsec Xpress. This is not the case.

BIOS level protection schemes only protect the actual BIOS settings.

To secure stored data, it must be encrypted. Once encrypted with full disk encryption, the files will be inaccessible to any unauthorized person and immune to the widely available password cracking tools.

Get Alertsec and leave the data security to us!

No comments »

Posted in Computer security, Data Protection, Encryption, Hard Disk, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: AlertSec Xpress California California Department of Social Services data breach Deborah Doctor Enter your zip code here Hewlett Packard Home care Los Angeles County Los Angeles County California Missing data Social Security number The Package (Lost) United States Postal Service

Pentagon-run TRICARE admits to breach bigger than initially reported

May 7th, 2012

WASHINGTON, DC - FEBRUARY 03: U.S. Rep. Ed Markey (D-MA) demands data security from Pentagon

Carol Keller’s nightmare started last December when she was informed that her personal and medical information had been stolen almost four months earlier, thanks to a Pentagon contractor who had left 25 computer tapes in the back seat of a Honda Civic in Texas. Keller finally knew what had caused the fraudulent purchases from her debit account.

Pentagon Health Insurance Program – Tricare

Keller is among the 70,000 military personnel, retirees, and their families across New England who are victims of one of the largest-ever breaches of medical data. Approx. 4.7 million people may be in deep trouble because of this breach. These military families are dependent on Tricare for their insurance.

Victims such as Keller have filed a class-action lawsuit seeking unspecified damages. It is frustrating that Pentagon relies on contractors and outdated computer storage technologies to house and transport personal information.

Representative Edward J. Markey comments:

“The bottom line is that people in charge of safeguarding our service members’ personal data need to transition from the 20th century to the era of iPads,’’ said Representative Edward J. Markey, who is demanding more answers from the Pentagon on its medical privacy policies. “TRICARE had given me no assurance that it is moving toward such a modern system.’’

The contractor – Science Applications International Corp

The contractor receives about $20 billion a year in Pentagon contracts.

Apparently the contractor “has experienced no fewer than six security failures’’ since 2005. These failures include privacy data, the suit alleges, including a break-in at a company facility in California in 2005 in which the Social Security numbers and financial transactions of 45,000 top military and intelligence officials were stolen.

What the Spokesman for Science Applications International Corp had to say?

“We don’t know what specific instances that they are talking about, whether they are SAIC, whether they might be a vendor of some kind to us, and we don’t want to get into a dialogue about pending litigation,’’.

“Reading the data on the tapes would require knowledge of and access to specific hardware and software, which is commercially available, but would also require knowledge of the system and data structure on the tapes,’’.

He further added that the company has no evidence that the information on the computer tapes stolen last year from a San Antonio parking garage was accessed by outsiders and that it would be difficult to decipher the tapes.

The Plaintiffs

Plaintiffs in this case are Ms Keller, the spouse of a decorated war veteran, the 5-year-old daughter of an Air Force officer, and a retired major. According to them their credit cards were canceled without their knowledge for suspicious transactions; unauthorized withdrawals were made from their bank accounts; and telemarketers hound them.

Data security with Alertsec

Alertsec Xpress is used in all organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe.