Log in

Posts Tagged ‘breach notification laws’

Local Authority data loss exposed by Big Brother Watch

November 27th, 2011

It is time to worry and take strict action. We are talking about data loss and their increasing cases.

Big Brother Watch’s recent report focuses on data loss across local authorities. BBW has investigated more than 1000cases across 132 local authorities, that include a minimum of 35 councils that have lost information about children and patients.

Following statistics shows how grave a danger we are in for data loss:-

At least 244 laptops and portable computers were lost, a minimum of 98 memory sticks and more than 93 mobile devices went missing. From the total 1035 cases, only 55 were reported to the Information Commissioner’s Office. Worst still, just 9 incidents resulted in termination of employment. Maximum data loss was by Buckinghamshire (72 incidents), Kent (72 incidents) and Essex (62). Northamptonshire and North Yorkshire were also included in the list of top five data loss cases.

Big Brother Watch is of the opinion that this rise in data loss incidents clearly shows that not enough is being done about data security. Tons and millions of sensitive information is getting exposed and authorities are doing little about it. It is high time data security policies are revamped and priority given to data protection. Data protection laws must be followed and those who breach it ought to be fined.

According to Big Brother Watch: “The growing volume of personal information held by local authorities is a significant threat to personal privacy and civil liberties. This report highlights how, despite data protection law, not enough is being done to ensure sensite information is held securely and protected.”

The response to the report by Grant Shapps, minister for local government, was

Big Brother Watch exposes data loss cases

:”I welcome this research by Big Brother Watch. This reinforces the need for steps to protect the privacy of law-abiding local residents.

“Civil liberties are under threat from the abuse of town hall surveillance powers, municipal nosy parkers rummaging through household bins and town hall officials losing sensitive personal data on children in care.

Data loss incidents that could have been avoided – in the Buckinghamshire incident around 2,000 email addresses were sent to the public . In Essex, documents related to children were found in a hire car by a member of staff. In Kent, a USB drive that had school children’s personal data and assessment results got lost due to the negligence of an outreach worker.

The report is a result of Freedom of Information requests made by Big Brother Watch to 434 local authorities between July 2008 and July 2011.

Encryption software prevents data breaches

Traditional antivirus approaches don’t work any more and a new approach to endpoint security is required to better protect your company from malicious threats.

The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Big Brother Watch breach notification breach notification laws Buckinghamshire Civil liberties Computer security Confidentiality data breach Data loss Grant Shapps Information Commissioners Office Kent Local government Programs Television

Vacationland Vendors admit to serious data breach

September 15th, 2011

Vendstar 3000 Vending Machine at Approved Cash...

Vending machine exposes visitors' personal data

Should you be staying away from vending machines? Many folks keep themselves away from vending machines for health sake.

There is one more reason to stay away now. Your personal information is at risk here ! Folks swipe credit cards whilst buying from the vending machines thereby storing personal data.

The following incident makes one think twice before putting that chip from the vending machine into your mouth.

A hacker gained entry into certain parts of Vacationland Vendors point-of-sale systems used to process payment-card transactions at Wilderness Resorts located in Tennessee and in the city of Wisconsin Dells, Wisconsin. The breach has affected around 40,000 people. Company’s spokesperson said “a computer hacker improperly acquired credit card and debit information.”

It is still not known how the breach was discovered or when. Whether those affected by the breach have been notified or not is also not known. The breach affected only arcade systems. Fortunately the resort operations and systems — reservations, restaurants, and shops — were not breached.

According to Vacationland, internal security has nothing to do with the breach at either of the two Wilderness Resorts. The statement further adds “Vacationland Vendors has learned that other businesses just like its own have been affected by this computer hacker,”.

Vacationland Vendors is working with an outside consultant and has beefed up its security of point of sale systems to protect from future breaches.

Customers who have used their credit card or debit card at the Wilderness Resort locations from December 12, 2008 through May 25, 2011have been asked to take the following immediate steps in order to prevent the unauthorized and unlawful use of their personal information.

According to Bill Bray, spokesperson for the Wisconsin Dells-based Vacationland Vendors, the same intruder had hacked other businesses as well.

a. Keep a close watch on bank statements and credit card bills and if you notice something strange immediately get in touch with authorities

•b. Place a fraud alert on your consumer credit file. This can be done by contacting one of the three national credit reporting agencies – Equifax (800-525-6285), Experian (888-397-3742) or TransUnion (800-680-7289).

c. Inform the local law enforcement or the state attorney general of any incident related to identity theft

How can Alertsec help?

Thus in the absence of full disk encryption, privacy of consumers is compromised. It is vital to use Data encryption software in order to keep our data safe from breaches. Data security and recovery software is the need of the hour. $13/month is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software-licensing model

Why is Alertsec the number 1 laptop encryption service?

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Uncategorized, data breach, data encryption, identity theft

Tags: breach notification laws computer encryption software Credit card data security disk encryption Encryption Enter your zip code here Equifax Hacker identity theft TransUnion Vending machine

Ohio teacher sues Software firm for accessing stolen laptop

September 9th, 2011

Absolute's LoJack causes trouble for school teacher

Who would have thought that stolen laptops could cause such uproar? The latest incident of a stolen laptop caused an Ohio teacher quite an embarrassment.

The story

It all started when Clements-Jeffrey, an Ohio substitute teacher, bought a used laptop from one of her students in the year 2008. Apparently, it was a stolen laptop, which Ms Jeffrey had bought from a student for $40. The student wanted to make fast money and had taken this route.

Incidentally, the laptop was property of Ohio’s Clark County School District. The school had a contract with Absolute Software, which installs hidden tracking software known as LoJack on all of its machines to track a thief in case of data theft. This software records all data that the user is accessing. LoJack is a legal security service but in this particular case, the company has violated the Electronic Communications Privacy Act and the Stored Communications Act.

The tracking company had been keeping track of her laptop, which of course is fine, but it crossed the line when it viewed her naked images and captured them. The woman had been sitting naked in front of her laptop and chatting to her school sweet heart. Absolute passed these sexually explicit private images to the police along with the location data.

Ms Clements and her boyfriend, Carlton Smith, who lived in Boston, were shocked beyond doubt and sued Absolute Software for violating their personal rights.

The court ruling

Absolute’s defense – Absolute asked a summary judgment in its favor. According to them, the officer was just doing his job when he captured sexually explicit images of Susan Clements-Jeffrey who was chatting with her boyfriend through a webcam and later passed them to the police in an effort to track the thief of the stolen laptop.

Absolute further added that it was acting on behalf of its customer, the school district, and was covered under “color of law” and “safe harbor” statutes. It appears that the company had an agreement with the school district which reads “the ability to view and recover any files that are present” on the school’s computers.

The judge wrote in his decision “It is something entirely different to violate federal wiretapping laws by intercepting the electronic communications of the person using the stolen laptop.”

According to the Judge Absolute had crossed its limit. There was no need to capture these images at all once it had tracked the IP number of the laptop. The regular procedure is to provide a suspect’s IP address to law enforcement agents, so that they could issue a subpoena to the suspect’s ISP to obtain the user’s name and physical address.

Alertsec helps track stolen laptops

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data

No comments »

Posted in Computer security, computer security software, laptop encryption, laptop theft

Tags: breach notification breach notification laws data breach Enter your zip code here IP address laptop laptop encryption Ohio Substitute teacher

BART scrambles to inform its customers about its website breach

August 15th, 2011

Anonymous group hacks BART's site

Anonymous targets BART

The hacking group Anonymous is constantly hungry for media attention, needless to say. They recently hacked into the Bay Area Rapid Transit system (BART) and published email and home addresses, as well as phone numbers of more than 2,000 BART customers in response to the transit agency’s decision Thursday to switch off cell phone service at San Francisco’s Civic Center station to head off a planned protest.

“We are Anonymous,” the group’s Twitter biography reads. “We are legion. We never forgive. We never forget. Expect us.”

The group has also been linked to a warned Nov. 5 Cyberattack against the social networking site Facebook. Nov. 5 is Guy Fawkes Night in England.

Significance of Guy Fawkes Night

The night in 1605 in which Fawkes was arrested while guarding explosives beneath London’s House of Lords in an attempt to kill numerous politicians and King James I

Anonymous quotes:

“We apologize to any citizen that has his information published, but you should go to BART and ask them why your information wasn’t secure with them,” the group wrote on the Web site where it posted the leaked information. “Also do not worry; probably the only information that will be abused from this database is that of BART employees.”

What BART Police had to say

According to Linton Johnson, a spokesperson for the BART police department, the group had violated riders’ privacy. He further added that BART has informed the Federal Bureau of Investigation and other law enforcement agencies to probe into the matter.

BART’s history

BART was in the limelight for the fatal shootings of two men over the last two years by its officers. Charles Hill, a 45-year-old homeless man, was fatally shot when he attacked a police officer with a knife. In another gory incident, Oscar Grant was shot in the back during a police encounter.

The Aug 15 protest by Anonymous

The group held a peaceful protest at 5 p.m. Monday at Civic Center Station, near San Francisco’s City Hall. The Bay Area Rapid Transit District police had to close at least four San Francisco subway stations yesterday evening forcing commuters to find an alternate way home.

Protesters carrying signs and one in a Guy Fawkes mask, showed up shortly after 5 p.m. PT in the Civic Center station. “It’s like a media circus down here,” one bystander remarked.

Chants like “No Justice No Peace, Disband the BART police” could be heard and protesters tried to hold the doors open to a train. Soon after BART police cleared out the station and shut it down around 5:30 p.m.

According to Dan Hartwig, deputy chief of police at BART, no one was arrested. He further stated, “We shut down the station because we didn’t want to jeopardize the safety of passengers and BART employees,” he told reporters. “The platform was becoming (crowded and) unsafe… I’m not opposed to them expressing their First Amendment Rights.”

Why use Alertsec’s services?

Alertsec is the leader in the field of hard disk encryption as a fully managed service. It provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way.

Alertsec’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

No comments »

Posted in Computer security, Data Protection, data breach

Tags: breach notification laws computer encryption software data breach data security Enter your zip code here

Online political activist, Aaron Schwartz, faces jail time for data theft

July 23rd, 2011

Schwartz arrested for stealing data

Heard of sophisticated hacking? Narrated below is a classic case of one such hack.

Harvard researcher and founder of Reddit, Aaron Schwartz, has been arrested in Boston on charges related to computer hacking. It appears he allegedly downloaded articles that he was entitled to get free.

According to Lawrence Lessig, the Harvard center’s director, where Mr.Schwartz recently completed his fellowship said“Aaron has never done anything in this context for personal gain — this isn’t a hacking case, in the sense of someone trying to steal credit cards,” . “That’s something JSTOR saw, and the government obviously didn’t.”

The indictment

According to the indictment the researcher, Aaron Swartz, broke into the computer networks at the Massachusetts Institute of Technology. He wanted to gain access to JSTOR, a nonprofit online service for distributing scholarly articles online. He allegedly downloaded 4.8 million articles and other documents. It won’t be an exaggeration if we say he downloaded the entire library! To top it all he did this without authorization and distributed the documents through file sharing networks.

Post-Indictment

Demand Progress has set up a web page and petition in support of Swartz. They are questioning the indictment and the legal strategy that makes downloading “so many journal articles” a felony that should be punished with jail time. Demand Progress is the website where Aaron earlier worked as an Executive Director. According to the website “the alleged victim has settles any claims against Aaron, explained they’ve suffered no loss or damage, and asked the government not to prosecute.”

Mr. Schwartz is looking at 35 years in prison and $1 million in fines for charges related to wire fraud, computer fraud and unlawfully obtaining information from a protected computer. He was arraigned in Federal District Court after surrendering to the authorities. Surprisingly he has pleaded not guilty to all counts. He was released on $100,000 unsecured bond

History

Aaron released a “Guerrilla Open Access Manifesto,” in 2008 asking activists to fight against the sequestering of scholarly papers.

“It’s time to come into the light and, in the grand tradition of civil disobedience, declare our opposition to this private theft of public culture,” he wrote. One goal: “We need to download scientific journals and upload them to file-sharing networks.”

Attorney’s statement

A United States attorney, Carmen M. Ortiz, said: “Stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data or dollars. It is equally harmful to the victim whether you sell what you have stolen or give it away.”

Was data compromised?

Apparently no personal data was compromised. Around 7,000 institutions are members of JSTOR and pay fees as per their financial position. 14% of subscribers pay no fee at all. The JSTOR archives feature journals focused primarily on the humanities and social sciences.

Alertsec and data security

Organisations and individuals are being trained to deal with their data security in a better way. Companies are required to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is the security service that keeps all your data secure through encryption software.