Log in

London Marathon Website in jeopardy – Site leaks sports persons data

April 28th, 2012 by admin No comments »

London Marathon Participants details exposed

We have been bringing to you several bizarre and interesting stories from the data breach world. A lot of our stories were about IT company data breaches and Medical info breaches. But today’s story comes from altogether another genre of websites. This time data belonging to sports persons has been inadvertently disclosed on the website. Let us get to the bottom of the story.

London Marathon website leaks data

The personal data of 38,000 London Marathon participants was mistakenly published online on April 23; the day after the Marathon event took place. According to the BBC report, the event organizers published the details on the marathon’s web site that were accessible to anyone logging onto the web site on Monday. The details included personal data of celebrities who had taken part in the marathon, including Chef Gordon Ramsa, Nell McAndrew and Labor Party politician Ed Balls.

The problem was first discovered when a television presenter was contacted by a lady who had found her home address on the London Marathon web site. Apparently she saw her address on the section in which commemorative medals could be ordered. The race organizers apologized and now the issue has been resolved.

As to how long the data was actually available on the website is still not known.

The Apology

Nick Bitel, the chief executive of the London Marathon, said: “We apologize for this error, and are grateful to the BBC for bringing it to our attention.

“We immediately made sure that the glitch was corrected.

“We do not believe that this has led to a substantial number of individuals’ details being accessed by members of the public.”

Data Protection Act

Comment by the spokesman for the Information Commissioner: “This is something the Information Commissioner will need to look in to to see how it has come about.

“It’s the reasons these things come about that determine the course of the investigation. ”Every case is different and we will certainly be making inquiries.” As per the Data Protection Act appropriate measures must be taken against accidental loss of personal data.

The act further states that any breaches could be considered either a civil or criminal offence depending on the circumstances.The organizers have tried to downplay the error but if proved then it could amount to a criminal offence.

Negligence can cost embarrassment, monetary loss and bad publicity

The above news item shows that it does not have to be a breach of the data protection act only if a hacker breaks a security code or steals data. Even negligence leading to data exposure is a criminal offence and one has to be extra careful to safeguard personal data of people. You never know how a personal data can be misused in today’s cyber world.

Alertsec can help with data security issues

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on computers.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

Share and Enjoy

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: BBC data breach data security Ed Balls Enter your zip code here Google Hackers Information Commissioner information security Information Technology London London Marathon Marathon Matt Cutts Monday Nell McAndrew Personally identifiable information Website

Cyber attacks on the increase: UK firms losing billions in data breaches

April 26th, 2012 by admin No comments »

Cyber security taking a back seat at UK firms causing data breaches

Billions of dollars are lost annually because firms do not take cyber-security seriously. Data breaches are on the rise and they have become a part of life. In a way firms have accepted them and have become complacent. This article talks about the growing need of cyber security policies.

UK firms losing billions to data thefts

Today’s article focuses on data breaches in the UK which are on the rise. 70% of large firms were victims of data breaches in the last one year. The rate is evry alarming and something serious needs to be done about it.

The average cost of the worst security breach a big firm faced by was between £110,000 and £250,000 and £15,000 to £30,000 for small companies. According to PwC one fifth of organisations spend less than 1 per cent of their IT budget on data security.

Chris Potter, PwC information security partner, commented

“The UK is under relentless cyber-attack and hacking is a rising risk to businesses. The number of security breaches large organisations are experiencing has rocketed and as a result, the cost to UK plc of security breaches is running into billions every year. Since most businesses now share data with their business partners across the supply chain, these numbers are startling and make uncomfortable reading for business leaders.

Potter further added -

“Large organisations are more visible to attackers, which increases the likelihood of an attack on their IT systems. They also have more staff and more staff-related breaches, which may explain why small businesses report fewer breaches than larger ones. However, it is also true that small businesses tend to have less mature controls, and so may not detect the more sophisticated attacks.” “If security is doing its job it goes unnoticed and it’s hard to measure the business benefits, so investment in security often ends up losing out against other competing business priorities.”

Warning signs

The above is a clear indication that companies are getting complacent about their IT security. 12% of businesses blame it on senior management and 20% spend less than 1% of their IT budget on information security. The chief cause is that it is hard to measure the business benefits from spending money on security defenses. Unfortunately, only 20% of big firms analyze return on investment on their security expenditure.

The bottom line

The hard truth is “the cost to UK plc of security breaches is running into billions every year,” “These numbers are startling and make uncomfortable reading for business leaders.”

Corporate security with Alertsec

Alertsec Xpress uses Check Point Full Disk Encryption software. The software encrypts and decrypts data on the fly making it transparent to the user and to applications. One of the issues with traditional disk encryption software is that access time increases. In independent tests, Check Point Full Disk Encryption delivered the best performance results when compared with other major products on the market, with less than 2% degradation in disk performance.

Full disk encryption protects information by encrypting all data stored on a hard drive. This includes the operating system and empty space, as well as installed programs and files. This technology makes it impossible for an unauthorised person to read your files.

Share and Enjoy

No comments »

Posted in Computer security, Data Protection, Hackers, computer security software, data breach, data encryption

Tags: AlertSec Xpress business Check Point Computer security Consultants Cyberwarfare disk encryption Enter your zip code here Hackers information security Information Technology London Private sector PwC security Small business

Dead folks stirring in their graves as their identities get stolen: Study proves

April 24th, 2012 by admin No comments »

Credit card frauds tracked by ID Analytics

As if stealing identities of living folks was not enough, ruthless ID thieves are breaking into data of dead people and stealing it! ID theft is becoming a common way of stealing personal data of people without them even knowing it. Hackers make use of malicious software to steal information from other people. Today’s post talks about the lurking dangers of ID theft. What is bizarre is that this report shows that even dead people’s identities are getting stolen!

Survey by ID Analytics

For this particular study it scanned around 100 million applications. It compared social security numbers and other data with that of the data of Social Security Administration’s Death MAster file that tracks down identities of people who have died.

A recent survey undertaken by ID Analytics show that almost 2.5 million dead people become victims of data theft annually. Not many people are aware of identity theft. It is very important to bring more awareness into the field. ID Analytics tracks forms that people fill out during credit card registration. They check for fraudsters.

The firm has been studying fraud trends for a long time now.

What Stephen Coggeshall, chief technology officer at ID Analytics, had to say about the collected data

“This study brings to light a significant problem, as we see fraudsters intentionally using identities of the deceased at the rate of more than 2,000 per day,” Coggeshall said. “We have no sense of where criminals are getting the numbers, but a certain portion of them probably are coming from public sources, like the Death Master File,”.

What the study showed was that around 1.6 million applications are examples of a fraudster using a fake SSN that matches the SSN of a dead person. The study found out that there were approximately 800,000 instances per year where a deceased person’s identity is intentionally misused and hundred thousand cases where a dying person’s identity is also misused.

What the study also found out was that seriously ill people are being targeted by criminals. There were approximately 2 million cases of Social Security Numbers being used in credit applications where the SSN holder was terminally ill and about to die in the next couple of months.

More about ID Analytics

ID Analytics deals with consumer risk management with patented analytics, proven expertise, and real-time insight into consumer behavior. It combines proprietary data from the ID Network®–one of the nation’s largest networks of cross-industry behavioral data–with advanced science, ID Analytics provides information about identity risk and creditworthiness. A lot of U.S. companies and critical government agencies rely on ID Analytics to help make their risk-based decisions that help increase revenue, reduce fraud, drive cost savings, and protect consumers. ID Analytics is a wholly-owned subsidiary of LifeLock, Inc. The website URL www.idanalytics.com

Alertsec, the leader in data encryption services

You cannot afford to wait any longer. Alertsec Xpress, the market leader in data encryption, is the need of the hour. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption providers in security, performance, strength and ease-of-use for administrators and users. Alertsec also offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

Share and Enjoy

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: AlertSec Xpress Coggeshall Credit card Crime Death Master File Enter your zip code here Federal Trade Commission Fraud ID Analytics identity theft identitytheft Internal Revenue Service LifeLock Social Security Administration Social Security number South American Theft Groups Tax Theft

Backup discs containing personal and health information missing from Emroy Healthcare Data

April 22nd, 2012 by admin No comments »

Emory Healthcare loses 10 backup disks containing sensitive patient data

How can healthcare companies be so negligent? There is so much sensitive data lying around in a healthcare company that there is simply no excuse but to preserve it well. Unfortunately most of data theft and data breach cases are related to hospital and the healthcare industry. The latest case just affirms the above!

News in brief:

According to Emory Healthcare, a company based in Atlanta, 10 backup disks containing data on 315,000 patients went missing from a hospital storage facility. These disks contained info about surgical patients treated between September 1990 and April 2007.

The news in detail:

The health care system provides clinical care as part of the Robert W. Woodruff Health Sciences Center of Emory University.

The data breach was reported on April 18. The 10 disks contained information on surgical patients treated between September 1990 and April 2007. The disks seem to have vanished from a storage location at Emory University Hospital.

The exact locations were Emory University Hospital Midtown and the Emory Clinic Ambulatory Surgery Center.

228,000 records included Social Security numbers. Rest of the files had patient names, dates of surgery, diagnoses, procedure codes, names of surgeons and anesthesiologists that the patients had seen. The cabinet that contained these discs was not locked even though the office was locked and the hallway had restricted access.

The disks had old data in a software application that Emory had deactivated in 2007. According to the healthcare company, the hospital’s IT systems were not hacked into.

John T. Fox, president and CEO of Emory Healthcare’s statement

“We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information,” , said in a statement. “While we have no evidence at this time that any personal information has been misused as a result of this incident, we want to take all precautions to ensure our patients’ information is safe.”

Ironical is the fact that Fox’s data could also have been hacked into as he underwent surgery during the same period!

What security measures are being implemented post theft?

Emroy’s letter to its patients says “We have taken immediate steps to fortify the protective measures that are already in place,” “New and enhanced data control measures have been implemented accordingly. Those affected by the theft will receive free identity protection services. In addition, the health care system is revamping its current security and privacy policy.

So far there is no evidence to show any of the missing data has been misused. The possibility that the discs could have been simply misplaced cannot be completely rules out at this point of time.

Prevent data theft with Alertsec encryption services

Alertsec is the leader in the field of hard disk encryption as a fully managed service. It provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way.

Alertsec’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

Share and Enjoy

No comments »

Posted in Data Protection, Encryption, Hackers, Identity and Information loss, data breach, data encryption, identity theft

Tags: alertsec April 2007 Atlanta business Cloud computing data breach Data theft Emory Healthcare Emory University Emory University Hospital Emory University Hospital Midtown Health care Health Insurance Portability and Accountability Act Healthcare Information Technology Patient September 1990 Social Security number

The Ninth Circuit’s decision allows an employee to steal data from own company

April 17th, 2012 by admin No comments »

Seal of the United States Court of Appeals for...

The Ninth Circuit's decision is going to affect organizations significantly

Good news for all those who surf Facebook at work! It ain’t a crime anymore, folks! Thank the Ninth Circuit for it. It has come up with a decision which will sound good to all those who ’steal’ data from their own company.

The Ninth Circuit’s decision

The Ninth Circuit has explained the application of the Computer Fraud and Abuse Act (CFAA) to individuals who breach company computer policies. Staff who intentionally does it to defraud may be criminally charged. Employees who breach access policies for personal reasons where no fraud is involved do not violate the law.

This decision was reached during the case of United States v. Nosal. David Nosal allegedly requested his ex-colleagues to violate company policy and send him a copy of a digital customer list. He was charged by the prosecutors under the CFAA that states that it is illegal when an individual:

“…knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value.”

For the Ninth Circuit to violate the law, an employee must (1) violate the employer’s use restrictions (2) with the intent to defraud (3) and by means of such conduct further the intended fraud and obtain anything of value. The court is fully aware of the decision’s implications but has clarified that it has no intention of “mak[ing] criminals out of millions of employees who might use their work computers … to access their personal email accounts of to check the latest college basketball scores.”

More about CFAA

CFAA is held in 18 U.S.C. 1030, which defines conduct considered to be fraud and abuse of federal computer systems. This computer security law has been changed multiple times since its inception. The reason to bring CFAA into effect was because of the rising data thefts. The act was intended to protect computers and the owners of the information from trespassing, threats, espionage, and use as instruments of fraud.

What will this ruling do to small and medium companies?

This ruling provokes executives and leaders to give a strong consideration to its employees about accessing sensitive data. This decision alters the concepts of computer security, policies, tools, and the previously established laws.

There are chances that this decision will be appealed in the Supreme Court as it might pose a negative effect on the organizations and could be misused.

A litigation attorney’s take on the matter

‘‘The court clearly left open the possibility of prosecution for insider hacking—for instance, if an employer restricted the data that employees can access on company computers,’’. As a result, employers might want to consider adopting better internal security processes to limit employees’ access to specific segments of their networks, and granting access to sensitive information only on a ‘‘need-to-know’’ basis.

Implementing security measures with Alertsec

Time and again it has been proven that most laptops are stolen or valuable document taken from the place of work. Alertsec Xpress is is the web-based service powered by Check Point Full Disk Encryption – the global leader in encryption for laptops and is used by big and small organizations that have recognized the need to protect their information.