Log in

Archive for the ‘Lawsuits and settlements’ category

Powys County Council to pay £130,000 fine to ICO for data breach

December 9th, 2011

Powys County Council in deep waters over data breach

Last few posts mentioned about fines being imposed on councils who have breached the data protection act. But this post breaks all records. It talks about how Powys County council was asked to pay a fine of £130,000 to ICO for data breach. This is the biggest fine ever!

The ICO’s office was conferred powers to impose fine on data breaching organizations on April 2010. Assistant Commissioner for Wales Anne Jones says”There is clearly an underlying problem with data protection in social services departments and we will be meeting with stakeholders from across the UK’s local government sector to discuss how we can support them in addressing these problems,”.

The strange part is that Powys County Council had earlier breached this act twice but had not gotten caught. But this time luck was against the organization and it is expected to pay a hefty fine. Here is the ICO’s statement regarding the earlier data breaches “Two separate reports about child protection cases were sent to the same shared printer. It is thought that two pages from one report were then mistakenly collected with the papers from another case and were sent out without being checked. The recipient mistakenly received the two pages of the report and knew the identities of the parent and child whose personal details were included in the papers. The recipient made a complaint to the council and a further complaint was also submitted by the recipient’s mother via her MP.”

The first incident was written off as an ‘once in a blue moon’ error but then a second one occured where a social worker sent data about another child to the same member of the public who was also familiar with the child.

Ann Jones further added”This is the third UK council in as many weeks to receive a monetary penalty for disclosing sensitive information about vulnerable people. It’s the most serious case yet and it has attracted a record fine. The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations.”

The ICO had given an warning to the council to revamp its security policies or be ready to face consequences. Not much has changed in terms of security, the latest breach makes that all too clear. Now the ICO has threatened to take the council to court if it does not get back on its feet and beef up its security measures. The ICO has further made it compulsory for the counil to train its staff on how to follow the council’s guidance on the handling of personal data by 31 March 2012, along with refresher training provided every three years.

Alertsec to the rescue

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Lawsuits and settlements, computer security software, data breach, data encryption, identity theft

Tags: Assistant Commissioner Check Point Child protection data breach Data Protection Act 1998 ICO Information Commissioners Office Information privacy Member of parliament Personal computer Powys Powys County Council

Former Middletown School contractor accused of Laptop theft

December 5th, 2011

Not one or two but 400 laptops missing! A recent case of laptop theft saw 400 laptops being stolen from Middletown schools by a former contractor. A Butler County grand jury is currently reviewing the charges. If convicted, he faces 5 years prison time.

According to the Middletown police Larry A. Osborne Jr., 29,has been charged with third-degree felony theft on Nov. 9 in Middletown Municipal Court. He is accused of stealing computers since 2008. Osborne, a computer technician, was a former contractor of the Butler County Educational Service Center. The approximate value of the 400 laptops is $123,000. Osborne used to sell these computers on ebay. He sold around 350 computers to a man in PA who had no clue that these computers were stolen property. The PA man has not been charged. The machines were either used ones or non-working.

Former school contractor stole 400 laptops

The first theft was reported on Nov. 8 where eight Apple laptop computers were stolen from the district’s warehouse, 110 Baltimore St.

So far the department has recovered 46 of the 400 laptops. According to Lt. Scott Reeve. “The investigation is pretty much done. We’ve recovered all we’re going to recover,”. He further added that the thefts were discovered when the owner of 1 Stop Shipping Shop on Vail Avenue became suspicious about the no of computers Osborne was shipping. 18 laptops were recovered from 1 Stop Shipping Shop and 28 from Hallstead, PA. Lt. Reeve added “He wasn’t just taking them from one location,”. “He was taking them from multiple locations. I think that is part of the reason he got away with it for so long. He is an information technology guy and it’s not unusual to see him walking around with a computers in his hands, and they weren’t all being stolen from one location. He was spreading out the thefts at various schools throughout the district.”

Apparently Osborne was a full time IT worker with the district and lost his job a month ago when the theft came to light.

The modus operandi was that Osborne stole laptops that were left unattended while making service calls. Inspite of the fact that the district conducts general audits of its systems on an annual basis, the laptops were stole. The reason being Osborne was the employee in charge of this district.The district is revamping its security policy to make sure such thefts do not take place in the future.

Alertsec and data encryption go hand in hand

Information has become highly mobile. There are netbooks, laptops, iphones and blackberries. You leave any of these unattended and the next thing you know is that they are stolen!

To lose any of the above device means losing valuable information! Especially when this information includes not only your personal data but that of hundreds and thousands of people.

Encryption is the best security solution to data breaches and laptop thefts. Alertsec helps you keep your info secure.

No comments »

Posted in Computer security, Identity and Information loss, Lawsuits and settlements, computer security software, identity theft, laptop encryption, laptop theft

Tags: Apple Baltimore Counties Hardware Information Commissioners Office insurance laptop laptop theft LoJack Notebooks and Laptops security Theft United States

Sutter Health breaches Data Protection Act exposing millions of Patient Accounts

November 28th, 2011

SAN FRANCISCO, CA - OCTOBER 27: Plaintiffs in...

Class action suit filed against Sutter Medical

Time and again we end up reading about patient data breaches. Why is patient data so easy to breach and so vulnerable? Is it that the thieves are too intelligent or the data protection practices need a overhaul?

The following story of Sutter Health is making headlines since last few days. And there is a good reason for it. Harris & Ruble, a class-action law firm based in Los Angeles filed a class-action lawsuit against Sutter Medical Foundation and Sutter Physician Services, alleging the medical provider did not protect the medical information belonging to more than 4 million patients affected. Apparently a computer that was stolen in mid-October contained sensitive information of these patients. The computer contained descriptions of diagnoses, names and addresses.

According to Sutter officials this is the largest data breach in the history of Sutter Health as it has exposed millions of patient records.

When and how was the computer stolen?

On October 17, 2011 a computer with unencrypted patient data was allegedly stolen from the administrative offices of the Sutter Medical Foundation. Sutter Medical should have immediately informed its patients but unfortunately it did not and they came to know about it via the media. Around 3.3 million patients with providers supported by Sutter Physician Services and 943,000 Sutter Medical Foundation patients were affected due to this breach. The stolen data included names, addresses, email addresses, dates of birth, telephone numbers, health insurance plans, and in some cases, descriptions of medical diagnoses or procedures.

Attorney Alan Harris of Harris & Ruble said “Securing equipment and encrypting data were not a priority for Sutter and now patients will have to worry about what medical or insurance information is out there for others to view. That Pat Fry, Sutter Health President and CEO, has acknowledged his responsibility to work harder to protect such information in the future, does not excuse the failure to safeguard the confidential information that has already been disclosed.”

Health care organizations have reported 364 incidents involving the loss or theft of information containing names and addresses to Social Security numbers and medical diagnoses on nearly 18 million patients in the past few years.

Sutter’s response – Gleeson, Spokesperson for Sutter, said that Sutter took time to send notices to patients because they first wanted to find out what was on that computer.

Alertsec and data encryption go hand in hand

Information has become highly mobile. There are netbooks, laptops, iphones and blackberries. You leave any of these unattended and the next thing you know is that they are stolen!

To lose any of the above device means losing valuable information! Especially when this information includes not only your personal data but that of hundreds and thousands of people.

Encryption is the best security solution to data breaches and laptop thefts. Alertsec helps you keep your info secure.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, computer security software, data breach, data encryption, laptop theft

Tags: Alan Harris Class action data breach Los Angeles Medicine Pat Fry Patient Sacramento California Social Security number Sutter Sutter Health Sutter Medical Foundation Sutter Physician Services

Coppers Cove: Police trying to track down laptop thief

October 21st, 2011

A great opportunity to make $1,000 ! Help the police track down Raheem Amaud Townsend, 21, and you are in for a reward!

Laptop thief from Copperas Cove on the run

Why is Raheem Amaud Townsend wanted by the police?

He is wanted in connection with the theft of the computers from 913 Davie Lee Street. Charges on him: misdemeanor and felony warrants. There is a strong possibility that he may have moved to another state.

How can you help?

Copperas Cove Police are reaching out to the community for locating a criminal in connection with two separate theft cases. Raheem Amaud Townsend is a resident og Copperas Cove and is alleged to have done away with two laptop computers from 913 Davie Lee Street in Copperas Cove on September 20th, 2011

Coppers Cove Police dept has offered tips related to the above case

The police would like to inform you that tips can be made anonymously through the Copperas Cove Crime Stoppers tip number (254)547-1111 .

Copperas Cove Crime Stoppers request you to help in locating the offender. Any information related to this case is valuable. Do not hesitate to get in touch with Crime Stoppers. They need your call today. Crime Stoppers are ready to pay up to $1,000.00 in cash if your information leads to the suspect. We will keep your name in the wraps. . Call Crime Stoppers today at (254)547-1111 or post a tip on-line at www.tipsubmit.com

What detectives have to say about laptop thefts in general?

Many people are under the impression that because laptops have serial numbers they can be traced as stolen property. This is a false sense of security. In real life very few stolen laptops are returned or traced.

Alertsec can save your laptops

Save your company from countless problems related to laptop thefts and data security down the road. Imagine one of your laptops containing all of your company’s current pricing structure, sales leads, and customer orders, were lost and there was no backup data! Or worse: what if your competitor got his hands on your data?

The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

The only way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

The following preventive measures can be done to increase laptop security and reduce damage if your laptop is lost or stolen:

a. Always have a fresh back-up on a server or back-up device

b. Use Laptop encryption

No comments »

Posted in Identity and Information loss, Lawsuits and settlements, Uncategorized, identity theft, laptop encryption, laptop theft

Tags: Copperas Cove Copperas Cove Texas Crimestoppers Fort Hood Harker Heights Texas IPhone laptop Law Law Enforcement Manchester Nolanville Texas Police Theft United States YouTube

SEC wants companies to disclose their data breaches

October 15th, 2011

SEC orders companies to report data breaches

Corporate giants have been handling data breaches traditionally i.e. not revealing the breaches, not offering details. They always preferred keeping mum. It won’t be an exaggeration if we say that tens of billions of dollars worth of data is compromised every year from U.S. companies and very few of it gets reported !

But that is about to change. The Securities and Exchange Commission (SEC) has formally asked corporations to report data breaches and cyber crimes. The new guidelines issued by the SEC state that publicly traded companies must report cybertheft or attack and any risks associated with data.

These guidelines have been a result of Sen. John D. Rockefeller’s initiative. “This guidance changes everything. It will allow the market to evaluate companies in part based on their ability to keep their networks secure.”

“For years, cyber risks and incidents material to investors have gone unreported in spite of existing legal obligations to disclose them,” “Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark.”

The current regulations do not specifically talk about cyberattacks. They only expect companies to report if there is risk to their material wealth. But now companies will be forced to talk about cyberattacks, thanks to these guidelines. The guidelines might, in addition to the above, ask the companies to disclose data breaches that took place in the past.

Cyber security is being beefed up through these regulations as cyber crime is on the rise. The recent major breaches including Sony’s and Citigroup Inc have resulted into this action.

Melissa Hathaway, an ex-White House cyber coordinator said in her statement “It’ll force executives to really understand what’s going on within their corporations,”. “I think it will create the demand curve for cybersecurity.”

Which cyber-incidents will be included in the guidelines?

Cyber incidents that could materially affect products, services, relationships with customers or suppliers, or competitive conditions will be a part of these new regulations.

Here is the exact wording in the guidance:

Registrants should address cybersecurity risks and cyber incidents in their MD&A [management discussion and analysis] if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.