Bank card number

Unity Recovery Group suffers data breach

June 4th, 2015

Unity Recovery Group, Inc. announced the data breach but failed to specify the cause of breach. It just mentioned that it “involved the disclosure of [patients’] personal information to one or more unaffiliated recovery and/or rehabilitation service providers, without [their] prior written consent.” Affected information includes names, addresses, dates of birth, addresses, telephone numbers, Social Security numbers, email addresses, insurance information, and/or certain health-related information.

“To protect against future incidents, we have undertaken additional technological security measures and implemented additional training of our employees to ensure compliance with Unity’s Policies,” Unity said. “We have also hired outside legal counsel to assist us with our investigation and Forensic Data Services, Inc., a technology forensics firm, to enhance the security of our IT systems.”

The breach also affected affiliated companies which include Starting Point Detox, LLC, Lakeside Treatment Center, LLC, Changing Tides Transitional Living, LLC, and Unity Recovery Center, Inc.

According to the statement:

  • We are complying with our regulatory notice obligations and continue to investigate how this breach happened in light of our Privacy Policy, Client Confidentiality Policy, Conflict of Interest Policy, and IT security policies (together “Unity’s Policies”).
  • At Unity, we take patient privacy very seriously and it is important to us that you are made fully aware of a potential privacy issue that may affect you.
  • While we have not received any indication that the information disclosed has been accessed or used for any other purpose, we are required to obtain your prior written consent before disclosing your personal information, with limited exception.
  • In keeping with our commitment to patient privacy, we have arranged for a complimentary one year subscription for you to ID Experts®, a leading identity and credit protection service. Unity is not affiliated in any way with ID Experts, however, their services have come highly recommended. If you seek the benefits of their services, ID Experts will also assist you with placing a “Fraud Alert” on your credit reports.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Passwords under threat at Linode

April 20th, 2013

One of the leading VPS hosting company Linode came under a vicious hack attack, that posed serious threats to its customers. Luckily for them, Linode had been proactive in safeguarding its customers’ credit card information. They had been successful in thwarting the attack. According to a blog post that was published soon after the incident, the company’s officials identified and blocked all suspicious activities on the networks.

“Credit card numbers in our database are stored in encrypted format, using public and private key encryption,” Read one of the blog posts on the company’s website. Linode maintains that a group named Hack The Planet (HTP) claimed   responsibility for accessing   Linode Manager web servers, by exploiting an obscure vulnerability in Adobe’s ColdFusion application server. These vulnerabilities tended to in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was belted out last week.

This is not the first time hackers have tried to get inside Linode .A year ago, sometime in the March of ’12 servers it hosted were hacked and the hackers got their bank balances full with bitcoins.

The susceptibility resulted in the group getting exposure to a web server, parts of Linod’s source code and finally its database. The company is reported to have been bending over backwards to safeguard critical information of its customers.

A customary investigation done by the company revealed that HTP did not get access to any other section of the company.

However, HTP has asserted it has access to those keys, however, as it was stored on the same server it compromised

The company also divulged a little information on how they function. Their database contains credit card numbers in an encoded format, using both public and private encoding. Since the private key is protected and the complex password is not stored on the network, it becomes next to impossible for hackers to get all the information

The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically.

“There were occurrences of Lish passwords in clear text in our database. We have corrected this issue and have invalidated all affected Lish passwords effective immediately. If you need access to the Lish console, you can reset a new Lish password under the Remote Access sub-tab of your Linode,” one of the officials maintained.

It is advisable for the customers of Linode to change their passwords in case they have used their Linode passwords on any service other than Linode.

How Alertsec can be of help to customers in such murky waters

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Enhanced by Zemanta