Archive for the ‘Identity and Information loss’ category

« Older Entries

Data Breach Report 2010 by ITRC

July 3rd, 2010

The Identity Theft Resource Center (ITRC) has released a data breach statistics report for 2010 for all incidents that involved data breach till June 22,2010.

Apparently, the year has already witnessed 325 incidents which has lead to the exposure of 8.3 million recosrds. This number definitely indicates that the overall incidents for they year 2010 will exceed the cases that had happened in 2009. The reported incidents in 2009 were 498.

While the Business industry had accounted 208 of the total incidents in 2009, this year the number has already reached 121 incidents. In 2009, the cases reported from the Government/Military sector were 2009, while this year they have already reached 54.

The most surprising of all the categories is the Banking sector. While last year (2009) there were ‘57′ standing at 11.4% of the total breaches. This year inside 6 months, while the number has grown to ‘37′ the percentage of incidents has dropped to 11.1%.

Once again – The report highlights a key and an alarming fact. 41.8% of the stories have been reported from the business vertical.

Statistical reports like these are a fair lesson for organizations to implement proper security policies in place. Not only do the organizations need to be proactive they also need to take appropriate measures to encrpy data, implement computer security software, data enryption methods etc.

Data Security with Alertsec Xpress

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles by Zemanta
Enhanced by Zemanta

No comments »

Posted in AlertSec Xpress, Identity and Information loss

Tags:

Data Breach Incident at HMRC

May 27th, 2010

HMRC London Office

HM Revenues & Customs, a government department has apologized to the eligible tax credit claimants for a serious data breach incident due to which personal information of over 50,000 people was exposed.The story was first broken over by The Register as they received a tip from one of their readers. Apparently, the reader had received a tax credit notice that contained details of two other recipients’ work, childcare and pay details.

In response, Paul Gerrard, the director of tax credits at HMRC, apologised for the error. HMRC issued a response which said, “HMRC takes data security extremely seriously. Unfortunately an error has occurred in one of the tax credits print runs causing some customer information to be wrongly formatted. Investigations are underway to identify the cause of the problem and we will be contacting affected customers in writing this week, apologising and providing a corrected award notice. An initial analysis shows that ID theft could not result from this printing error.”

While the number of tax credit notices dispatched are not exactly clear, it is believed that around 50,000 tax credit notices were dispatched.

Owen Roberts from Callcreditcheck.com (an organization monitoring customer accounts for ID fraud) mentioned, “HMRC’s claim that this isn’t enough to commit ID fraud is only half-true. It could be enough for the beginnings of a path to fraud, or the icing on the cake for a potential fraudster.”

In a similar incident two-and-half years ago, the confidential details of 25 million Child Benefit claimants were burnt on two unencrypted CDs and popped in post. Infact last year, the department at HMRC had also indicated good progress in removing the ability to transfer data to USB sticks and CDs with the exception of compelling business cases.

Many people are of the opinion that printing was outsourced to some third party company who were expected to do a proper job but instead they messed up the situation.

Computer Security Software by Alertsec

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution. The AES encryption algorithm and extensive 3rd party certifications offer you security that is used by millions. Try it for free today.

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe.

Related articles by Zemanta
Reblog this post [with Zemanta]

No comments »

Posted in AlertSec Xpress, Identity and Information loss

Tags:

Finance Giant DA Davidson Reprimanded for Data Breach

April 14th, 2010
Data Loss, Inc.
Image by RobotMachine via Flickr

In a nutshell, this can be termed as a surprising incident and an attack for which the official authorities were totally unprepared. The financial giant, DA Davidson has been fined $375,000 by US authorities for a series of failures that allowed criminal hackers from Latvia to steal vital customer information and threat them towards dire consequences. Closely similar to other such incidents of hacking, it is believed that confidential information of nearly 200,000 customers was stolen.

The information that has been leaked includes customer account numbers, social security numbers, names, addresses, dates of birth etc. It is believed that the database of the consulting company was compromised 3 years back in December 2007 by unknown hackers using simple SQL injection attack.

The company D.A. Davidson is a brokerage firm and regional investment bank based in Great Falls, Montana. Additionally, they also have presence in Oregon and overall, they have over eight offices in the state and a 105-employee investment banking operation.

A spokesman of the company said that the invaders used a sophisticated technique law enforcement officials had seldom before seen.

It was only when the hackers sent a threatening email the following month the company realized that they had been hacked. Although, the authorities could have easily identified the attacks through the web-sever logs. On their side, the hackers were offcourse demanding large amount of money.

After learning about this attack, the organization made appropriate notifications in the law authorities and also provided an update to their customers. In coordination with the secret service group, it was identified that 4 members of an attack were responsible for the hacking attack. Three of them were brought down from easter europe for legal charges in the federal court in US.

Although FINRA (Financial Industry Regulatory Authority) appreciated DA Davidson’s efforts post attack discovery, they also blasted the authorities for their lacklustre attitude before that. A high profile consulting team had advised D.A. Davidson to upgrade their computer systems and infact the customer database was not even encrypted and DA Davidson authorities had kept the password as default blank in place.

According to James Shorris, executive director, enforcement, Finra: “Broker-dealers must be especially vigilant about protecting its customers’ confidential information, which includes ensuring that its technology is sufficient. In this case, the firm placed its database containing confidential customer information on a server that was perpetually exposed to the Internet, but failed to implement basic safeguards to protect that data – even though the firm had been advised before this incident to implement an intrusion detection system.”

Try Alertsec’s Encryption Software in 3 Easy Steps

Our encryption software protects your computer in just a few minutes!

  1. Register your subscription or 30-day free trial.
  2. Download and activate Alertsec Xpress.
  3. Your computer is now fully protected
Related articles by Zemanta
Reblog this post [with Zemanta]

1 comment »

Posted in Identity and Information loss, Lawsuits and settlements

Tags:

ING Compromises Customer Data

February 14th, 2010

Millions of people use search engines like Google to access all sorts of information every day. It’s become a common practice for users to search their names to see what comes up.

Imagine doing that and seeing your personal information show up in the search results, available for anyone to see. Everything including your address and social security number would appear. A security breach by the Internationale Nederlanden Groep (ING), a worldwide financial service provider, made this horror a reality for 106 of its customers. Though the file which hosted the compromised data has since been removed, the repercussions of the breach are still largely unknown.

Investigating the Breach

A filing [PDF] from the company to the the New Hampshire Attorney General’s Office explained:

On January 25, 2010 a customer alerted her securities broker to the fact she was able to access customer information through the ingfunds.com website. An electronic file containing customers’ personal information was inadvertently made accessible through the ingfunds.com website due to an isolated error, which has been resolved. The file was mistakenly posted to the website in August 2008. The error was quickly detected and the ability to access the file via link on the website was removed. The file, however, remained accessible through a specific search conducted via a web search engine. The file included the name, address, account number and social security number for 106 shareholders.

It’s remarkable that ING stored the private details of some of its customers on a file that wasn’t encrypted or even hosted on a private server. What’s really striking as dangerous is the fact that accessing this information wouldn’t require any complicated hacking- a clever search engine user could stumble on the social security numbers and do untold damage! Customers of financial institutions deserve a higher class of service- organizations like ING have a responsibility to ensure that the information they’re entrusted with remains well-protected.

Next Steps and Lessons for ING

While poor data security is hard to forgive, ING has acted quickly to resolve the issue and has done everything possible to help the customers affected. On top alerting the authorities in a timely manner, the company has conducted investigations into each customer’s account and announced that no suspicious activity had occurred. As an additional apology, ING offered a free year of credit monitoring and fraud coverage to the 106 customers to help prevent the future risk of identity theft.

Unfortunately, ING can’t get rid of this embarrassing situation that easily. Mainstream media will pick up the story and will end up damaging the business’s reputation and brand image. More so, the error may be a lot a more serious than the company realizes. It’s very likely that a number of the 106 victims will leave ING and take their business elsewhere. Some may even sue the company, especially if they incur damages due to the security breach. Identity theft may have already happened- sometimes it takes a while for the crime to be noticed. Even the Attorney General may end up imposing a fine for irresponsible business practices!

Keeping customer data secure should be an imperative for any business organization. Companies need to protect private information to avoid all the problems that ING will have to deal with in the coming weeks and months. Had ING encrypted the files which contained personal user details and stored them on a private server, this debacle could have easily been avoided.

Further Reading
ING Fund client data exposed on the web for 18 months [Office of Inadequate Security]

1 comment »

Posted in Data Protection, Encryption, Identity and Information loss, Lawsuits and settlements

Tags:

The Cost of a Data Security Breach

February 7th, 2010

Putting a cost on data security can be tricky- in many cases, the possible damage varies from business to business. However, this isn’t any excuse to think that small or medium businesses are somehow immune from incurring large expenses due to poor computer protection. Even if a significant amount of money isn’t lost directly, reputations and relationships can be seriously damaged. However, let us start off by examining just how much you could lose if your organization suffers a data security breach.

Losses as a Business

Data breaches are becoming more and more common in today’s corporate environment and it’s not rare for an organization to become a victim because of poor security practices. Companies in any industry can suffer serious monetary loss by not having encryption software and other security services  protecting their sensitive information. In fact, a recent study on data security breaches found that:

The average total per-incident costs in 2009 were $6.75 million, comprised of an average cost of $204 per customer with a jeopardized record… The most expensive data breach within the ambit of the study cost almost a whopping $31 million dollars to resolve.

The research also found that breaches by malicious attacks and botnets doubled from 2008 to 2009 and are only likely to keep increasing. As a result, use of encryption software has been on the rise as well. 58% of the respondents in the study reported that they’re using encryption to add extra security, an increase from 44% of respondents in 2008. The study closes with a powerful thought:

At the end of the day, while the press may not be reporting as much on data breaches as in the past, these breaches certainly are not going away. They must be handled proactively.

Other Costs to Consider

On top facing losses from an operational standpoint, you’re liable to face additional penalties. Even if court trials are avoidable, the local government may be able to fine your business. In the United Kingdom, a new law will become effective in early April providing British businesses yet another reason to invest in data encryption software. The BBC reports:

The Information Commissioner’s Office will be able to issue fines of up to £500,000 for serious data security breaches…. Other factors will include the size and finances of the organisation at fault…. Individual cases will also be assessed on whether the breach was accidental or deliberate, and how much distress the leak of information caused.

The law is meant to act as a deterrent, encouraging companies to make sure their data is secure and their customers are protected. The law should also be an incentives for companies to realize that data encryption is important and plays a significant role in protecting the interests of any business. It’s very likely that other countries will follow and impose similar legislation to lower the number of security breaches. If you can avoid fines and losses of millions of dollars, investing in our hard drive encryption software is well worth it. Sign up for a free trial and make sure your organization doesn’t end up having to experience the cost of a data security breach first hand!

Further Reading
Data security breaches cost real money [Lexology]
Data losses to incur fines of up to £500,000 [BBC News]
Internet Security [Flickr via BlakeWilliams]

3 comments »

Posted in Data Protection, Encryption, Identity and Information loss