Posts Tagged ‘alertsec’

« Older Entries

Mitsubishi Nuclear and Warplane data compromised

October 31st, 2011

Hackers don’t just hack small accounts like Hospital data or Software data. They get into big stuff like military and warplane data too!

According to Japanese Defense Ministry hackers have most probably accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems.

The news in detail

Mitsubishi Heavy–Japan’s largest defense contractor is best known in America for manufacturing the surface-to-air Patriot missile.–In August it found out that multiple computers were infected with a Trojan application. Further investigation showed that the information had been sent outside the company’s computer network, clearly indicating an outsider’s involvement.

The computers were located in 11 different places. Some were placed in sensitive areas like the Kobe and Nagasaki shipyards that are into submarines and destroyers constructions. A few others were located at the Nagoya facility that manufactures guided missile systems. The nuclear data that was stolen included anti-quake measures.

Mitsubishi Heavy Industries was reluctant to share this info at first. It kept the Japanese authorities in dark stating that its military information was safe and that all security measures were followed. Initially the company said that the attackers were caught early on but later contradicted their own statement saying that data had been compromised.

Statement issued by the company

“The company recently confirmed unintended transferring of some information on the company’s products and technologies between servers within the company,” said Mitsubishi Heavy in a statement. “Based on the finding, the company investigated the incident further and recognized the possibility of some data leakage from the server in question.”

Other recent military data breaches

Lockheed Martin, which manufactures the F-22 Raptor and F-35 Lightning II fighter aircraft, was a victim of military data theft recently. The Lockheed hack was done by using information stolen earlier from RSA Security. RSA is the branch of EMC that produces the SecurID two-factor authentication token used by thousands of contractors and corporations to secure their networks.

What are the Tokyo Police doing about it?

Mitsubishi Heavy has given a complaint to the Tokyo Metropolitan Police Department with details about damage done to its computer system in late September. The police are looking into computer records to find out the source of the data.

Protect your confidential data with Alertsec

Alertsec Xpress offers a customizable data encryption software solution from Checkpoint, the industry leader in encryption software (former Pointsec). Alertsec has come up with a web based encryption service that helps in deployment and management of PC encryption.

The need of a Data encryption software and recovery software is felt by big and small companies in today’s vulnerable data world. The threat could have simply been reduced to an insurance matter by a mere investment of $13/month. Certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, data breach, data encryption, identity theft

Tags:

Contractor to be blamed for Stanford Hospital’s data theft

October 9th, 2011
Stanford-hospital-entrance

Stanford Hospitals blamed for data breach

Third parties have recently been in the news for data breaches. You give your data for security purpose to a third party contractor and Bam! The next thing you know is it is stolen!

The recent case detailed below talks about a breach that exposed the personal data of some 20,000 patients, thanks to the contractor’s negligence.

Stanford Hospital Clinics class action suit

20,000 patients’ personal information was made available on a public Web site for a year. That led to the class action suit against Stanford Hospitals.

Shana Springer, one of the patients whose information was compromised, filed the class-action lawsuit against Stanford Hospital & Clinics and Multi-Specialty Collection Services.  Stanford Hospital & Clinics and Multi-Specialty Collection Services is an outside vendor that was allegedly responsible for the breach. The lawsuit asks for $1,000 per patient.

Here is what the hospital spokesperson had to say: The hospital intends to vigorously defend the lawsuit that has been filed as it acted appropriately and did not violate the law as claimed in the lawsuit,’”

Case details

A spreadsheet maintained by a third party billing contractor, Multi Specialties Collection Services (MSCS), was allegedly posted on Student of Fortune website that allows students solicit homework help for a fee.

The spreadsheet apparently included names, diagnosis codes, account numbers as well as admission and discharge dates of about 20,000 patients who visited the hospital’s Emergency Room in 2009.

According to Stanford Hospitals, this data was encrypted. But looks it MSCS decrypted the data and put it into a spreadsheet. A person who had probably no clue about what he was doing and posted it on the website further managed this spreadsheet. The identity of this individual has not been divulged by MSCS.

Statements released by the hospital:“This mishandling of private patient information was in complete contravention of the law and of the requirements of MSCS’s contract with SHC and is shockingly irresponsible,”

According to the MSCS contractor, Frank Corcino, he decrypted the details and put it into a spreadsheet. He later handed off the spreadsheet to a job applicant as parts of a skills test.

It appears that the applicant was unaware the spreadsheet data was private and posted it on the homework help site in Sept. 2010. The data remained on the site until August 22, 2011 and was later discovered by a patient.

What AlertSec has to say?

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way.

By using encryption software, you greatly enhance the laptop security, as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or senstive data. Our industry news provides a few examples of this.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software-licensing model.


Enhanced by Zemanta

1 comment »

Posted in Computer security, Data Protection, Lawsuits and settlements, Security Flaw, Uncategorized, computer security software, data breach, data encryption

Tags:

PhyData LLC reports laptop containing data of 1500 patients stolen

July 4th, 2011
My BenQ Joybook 8100 showing the Dutch BenQ ar...

Laptop stolen from car containing patient data

Laptop theft

The  most prevailing fear among most  computer users is that of Laptop theft. No matter how much care you take, thieves manage to get away with such thefts.

Corporate America looses over USD 5.4 billion each year in cases of laptop theft. That means 12,000 laptops disappear every week from U.S. airports alone, and a laptop is stolen every 53 seconds. As employees get more and more mobile, this problem becomes more serious.  If you add to this healthcare privacy laws, then asset security can impact your business significantly.

The recent news of laptop being stolen from an employee’s car in Goodlettsville, Tenn. got security experts thinking if enough was being done in the field of data security.

The report

According to the report, PhyData LLC, a medical billing and management company  reported a laptop stolen from an employee’s car on May 7 at the RiverGate Mall. The laptop contained more than 1,500 patient names and their personal information including names, Social Security numbers, dates of birth and medical ID numbers.

These people were patients with Advanced Diagnostic Imaging , Premier Radiology and Anesthesia Services Associates between Jan. 2009 and Dec. 2010

PhyData spokeswoman Joy Sweeney said in a statement that no evidence was found that any of the information had been accessed or misused. She further stated that the company had set up a toll-free help line with Kroll Inc., and is offering identity-theft protection services to affected patients. The company’s laptops are also now all encrypted and password protected

What Tennessean’s had to say

“Stolen from the trunk. That alone sounds strange when detailing where the thief stole it and wasn’t drawing any attention, from busting in the trunk. When the true story comes forward we will see the employee left it inattentive”

“Taken from the trunk? Was there signage on the auto? Why would someone open a trunk with so many other cars around and possible property in view? This IS NOT the whole story on this one”

There is no conspiracy.  Usually, when the trunk gets busted it’s because the driver parked and then placed valuable items in the trunk, thinking that it’d be safer.  Someone in the parking lot — possibly thieves looking to catch people placing stuff in their trunks — watches the driver from the moment he enters the garage and, once they’re sure the driver won’t be back, go to work.  After all, if an item weren’t valuable, why would anyone go through the effort of putting it in the trunk.”

What AlertSec has to say?

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way

By using encryption software, you greatly enhance the laptop security as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or sensitive data. Our industry news provides a few examples of this.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal  30 day trial.

Enhanced by Zemanta

No comments »

Posted in Computer security, Encryption, Identity and Information loss, computer security software, identity theft, laptop encryption, laptop theft

Tags:

Goatse Security hacking group orchestrated a security breach of AT&T’s servers

June 28th, 2011
Apple iPad 2 WHITE???

Cybercrime

Wikipedia defines cybercrime as “any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. A computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators”.

The AT&T iPad hacking case

More than 100,000 Apple iPad users were a victim of data breach after the hackers accessed AT&T’s servers. Last June, Daniel Spitler of San Francisco, Calif., and Andrew Auernheimer of Fayetteville, Ark. broke into a computer without user authorization. They tried to obtain email addresses from the SIM card addresses of at least 114,000 iPad 3G users. Initially the attack appeared to be a sophisticated hack, the actual exploit used an automated script to submit HTTP requests for thousands of possible serial numbers and collect AT&T’s responses.

Post-breach, AT&T issued a statement. “This issue was escalated to the highest levels of the company and was corrected by Tuesday. We are continuing to investigate and will inform all customers whose e-mail addresses… may have been obtained,”.

How Daniel pilfered AT&T’s servers?

Daniel Spitler wrote a script called the “iPad 3G Account Slurper” and used it to access AT&T servers thereby getting info on e-mail addresses and associated unique iPad numbers. Spitler got in touch with co-defendant Andrew Auernheimer over Internet Relay Chat and they both hatched the plan of taking advantage of the Web site hole and the data from 100,000 accounts that was exposed.

Update on the case

Daniel Spitler has pleaded guilty to breaking into AT&T’s systems and obtaining the email addresses of iPad users. He is allegedly member of the Goatse Security hacking group. Spitler faces up to 10 years in prison and, $500,000 in fines on one count of conspiracy to gain unauthorized access to computers and on one count of identity theft. He is scheduled to be sentenced September 28 in Newark federal court.

Andrew Auernheimer was arrested January 18 in Fayetteville, Ark., while appearing in state court. Charges against him are still pending. He had pleaded not-guilty saying that he and his Goatse Security hacking group were planning to warn AT&T about the hole and notifying iPad 3G customers about the exposure of their data. But the chat logs were evidence enough to point out that they had not contacted AT&T.

“The magnitude of this crime affected everyone from high ranking members of the White House staff to the average American citizen,” said Michael B. Ward, special agent in charge of the FBI’s Newark Division. “It’s important to note that it wasn’t just the hacking itself that was criminal, but what could potentially occur utilizing the pilfered information.”

How Alertsec can protect our computers?

Alertsec provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. It uses Check Point Full Disk Encryption (former Pointsec) software, and has created a web based encryption service that radically simplifies deployment and management of PC encryption.

Alertsec Xpress is the service that automatically protects ALL information you store on your PC

Alertsec Xpress provides:

  • Fully managed service for your convenience.
  • Very cost effective service.
  • Market leading laptop protection service.
  • Quick and easy implementation.
  • Easy to use protection.
  • Transparent solution.
  • Global 24/7 helpdesk.
  • 100% secure and reliable encryption.
  • Powered by Check Point – the market leader
Enhanced by Zemanta

No comments »

Posted in Computer security, Data Protection, Encryption, computer security software, data breach, data encryption

Tags:

NATO could be the next victim of a data breach

June 27th, 2011
Map to show current affiliations of european c...

NATO's e-Bookshop attacked

Data breach and its definition

Data breach incidents range from planned attacks of organized crime on a national government website to carelessly selling of used computer equipment or data storage media. Definition “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”

What do data breaches include?

Data breaches include financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets of corporations or intellectual property

What happened at NATO?

NATO was recently notified of a possible data breach from a NATO-related website run by an external company

The North Atlantic Treaty Organization (NATO) has issued a statement

“Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.”

In detail

The e-Bookshop site offers free access for the general public to NATO publications and multimedia products in both electronic and print format s and does not contain classified documents.

The site has been closed down and users have been informed. The virtual bookstore is reachable though, through the NATO web address.

NATO has not disclosed as to what data was lost or how the attackers hit the server. It has just informed about a data breach and confirmed that no confidential data was compromised.

Speculation about the attack being related to NATO’s recent clash with the online group Anonymous is very high. The global organization had warned member nations about the rising threat of “hacktivism,” or carrying out cyberattacks for political purposes.

But “Anonymous” has completely defended this crime saying “NATO fears the group not because it’s a “threat to society,” but because it’s a “threat to the established hierarchy.” It further added “This is no longer your world. It is our world – the people’s world.

NATO’s strategy

NATO’s Strategic Concept,  identifies cyber defence as one of the critical tasks to be carried out develop to prevent, detect, defend against and recover from cyber-attacks. NATO defence ministers agreed this month on a cyber defence action plan to limit these attacks. This action plan is already being implemented.

LulzSec group attacks at the same time

The LulzSec hacker group has broken into official computers used by the State of Arizona. The accessed data which includes personal emails, names, addresses and passwords of officials, along with confidential document has been made public online.

The number 1 laptop encryption service – Alertsec

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

Enhanced by Zemanta

No comments »

Posted in Data Protection, data breach, data encryption

Tags: