Log in

Archive for the ‘Identity and Information loss’ category

London Marathon Website in jeopardy – Site leaks sports persons data

April 28th, 2012

London Marathon Participants details exposed

We have been bringing to you several bizarre and interesting stories from the data breach world. A lot of our stories were about IT company data breaches and Medical info breaches. But today’s story comes from altogether another genre of websites. This time data belonging to sports persons has been inadvertently disclosed on the website. Let us get to the bottom of the story.

London Marathon website leaks data

The personal data of 38,000 London Marathon participants was mistakenly published online on April 23; the day after the Marathon event took place. According to the BBC report, the event organizers published the details on the marathon’s web site that were accessible to anyone logging onto the web site on Monday. The details included personal data of celebrities who had taken part in the marathon, including Chef Gordon Ramsa, Nell McAndrew and Labor Party politician Ed Balls.

The problem was first discovered when a television presenter was contacted by a lady who had found her home address on the London Marathon web site. Apparently she saw her address on the section in which commemorative medals could be ordered. The race organizers apologized and now the issue has been resolved.

As to how long the data was actually available on the website is still not known.

The Apology

Nick Bitel, the chief executive of the London Marathon, said: “We apologize for this error, and are grateful to the BBC for bringing it to our attention.

“We immediately made sure that the glitch was corrected.

“We do not believe that this has led to a substantial number of individuals’ details being accessed by members of the public.”

Data Protection Act

Comment by the spokesman for the Information Commissioner: “This is something the Information Commissioner will need to look in to to see how it has come about.

“It’s the reasons these things come about that determine the course of the investigation. ”Every case is different and we will certainly be making inquiries.” As per the Data Protection Act appropriate measures must be taken against accidental loss of personal data.

The act further states that any breaches could be considered either a civil or criminal offence depending on the circumstances.The organizers have tried to downplay the error but if proved then it could amount to a criminal offence.

Negligence can cost embarrassment, monetary loss and bad publicity

The above news item shows that it does not have to be a breach of the data protection act only if a hacker breaks a security code or steals data. Even negligence leading to data exposure is a criminal offence and one has to be extra careful to safeguard personal data of people. You never know how a personal data can be misused in today’s cyber world.

Alertsec can help with data security issues

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on computers.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: BBC data breach data security Ed Balls Enter your zip code here Google Hackers Information Commissioner information security Information Technology London London Marathon Marathon Matt Cutts Monday Nell McAndrew Personally identifiable information Website

Dead folks stirring in their graves as their identities get stolen: Study proves

April 24th, 2012

Credit card frauds tracked by ID Analytics

As if stealing identities of living folks was not enough, ruthless ID thieves are breaking into data of dead people and stealing it! ID theft is becoming a common way of stealing personal data of people without them even knowing it. Hackers make use of malicious software to steal information from other people. Today’s post talks about the lurking dangers of ID theft. What is bizarre is that this report shows that even dead people’s identities are getting stolen!

Survey by ID Analytics

For this particular study it scanned around 100 million applications. It compared social security numbers and other data with that of the data of Social Security Administration’s Death MAster file that tracks down identities of people who have died.

A recent survey undertaken by ID Analytics show that almost 2.5 million dead people become victims of data theft annually. Not many people are aware of identity theft. It is very important to bring more awareness into the field. ID Analytics tracks forms that people fill out during credit card registration. They check for fraudsters.

The firm has been studying fraud trends for a long time now.

What Stephen Coggeshall, chief technology officer at ID Analytics, had to say about the collected data

“This study brings to light a significant problem, as we see fraudsters intentionally using identities of the deceased at the rate of more than 2,000 per day,” Coggeshall said. “We have no sense of where criminals are getting the numbers, but a certain portion of them probably are coming from public sources, like the Death Master File,”.

What the study showed was that around 1.6 million applications are examples of a fraudster using a fake SSN that matches the SSN of a dead person. The study found out that there were approximately 800,000 instances per year where a deceased person’s identity is intentionally misused and hundred thousand cases where a dying person’s identity is also misused.

What the study also found out was that seriously ill people are being targeted by criminals. There were approximately 2 million cases of Social Security Numbers being used in credit applications where the SSN holder was terminally ill and about to die in the next couple of months.

More about ID Analytics

ID Analytics deals with consumer risk management with patented analytics, proven expertise, and real-time insight into consumer behavior. It combines proprietary data from the ID Network®–one of the nation’s largest networks of cross-industry behavioral data–with advanced science, ID Analytics provides information about identity risk and creditworthiness. A lot of U.S. companies and critical government agencies rely on ID Analytics to help make their risk-based decisions that help increase revenue, reduce fraud, drive cost savings, and protect consumers. ID Analytics is a wholly-owned subsidiary of LifeLock, Inc. The website URL www.idanalytics.com

Alertsec, the leader in data encryption services

You cannot afford to wait any longer. Alertsec Xpress, the market leader in data encryption, is the need of the hour. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption providers in security, performance, strength and ease-of-use for administrators and users. Alertsec also offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: AlertSec Xpress Coggeshall Credit card Crime Death Master File Enter your zip code here Federal Trade Commission Fraud ID Analytics identity theft identitytheft Internal Revenue Service LifeLock Social Security Administration Social Security number South American Theft Groups Tax Theft

Backup discs containing personal and health information missing from Emroy Healthcare Data

April 22nd, 2012

Emory Healthcare loses 10 backup disks containing sensitive patient data

How can healthcare companies be so negligent? There is so much sensitive data lying around in a healthcare company that there is simply no excuse but to preserve it well. Unfortunately most of data theft and data breach cases are related to hospital and the healthcare industry. The latest case just affirms the above!

News in brief:

According to Emory Healthcare, a company based in Atlanta, 10 backup disks containing data on 315,000 patients went missing from a hospital storage facility. These disks contained info about surgical patients treated between September 1990 and April 2007.

The news in detail:

The health care system provides clinical care as part of the Robert W. Woodruff Health Sciences Center of Emory University.

The data breach was reported on April 18. The 10 disks contained information on surgical patients treated between September 1990 and April 2007. The disks seem to have vanished from a storage location at Emory University Hospital.

The exact locations were Emory University Hospital Midtown and the Emory Clinic Ambulatory Surgery Center.

228,000 records included Social Security numbers. Rest of the files had patient names, dates of surgery, diagnoses, procedure codes, names of surgeons and anesthesiologists that the patients had seen. The cabinet that contained these discs was not locked even though the office was locked and the hallway had restricted access.

The disks had old data in a software application that Emory had deactivated in 2007. According to the healthcare company, the hospital’s IT systems were not hacked into.

John T. Fox, president and CEO of Emory Healthcare’s statement

“We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information,” , said in a statement. “While we have no evidence at this time that any personal information has been misused as a result of this incident, we want to take all precautions to ensure our patients’ information is safe.”

Ironical is the fact that Fox’s data could also have been hacked into as he underwent surgery during the same period!

What security measures are being implemented post theft?

Emroy’s letter to its patients says “We have taken immediate steps to fortify the protective measures that are already in place,” “New and enhanced data control measures have been implemented accordingly. Those affected by the theft will receive free identity protection services. In addition, the health care system is revamping its current security and privacy policy.

So far there is no evidence to show any of the missing data has been misused. The possibility that the discs could have been simply misplaced cannot be completely rules out at this point of time.

Prevent data theft with Alertsec encryption services

Alertsec is the leader in the field of hard disk encryption as a fully managed service. It provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way.

Alertsec’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

No comments »

Posted in Data Protection, Encryption, Hackers, Identity and Information loss, data breach, data encryption, identity theft

Tags: alertsec April 2007 Atlanta business Cloud computing data breach Data theft Emory Healthcare Emory University Emory University Hospital Emory University Hospital Midtown Health care Health Insurance Portability and Accountability Act Healthcare Information Technology Patient September 1990 Social Security number

Priest’s laptop that contained pornographic images has been stolen: Northern Ireland police investigate

April 15th, 2012

Northern Ireland police are investigating the case of the 'porn stuffed images' stolen laptop

There is a dark side to the Internet as we all know. But when it takes out its ugly face in the public, it creates chaos. Today’s news story is about pornography involving a priest from Northern Ireland. You must be thinking how come a priest got involved in pornography as he is the last person on earth you would associate with this sexual subject. Well, it takes all kinds..

The investigation

Northern Ireland’s police force was investigating the case of a Catholic priest who had managed to project pornographic gay images to a room of primary school parents instead of a presentation on Holy Communion. These were the 26 parents of pupils of St Mary’s school in Pomeroy.

There were 16 indecent images of men on the slideshow. Unfortunately there was one child present during the presentation. Obvisouly the parents were horrified to see these images.

The laptop that contained these images has been stolen! The theft seems just too convenient and needs a detail probe or is the USB stick to blame?

Father McVeigh claims that the USB was used by a number of people so it could have been anybody.

After this horrific incident, the priest returned later and resumed with the actual presentation. Father McVeigh concluded the meeting by saying that the children should donate the money that they get from the Holy Communion to the church.”

According to Father McVeigh, the laptop that he had used during the gay porn incident was stolen from his parochial house. Surprisingly that was the only item stolen during the alleged theft. The Local police, Pomeroy, are looking into the case.

Father McVeigh’s statement

“I don’t know how it happened but I know what happened,” the priest said as news of the incident gained international attention.

“There are people making innuendos who weren’t even there but in this day and age these stories grow. All I can do is let the incident be investigated and be open to that investigation so that what happened can be legitimately explained.”

The Archdiocese of Armagh has ordered an inquiry into the incident. A public appeal has been made by the PSNI but till then the investigation appears to be stuck.

Laptop security with Alertsec

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way.

By using encryption software, you greatly enhance the laptop security as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or senstive data. Our industry news provides a few examples of this.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Identity and Information loss, computer security software, identity theft, laptop encryption, laptop theft

Tags: County Tyrone Eucharist Holy Communion Mary McVeigh Microsoft PowerPoint Northern Ireland Police Police Service of Northern Ireland Pornography Priest Priesthood (Catholic Church) Seán Brady USB USB flash drive

Former Intel engineer, Biswamohan Pani, pleads guilty to data theft charges

April 12th, 2012

Ex-Intel employee charged with Data theft

IT employees have been taking data theft and IT security policies lightly. They think they need not follow them and at times believe they can get away by stealing data. We are not talking about petty thieves here but white-collar employees who can go to lengths to earn money and brand name.

The latest data theft case involves such an IT employee who thought he would get away by stealing data worth $400 billion!

Here goes the story

An ex-Intel engineer, Biswamohan Pani, stole documents worth $200 million – $400 million from Intel. He has pled guilty to stealing the documents and for 5 counts of fraud. Currently he is waiting to hear his sentence.

The case

The case will be heard in US District Court by Judge F. Dennis Saylor in Worcester, Massachusetts. Mr. Biswamohan worked at Intel’s Hudson, Massachusetts location in 2008. He put down his resignation at Intel on May 29, 2008 and requested his last day of work be June 11, 2008. At that time he was already employed by rival AMD and had access to the Intel computer systems.

As he had access to Intel computer systems, he started downloading confidential documents from Intel related to design and manufacture of computer processors. The moment Intel found out, it reported the theft and AMD cooperated with the investigation. What is bizarre is that AMD never asked Mr.Pani to steal the documents, nor were these used by anyone at AMD. Pani is looking at 20 years in prison on each of the five counts of fraud. Pani’s sole purpose for this theft was to boost his career!

AMD official’s statement

“AMD respects the intellectual property of other companies. AMD was completely unaware of Mr. Pani’s actions until we were contacted by the FBI, and we provided our full and prompt cooperation with the investigation.”

The documents were seized by Intel from Mr.Biswamohan’s home.

The justice department’s statement

‘The FBI was able to recover these documents quickly, before Pani could use them to Intel’s disadvantage, largely because Intel reported the theft quickly and assisted the investigation,’.

Corporate espionage and intellectual property theft, in the form of trade secrets, schematics, or other proprietary information is a treasure cove in the wrong hands and a recipe for disaster.

Pani’s lawyer has refused to comment about Pani’s defense.

More about intellectual property theft

More than often intellectual property theft goes unnoticed simply because it cannot be seen the way other thefts are visible. It involves stealing or misusing proprietary information of a company. Intellectual property theft can result in serious financial loss.

Alertsec protects intellectual property theft

It is clear that the security of world’s large corporations is at risk. In the absence of full disk encryption, valuable files can be accessed. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. Data loss prevention systems can also reduce the loss of information. Investing $13/month gives an organization peace of mind. A very small price to pay compared to losing high-quality or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.