Log in

Archive for the ‘Uncategorized’ category

UK mobile phone operator O2 suffers data breach

January 30th, 2012

Every data breach is a wake-up call for all of us using the Internet. We just assume our data is safe but how about thinking twice before posting private information on the world wide web? There are technical things which we, laymen, do not understand. Our information gets leaked to third parties and we don’t even know about it. Guess what, every time you visit a site, your phone number is getting leaked through your mobile service provider!

The O2 Scandal

Customers of O2, the European mobile network, suffered a data breach as their phone numbers were exposed to web sites visited from their smartphones. Unfortunately the security breach went on for two weeks before it was fixed on Jan 25.

Mobile customers in the United Kingdom started tweeting Wednesday morning about the breach after mobile developer Lewis Peckover found out about a security loophole in devices carried by European mobile network O2. It appeared that after O2 had performed its routine maintenance on its network this month, some users’ mobile phones started sending their owners’ phone numbers to web sites that were visited using mobile browsers through a 3G/WAP connection. Fortunately those who used Wi-Fi were saved from this ordeal.

This post shows that customer privacy is at stake. The breached phone numbers could be used for SMS spam or for hacking purpose. They are a treat for hackers and just waiting to be exploited!

The mobile device security industry is going through a bad phase. Just last April, Apple iPhones (running iOS 3.2 and above) had a flaw wherein the bug logged users’ location data in unencrypted files stored on the phones themselves. Customers were at their wits end when they heard this and there was chaos in the mobile industry. As if that was not enough, just last month, phone-monitoring software maker Carrier IQ admitted that its data-tracking program was already installed on all its phones across the country!.

Comment by O2

O2 issued a statement last Wednesday and explained that the issue has been fixed.

“In between the 10th of January and 1400 Wednesday 25th of January…there has been the potential for disclosure of customers’ mobile phone numbers to further website owners,” O2′s statement read. “It was fixed as of 1400 on Wednesday 25th January 2012.”

The office of the Information Commissioner (The ICO is a public U.K. body that enforces and oversees activity pertaining to the Data Protection Act of 1998) is looking into this matter presently.

“When people visit a website via their mobile phone they would not expect their number to be made available to that website,” the ICO said in a statement issued Wednesday. “We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed.”

Update from O2

According to O2, it regularly gives subscriber’s phone numbers to web-sites that offer age-restricted information and premium-rate billing without the user’s knowledge.

Apparently the company has been providing user phone numbers to web-sites that are browsed by millions of users from their phones using the 3G network. This has been happening since Jan 10. Obviously the site owners are having a ball with this piece of information.

What should a common man do to avoid such a pitfall?

Always read the terms and conditions of any mobile service that you choose to use. Better to be safe than sorry!

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress

O2, the mobile phone service provider, suffers data breach

is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Uncategorized, computer security software, data breach, data encryption

Tags: AlertSec Xpress Business and Economy Carrier IQ Cellular network data breach Data Protection Act 1998 data security disk encryption ICO Information Commissioner Information Commissioners Office Information privacy IPhone Personal computer Ponemon Institute Telecommunications Telephone number Wednesday

NHS breaches Data Protection Act by posting patient info online

October 31st, 2011

We talked in one of our last posts about how often patient data is getting compromised these days. Just when we thought there won’t be another breach related to patient data, we are proved wrong! The following news item talks again about patient data loss and that too due to negligence of the staff at National Health Service (NHS) Trust.

It appears that NHS staff has been breaching the Data Protection Act (DPA) by posting private patient data and photographs on Facebook. Data breaches took place across the country between July 2008 and July 2011. Civil liberties group Big Brother Watch submitted Freedom Of Information requests which showed that there were 806 separate data breaches at 152 NHS trusts during the above mentioned period. The report states that more than 20 incidents of patient information was posted on social networking sites and 91 cases where NHS staff was caught viewing details of colleagues.

Consequence of the data breach

Around 100 staff members were dismissed due to breach of Data Protection policy.

What does the Director of Big Brother Watch have to say?

‘This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected.’

The above shows that data breaches in the NHS are proving to be a ‘major problem’. ”The information held in medical records is of huge personal significance and for details to be disclosed, maliciously accessed or lost represents serious infringements on patient privacy.”

He further added: “It is essential the NHS is transparent about these incidents and failing or refusing to disclose that a data breach has taken place is unacceptable.”

Big Brother Watch feels that the NHS does not have a robust data security policy in place to ensure patients’ privacy is protected. It is of the opinion that such cases are going to keep increasing as more and more NHS staff members are going to get access to the new computer database having patient information. This new database called ‘The Summary Care Record’ will provide GPs, hospital doctors and paramedics immediate data about patients, such as allergies or medications.

NHS guilty of data breaches. Patient data compromised

Incident at the Nottingham University Hospital NHS Trust

A member of medical staff took a photograph of a patient in bed and showed it to friends on the social networking site. Needless to say, the member was dismissed.

What is being said about tightening of data security?

Information Commissioner’s Office said: “We continue to work with organizations from across the NHS to improve the security of patients’ information and will consider taking action where it is clear that an organization has failed to meet its legal obligations.”

Health Minister Simon Burns added: “We have issued clear standards and guidance to the NHS about what needs to be done to keep patient records secure and confidential. Individual NHS organizations are responsible for ensuring their staff understand and follow that guidance.”

Hospitals can secure themselves with Alertsec

Organisations and hospitals, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

No comments »

Posted in Computer security, Data Protection, Encryption, Uncategorized, data breach, data encryption

Tags: Big Brother Watch Christopher Graham Data loss Facebook NHS NHS Trust Patient

Newcastle team found guilty of data breach

October 28th, 2011

Newcastle team pays for data breach

We have been regularly writing about data breach and laptop thefts cases. But following is a unique case where first data was breached and later the laptop stolen!

Newcastle Youth Offending Team failed to encrypt personal data of 100 young people on a laptop. The data contained names, addresses, dates of birth and the names of the schools the young people attended. This laptop was later stolen from the home of a contractor who had been working on a youth inclusion program.

The team had to face the brunt from the Information Commissioner’s Office (ICO) n for breaching the Data Protection Act. The ICO made the team sign an undertaking to prevent further data breaches.

According to the ICO investigation team Newcastle Youth Offending Team had a contract with the relevant company for data security. Unfortunately the company did not keep a eye on its employees to make sure that security measures were complied with or not.

The team has promised the ICO that it will beef up its security measures and put a strict policy in place. The policy includes encryption of portable and mobile devices, including laptops.

According to Sally-Anne Poole, acting head of enforcement: “Encryption is a basic procedure and an inexpensive way to ensure that information is kept secure. But, to their detriment, not enough data handlers are making use of it.

“This case also highlights how important it is to ensure that watertight procedures are in place before any work is undertaken by contractors. Organisations shouldn’t simply assume that third parties will handle personal data in line with their usual standards.

I’m pleased that Newcastle Youth Offending Team has learned lessons from this incident and hope that it encourages others to heed our advice.”

Chris McIntosh, CEO ViaSat UK, offered his two cents: “In light of MPs’ desire to see jail time for those dealing in stolen data, both the public and private sector must ensure that the data in their care is fully protected and that users are completely aware of the procedures and risks involved.”

“As vital tasks become shared across more and more organisations, it is imperative that bodies such as city councils and youth offending teams control not only their own data protection policies but also those of any contractors. Indeed, data security should form a key part of any contract that is signed and should be monitored rigorously with failure to comply being met with hefty penalties. Otherwise, contractors that show a flagrant disregard for security will be a continuing weak link for a public sector desperately improving its data protection.

Alertsec and data encryption go hand in hand

Information has become highly mobile. There are netbooks, laptops, iphones and blackberries. You leave any of these unattended and the next thing you know is that they are stolen!

To lose any of the above device means losing valuable information! Especially when this information includes not only your personal data but that of hundreds and thousands of people.

Encryption is the best security solution to data breaches and laptop thefts. Alertsec helps you keep your info secure

.

No comments »

Posted in Computer security, Uncategorized, computer security software, data breach, data encryption, identity theft, laptop encryption, laptop theft

Tags: Big Brother Watch Christopher Graham data breach Hardware Information Commissioners Office laptop Newcastle Youth Offending Team Notebooks and Laptops

Computer backup tapes reported missing from Nemours Children’s Health System

October 27th, 2011

Backup tapes containing patient billing data stolen

Data thieves somehow love stealing patient data or better they somehow know that stealing patient data is a lot easier than any other data. Recent cases of hospital data missing are a clear indication of the above.

The following is yet another case of missing patient billing data. This time thieves have managed to steal three unencrypted computer backup tapes containing patient billing and employee payroll data from a Nemours facility in Wilmington, Delaware. The tapes were supposed to be ’safely’ locked and there was another cabinet containing a computer systems conversion that was completed in 2004. The thieves cleverly stole the tapes and locked cabinet on September 8, 2011 during a facility remodeling project.

As yet there is no indication that the tapes were misused. Fortunately there was no medical data on the tapes. Thieves are going to have a hard time accessing data on these tapes and will need special equipment and knowledge if they want to break this code.

The data in these tapes includes info like name, address, date of birth, Social Security number, insurance information, medical treatment information, and direct deposit bank account information related to 1.6 million patients and their guarantors, vendors, and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida.

According to David J. Bailey, M.D., President and Chief Executive Officer “This is an isolated incident unrelated to patient care and safety,”. “The privacy of our patients, their families, and our employees and business partners is a high priority to all of us at Nemours.”

Affected individuals are being notified and one year of free credit monitoring and identity theft protection as well as call center support has been offered to them.

In a special press release, patients were told the following:

Nemours has provided high quality and compassionate paediatric care for over 70 years, and the privacy and confidentiality of the information we maintain for our patients has always been an important part of the fundamental trust that we share with our patients and their families.

Needless to say, Nemours is revamping its data security policies. The policy includes data encryption and moving computer backup tapes to a another secure facility.

In a similar incident that we reported last week, backup tapes at TRICARE were lost. TRICARE is a provider of health care services to active and retired military personnel. These are careless and easily preventable mistakes that organizations must take into account.

Alertsec is helping organizations with their data security issues

Alertsec, a reliable name in the world of data security is guiding organizations in their data protection policy. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For years, Check Point has been protecting more PCs, laptops, PDAs, smart phones and removable storage devices than anyone else in the world.

Alertsec is the frontrunner in offering data encryption software as a fully managed service, and as such, Alertsec is a Check Point Managed Security Service Provider and Global Silver partner. We´re an experienced security organization with well-trained and Check Point certified experts.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Uncategorized, computer security software, data encryption, identity theft

Tags: Backup Cryptography data data security David Jackson Bailey Delaware Nemours New Jersey Patient Pennsylvania September 8 2011 Social Security number Theft Wilmington Wilmington Delaware

Coppers Cove: Police trying to track down laptop thief

October 21st, 2011

A great opportunity to make $1,000 ! Help the police track down Raheem Amaud Townsend, 21, and you are in for a reward!

Laptop thief from Copperas Cove on the run

Why is Raheem Amaud Townsend wanted by the police?

He is wanted in connection with the theft of the computers from 913 Davie Lee Street. Charges on him: misdemeanor and felony warrants. There is a strong possibility that he may have moved to another state.

How can you help?

Copperas Cove Police are reaching out to the community for locating a criminal in connection with two separate theft cases. Raheem Amaud Townsend is a resident og Copperas Cove and is alleged to have done away with two laptop computers from 913 Davie Lee Street in Copperas Cove on September 20th, 2011

Coppers Cove Police dept has offered tips related to the above case

The police would like to inform you that tips can be made anonymously through the Copperas Cove Crime Stoppers tip number (254)547-1111 .

Copperas Cove Crime Stoppers request you to help in locating the offender. Any information related to this case is valuable. Do not hesitate to get in touch with Crime Stoppers. They need your call today. Crime Stoppers are ready to pay up to $1,000.00 in cash if your information leads to the suspect. We will keep your name in the wraps. . Call Crime Stoppers today at (254)547-1111 or post a tip on-line at www.tipsubmit.com

What detectives have to say about laptop thefts in general?

Many people are under the impression that because laptops have serial numbers they can be traced as stolen property. This is a false sense of security. In real life very few stolen laptops are returned or traced.

Alertsec can save your laptops

Save your company from countless problems related to laptop thefts and data security down the road. Imagine one of your laptops containing all of your company’s current pricing structure, sales leads, and customer orders, were lost and there was no backup data! Or worse: what if your competitor got his hands on your data?

The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

The only way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

The following preventive measures can be done to increase laptop security and reduce damage if your laptop is lost or stolen:

a. Always have a fresh back-up on a server or back-up device

b. Use Laptop encryption