Log in

Posts Tagged ‘Attorney general’

Data of one out of every three people in the state of MA has been compromised in the past 20 months

September 25th, 2011

State of Massachusetts has seen the maximum number of data breaches in the past twenty months. Personal information of about two million Massachusetts residents i.e. one in every three people who are residents of Massachusetts, has been breached through electronic data breaches.

According to the 2007 state laws all companies doing business in Massachusetts must inform consumers and state regulators about security breaches that might result in identity theft. The list includes leaks of individual names along with sensitive data like Social Security numbers, bank account, credit card and debit card numbers. The law came into being in 2007 as a result of a 45 million hack of credit card numbers from Framingham-based retailer TJX Cos.

Martha Coakley, Attorney General, said that nearly 1,200 data breaches have been reported. Quarter of these were the result of intentional hacking.

The largest breach in the time period was the hacking of information of about 800,000 people that was lost by a vendor hired to destroy it. In addition, information on 210,000 residents entrusted to a state agency was put at risk.

These data breaches contained information from names and addresses to medical histories.

What MA residents had to say?

Daniel Paul, a courier, gets the jitters when he thinks about it. He made online purchases with his credit card but started getting charged for things he didn’t buy: his credit card had been hacked. It was a nightmare to get things back on track.

Here is what he had to say ”Just going through getting everything changed back, changed over, getting charges off your account, your credit– it was awful,” said Paul. ”I hope I never have to go through it again.”

Mike Paquette, Chief Strategy Officer for Corero Network Security in Hudson, MA said ”In today’s internet world there are so many opportunities where information can be disclosed, as an individual, unfortunately there is very little that you can do,”said.

Consumers do have the option of suing, but it really doesn’t get them anywhere as it is very difficult to prove data theft.

Consumers must carefully keep a track of their online transactions. It is always advisable to deal with well-known companies and do your homework about the company’s info.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

.

No comments »

Posted in Data Protection, Encryption, Uncategorized, computer security software, data breach, data encryption

Tags: Attorney general Computer security data breach Desktop computer Enter your zip code here identity theft iTunes Martha Coakley Massachusetts Massachusetts Attorney General Personal computer Personally identifiable information security Social Security number United States

Wellpoint Sued by Indiana AG Over Health Data Breach

November 4th, 2010

The Monetary Value: $300,000

The Fault: Delay in notification to customers about online exposure of medical records, credit card numbers and other sensitive information.

Health insurer Wellpoint is facing allegations in a law suit as apparently critical consumer health data was at risk for over 137 days on the website of Wellpoint. Apparently, the Consumer health data was at risk for 137 days through an unsecured Wellpoint website.

The attorney in the region of Indiana has filed suit against health insurer Wellpoint for causing un-necessary delay in notifying customers about the data breach. According to the law in Indiana, businesses are required to notify individuals who are affected by data breaches. In addition, the businesses are also required to notify the attorney general’s office about the breach.

As per the information that has been conveyed by the attorney general’s office, the exposed data includes social security numbers, health records, financial information. This is data of over 32,000 customers across Indiana. The data was available during the months of October 2009 and March 2010 and as stated above it was for a period of 137 days. The data was submitted to Wellpoint from applicants seeking insurance coverage.

As per the Attorney General Zoeller, WellPoint learned of the breach, which had affected more than 32,000 Indiana citizens, on Feb. 22 itself but it did not begin notifying customers until almost four months later. In response the state is seeking over $300,000 in civil penalties.

“The Attorney General’s Identity Theft Unit continues to investigate the WellPoint data breach and encourages those who may have been affected to perform a credit check and a security freeze to guard against identity theft. By law, security freezes are available for free to residents of Indiana.”

From their side, the AG office had informed Wellpoint on separate dates in the months of February 22 and March 8 of this year. But apparently, Wellpoint only began notifying the customers on June 18, 2010.

AG office issued a statement in which they said, “While most inadvertent security breaches do not result in fraud, notifying those affected in a timely manner significantly reduces the risk of identity theft,”. “Situations involving the theft of personal information for the purposes of identity theft most often result in some form of fraud occurring within seven to 10 days”.

For detailed information please visit the informationweek link.

How Alertsec Xpress Would Have Helped

Feel worried after reading the above news story? Have potentially un-secure data in your enterprise? This could be you!! Don’t wait to take the right-decision and invest in computer security software on the right occassion.

In an incident which highlights the need of a data security and recovery software.The threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Indiana AG Sues Wellpoint Over Health Data Breach (informationweek.com)
Indiana AG sues WellPoint over data breach (thetechherald.com)
Indiana AG Sues WellPoint Over Data Breach (palisadesystems.com)

No comments »

Posted in Computer security, computer security software

Tags: Attorney general data breach Health insurance identity theft Indiana information week Law Social Security number WellPoint

Laptop stolen from UConn, West Hartford campus

August 23rd, 2010

Laptop Theft Connecticut

A laptop containing the names and Social Security numbers of more than 10000 Uconn applicants was stolen from their West Hartford campus. The laptop was kept in the storage cabinet of their Information Technology Department.

UConn officials said they have started investigating the theft which was discovered on 3^rd August. The university is in the process of contacting; in writing, everyone whose name was on the computer, and offering those individuals credit monitoring coverage for a period of two years at the University’s expense. Data from 2004 up to 2010 was stored on the laptop.

Meanwhile, the UConn police is continuing their investigation. “We deeply regret this incident. The University takes security of personal data seriously and is continuing its investigation to determine whether any University policies were not followed.” says Jason Pufahl, interim chief information security officer at the University. “The University will take corrective steps and, if warranted, disciplinary action”, he added.

Also, the Connecticut Attorney General’s office is also investigating the incident. “My office is investigating to determine the cause of this security breach – putting more than 10,000 applicants at risk for identity theft,” Richard Blumenthal said. “While there has been no evidence of financial fraud at this time, misuse of private financial information remains a threat and must be prevented. I am pleased that UConn officials have pledged two years of identity theft protection for individuals. Our investigation will also seek to ensure that measures are immediately implemented to prevent future breaches.”

Our Take: Possibly, the use of Computer protection software or Laptop encryption software like Alertsec Express would have prevented all this chaos. The theft would have simply been reduced to an insurance matter and the cost of laptop.

This Week in Leaks (Aug. 20, 2010) (palisadesystems.com)
Preventing Identity Theft (creditscore.net)
Connecticut to Probe WellPoint Security Breach (businessweek.com)

No comments »

Posted in Uncategorized

Tags: Attorney general Crime identity theft Richard Blumenthal security Social Security number Theft University of Connecticut

HITECH fails to live up to data security standards

February 6th, 2010

Today, we are living in an extremely competitive world. At every instant, every action there’s a risk involved. Risk of data loss, data which is extremely critical and confidential. This is why data security is a component for any business. If you do not live upto the expected standards there are bound to be severe problems.

Today’s case in point is Health Net of Connecticut. Lets look at the sequence of events !

The Attorney General (AG) of Connecticut, Mr. Richard Blumenthal has apparently filed a legal case against Health Net of Connecticut for causing the leak of for highly confidential medical records of patients. It is believed that the loss has been attributed to financial information as well and scales over to 4,46,000 records.

In a right move, Bluementhal has also demanded the harddisk encryption of all electronic data which is guided by the Health Insurance Portability and Accountability Act (HIPAA).

Since the HIPAA has been violated, this case also demonstrates severe action taken by State attorney general.

A statement issued by Bluementhal said, “Protected private medical records and financial information on almost a half million Health Net enrollees in Connecticut were exposed for at least six months—most likely by thieves—before Health Net notified appropriate authorities and consumers”. “The staggering scope of the data loss, and deliberate delay in disclosure, are legally actionable and ethically unacceptable. Even more alarming than the breach, Health Net downplayed and dismissed the danger to patients and consumers.”

The data leak incident

It was about ‘8′ months ago when it was discovered that a portal computer hard disk was misplaced from the Shelton office of the company. The contents of the disk contained the following data of 4,46,000 enrollees:

Social security number (SSN)
Confidential health info
Bank account number

Richard Blumenthal

Part of the leakage was also due to carelessness on behalf of the official at Health Net. They didn’t bother to inform the authorities about this incident.

The mission information had over 27 million pages, 120 categories of document and contained the following:

Insurance claim forms
Membership forms
Appeals and Grievances
Correspondence/Medical records

According to us the biggest problem in this case was the storage device for data. Instead of using a secure server, a portable disk drive was used for capturing highly confidential information.

It was understood that the company officials at Health Net had hired an independent computer company, Kroll, to understand and estimate the type and the amount of data on the hard drive. In addition, few weeks back the experts at Kroll had determined the theft of two laptops again raising serious security eyebrows about laptop security and laptop encryption mechanism.

Had the data been encrypted or protected from viewing access, it would have been better. The access to unauthorized persons or third parties could have been avoided by stopping access to commonly used software.

On their part Health Net told IFAwebnews.com that “protecting the privacy of our members is extremely important to us” and that company policy requires all data to be encrypted and secured. “To date, Health Net has no evidence that there has been any misuse of the data,” the company, which is offering two years of free credit monitoring to all affected members, said.

Related articles by Zemanta