Log in

Posts Tagged ‘alertsec’

Video game maker Sega the latest victim of data breach

June 22nd, 2011

With every new data breach, hackers are proving their smartness and honing their hacking skills. The gaming world appears to be an lucrative area for them as the latest victim to have online identities and passwords stolen is Video game maker Sega. Sega produces games for a range of consoles, including the PlayStation 3, Nintendo DS, Microsoft’s Xbox 360 and Nintendo’s motion-control Wii.

Sega’s servers were accessed and information belonging to 1.3 million customers was stolen from Sega’s database. That included names, email addresses, dates of birth and encrypted (not hashed or plain-text) passwords.

Surprisingly credit card numbers have not been affected. Sega Pass, Sega’s online system for giving newsletters, demos and other perks, had been closed for a complete investigation.

As per the latest update, 1,290,755 accounts have been compromised. Sega confirmed that no financial; data was stolen. Sega’s network is being currently strengthened and Lulz Security has taken the lead to find the perpetrators. They stated on Twitter that they would help “destroy” the responsible party because they love the Dreamcast.

What is puzzling is that the attack on Sega’s network took place after it confimed to have put new security measures following the data breach on Sony’s PlayStation Network

“We are deeply sorry for causing trouble to our customers. We want to work on strengthening security,” Sega spokeswoman Yoko Nagasawa told Reuters, adding it is unclear when the firm would restart Sega Pass.

According to BBC report, customers have been advised to change their log-on details on other services and websites where they used the same credentials. In addition, Sega has reset all customer passwords.

Comparison with breach at Sony’s and Citigroup

Sega handled this situation better than Sony and Citigroup. It locked down the system and wasted no time in informing its customers. Sony informed almost after a week and Citigroup had the nerve to tell people that they didn’t disclose information because they didn’t want to shock customers !

Reality check

No system is 100% secure. So in case data theft takes place what is important is

1) Financial data does not get affected and

2) Systems should be immediately closed down, customers should be informed on time and security ought to be strengthened

Time for Alertsec to step in

By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

Alertsec’s mission is to continuously improve our products and services in order to deliver the easiest and most cost-effective managed encryption service on the market

The only way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users

No comments »

Posted in data breach

Tags: alertsec breach notification computer encryption software Computer security Credit card data encryption

London Health Programmes under fire for failing to report laptop loss

June 19th, 2011

Laptop Loss is a Major Business Risk

In the last few posts we talked about data theft/illegal data accessing. This post talks about the physical theft i.e. stealing of laptops ! Laptop theft is a significant threat to computer users. Many tools such as laptop locks, alarms and visual deterrents such as stickers or labels have been developed to prevent laptop theft. Victims of such a theft lose hardware, software and important data if they fail to back it up.

London Health Programmes, a medical research organisation based at the NHS North Central London health authority, has lost 20 laptops. This could be the biggest ever health care data breach suffered by the NHS.

Only 3 laptops have been recovered so far. One of the missing computers contained details of 8.63 million people and the NHS medical records of 18 million hospital visits, operations and procedures. The information included the postcode, age, ethnic origin of the respective patients, but not their names. This machine was, unfortunately, not encrypted. It was taken from a storeroom of NHS.

Any allegation that sensitive personal information has been compromised is concerning, and we will now make enquiries to establish the full facts of this alleged data breach,” the ICO said in a statement on Wednesday.

According to a spokeswoman for the ICO told ZDNet UK ”If the data has been breached, the implications could be serious, according to the ICO. “[The NHS] holds millions of [bits of] data on millions of people. They’re probably the body that hold the most sensitive data in the UK, they have millions and millions of records being accessed every day,”

NHS has suffered multiple breaches in the past few years. The Information Commissioner’s Office issued a public warning to the NHS in the year 2009 to beef up security.

What could be more disturbing is the fact that the laptops could have been encrypted all along. David Tomlinson, managing director of Taunton-based Data Encryption Systems, said the NHS has a licence to run McAfee software on all its computers, including the SafeBoot disk encryption product.

“If someone wasn’t encrypting their laptops, questions should be asked,” he said, “because they’ve paid for [the encryption].”

The Information Commissioner’s Office (ICO) and the police are investigating the theft.

Better late than never, the Department of Health issued a statement saying all NHS organisations should ensure laptops are encrypted.

Alertsec at your service

Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! This news stresses the need for data protection applications. The loss in the above incident could have simply been reduced to an insurance matter by a mere investment of $13/month. The amount is meager compared to what the company has lost. The need of Data encryption software and recovery software cannot be underestimated . Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in Computer security, laptop theft

Tags: alertsec AlertSec Xpress computer encryption software Health care laptop London Medical research National Health Service Notebooks and Laptops Sun Theft

A spear phishing attack on IMF

June 15th, 2011

IMF Headquarters - Image via Wikipedia

Hackers are not only getting into gaming sites; they are eyeing the monetary world as well. It is the International Monetary Fund (IMF) this time. This happened just after a day Citibank faced cyber attack and names, account numbers and email addresses of more than 200,000 North Americans Citibank account holders were compromised.

Before we move ahead and discuss the story in detail, let us try to understand the difference between phishing and spear phishing. While phishing floods millions of email inboxes and relies on mass attack, spear phishing is more about selectively targeting individuals who have been identified previously. That means spear phishing can potentially attack a small bunch of people working in the same organization.

It appears that some foreign government was behind the data breach. According to IMF spokesman David Hawley the incident was under investigation and the fund was completely functional. Fox News reported that the IMF’s computers had been hacked into similar to the latest incident in November 2008 via malicious software.

The World Bank deactivated a cyberlink it has with the IMF as one of IMF’s desktop was compromised and large quantity of data was obtained. The hackers had deliberately infected a computer at the IMF with malware trained to steal information. This is a new kind of malware, one that gave hackers broad access toIMF’s systems – helping to gain ‘hot market’ information. Email warnings about “increased phishing activity”were received on June 1 and employees were warned against opening emails from unknown senders, access suspicious video links or click on attachments . IMF had sent an internal memo on June 8 about the actual cyber-attacks to its board members and employees.

Political foes, especially China, could be behind the attack as data related to monetary policies is of utmost value. The IMF studies the economic stability of its 187 members and analyzes each nation’s financial risk. It supervises the global financial system and recently played a major role in the economic bailout of Greece, Ireland and Portugal. This came as a rude shock when the country was just grappling with IMF chief Dominique Strauss-Kahn’s sexual asasult scandal.

Unless the IMF reveals more information about what data was compromised and how it happened, it is difficult to figure out who was behind the attack and the extent of the loss. The Federal Bureau of Investigation is in charge of this investigation.

Contact Alertsec for your data security needs

It is clear that the security of world’s large corporations is at risk. In the absence of full disk encryption, valuable files can be accessed. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. Data loss prevention systems can also reduce the loss of information. Investing $13/month gives an organization peace of mind. A very small price to pay compared to losing high-quality or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in data breach

Tags: alertsec AlertSec Xpress Cryptography data theft prevention drive encryption Encryption International Monetary Fund World Bank

Codemasters ‘ attacked by hackers’

June 12th, 2011

Image via Wikipedia

It is the era of hacking ! Before the Cyber-world recovers from the recent data attack on Sony and Citigroup, hackers have managed to access personal data of Codemasters ’s users.

The story

The British games developer was attacked on June 3 and personal details like names, addresses and phone numbers of thousands of people were stolen. IP addresses, details of last site activity, order history, biographies, Xbox Live Gamer-tags of the Codemasters CodeM database and the DiRT 3 VIP code redemption page were also a part of the theft. Luckily payment details were not hacked into as those were processed by an external provider.

Codemasters.com and its associate web services have been taken off the web till the investigation is on. Users have been advised to log on to the company’s Facebook Page for more information. US and UK websites have also been redirected to the company’s Facebook page. A new Web site is in the pipeline.

According to BBC News, the company is still probing about possible suspects. The number of affected users is still not known. It could be anywhere from thousand to hundred thousand. The company said. “We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law”

Data Security

Gamers have also been advised to change their passwords linked with Codemasters accounts. Codemasters spokesperson has further advised to refrain from opening any suspicious mail that might lead a user to an illegal website. Users need to be extra cautious of emails asking them to share their password or any other personal information

Users’ reactions

Leanne Lee from Eastbourne, Codemasters website user, blamed the company of being slow to report. She was shocked that she was told a week later after the breach occurred and that too via an impersonal email. According to Brad Langford of Manchester, Codemasters or any video game company for that matter does not really require sensitive information like birth place and birth dates.

Breaking news

‘Epic Games’ suffers cyber attacked ! Stay tuned..

Data security with Alertsec

D ata security is of utmost importance for any organization. This news stresses the need for data protection applications. The loss in the above incident could have simply been reduced to an insurance matter by a mere investment of $13/month. The amount is meager compared to what the company has lost. The need of Data encryption software and recovery software cannot be underestimated . Had the company used Alertsec’s services, the information would have been secure. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in data breach

Tags: alertsec AlertSec Xpress computer encryption software data breach data encryption data security data theft prevention hacking

Fine Gael website has been Hacked and Personal Data of 2,000 Supporters were Breached

January 18th, 2011

When you are talking about data in IT organizations hacking attacks will continue to thrive. Again in any professional organization, the tendency of such kinds of attacks happening in real-time is very common. Through the medium of this blog, we’ve been highlighting several breach incidents which present strong warnings for organizations to enhance their mechanisms for the protection against data loss incidents. One such way of ensuring the data security is through the use of data encryption software.

Today we are going to talk about Fine Gael, a political party portal and how it became the latest victim of data breach incident.

Fine Gael website Hacked by an “Anonymous” Group

Fine Gael party leader Enda Kenny

As we mentioned above, Fine Gael is the new website of an Irish political party. It has been hacked by “Anonymous”, an online hacking group. The website was launched last week and the reason of launching was to invite members of the public to share their views on policy and the future of Ireland.

Fine Gael has been formed in 1933 and considered as the moderate political party. On Tuesday Party replaced its old website finegael.ie with the new website finegael2011.com. This site has been hosted by the American internet firm ElectionMall Technologies which is a US firm.

Personal Data of Around 2000 Supporters were Revealed

So how does it feel to be among those whose data is revealed? Exactly this is what happened to the supporters of Fine Gael. The hacking incident had an impact on the personal data of around 2000 supporters. Irish Central reported that the number of affected is believed to increase to 4,000. This attack took place on Sunday and immediately after the attack website was forced offline. The hacker was forwarded the personal details file to media organizations. This file was containing the IP addresses, phone numbers and e-mail addresses of approximate 2000 people.

Why the New Hosted Website was Hacked

According to the attackers, the site was hacked because comments submitted to the site by users were being censored and forwarded around 2,000 members’ details with the claim that the party was censoring comments from the public. Hackers posted a message on the Fine Gael website after removing the message posted by them. The posted message was “Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. Wake up!”

A spokesperson for Fine Gael said the attack was “assumed to be by Anonymous”, but “the link is yet to be proven”.

This online “Anonymous” Group is best known for its attack on websites and has been also tried to bring down several payment sites including Mastercard.com and Visa recently to block the payments to Wikileaks.

Action Taken By the Party

As a follow-up activity, party has informed the people, whose data has been compromised by an email about the breach. Also warned them that the hacked data was included their personal details like names, email addresses, constituency details and phone numbers. Fine Gael contacted to the data protection commissioner “Billy Hawkes” who is investigating this case and also contacted the Garda Computer Crime Unit in relation to the attack. The FBI has also involved in this case after ElectionMall contacted the US police.

According to Hawkes, party suspects that the personal data of those who posted comments or registered their details has been compromised. In a statement party said the website will be offline “while we follow-up with the appropriate authorities to resolve the matter.”

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.