Log in

Posts Tagged ‘breach notification’

Local Authority data loss exposed by Big Brother Watch

November 27th, 2011

It is time to worry and take strict action. We are talking about data loss and their increasing cases.

Big Brother Watch’s recent report focuses on data loss across local authorities. BBW has investigated more than 1000cases across 132 local authorities, that include a minimum of 35 councils that have lost information about children and patients.

Following statistics shows how grave a danger we are in for data loss:-

At least 244 laptops and portable computers were lost, a minimum of 98 memory sticks and more than 93 mobile devices went missing. From the total 1035 cases, only 55 were reported to the Information Commissioner’s Office. Worst still, just 9 incidents resulted in termination of employment. Maximum data loss was by Buckinghamshire (72 incidents), Kent (72 incidents) and Essex (62). Northamptonshire and North Yorkshire were also included in the list of top five data loss cases.

Big Brother Watch is of the opinion that this rise in data loss incidents clearly shows that not enough is being done about data security. Tons and millions of sensitive information is getting exposed and authorities are doing little about it. It is high time data security policies are revamped and priority given to data protection. Data protection laws must be followed and those who breach it ought to be fined.

According to Big Brother Watch: “The growing volume of personal information held by local authorities is a significant threat to personal privacy and civil liberties. This report highlights how, despite data protection law, not enough is being done to ensure sensite information is held securely and protected.”

The response to the report by Grant Shapps, minister for local government, was

Big Brother Watch exposes data loss cases

:”I welcome this research by Big Brother Watch. This reinforces the need for steps to protect the privacy of law-abiding local residents.

“Civil liberties are under threat from the abuse of town hall surveillance powers, municipal nosy parkers rummaging through household bins and town hall officials losing sensitive personal data on children in care.

Data loss incidents that could have been avoided – in the Buckinghamshire incident around 2,000 email addresses were sent to the public . In Essex, documents related to children were found in a hire car by a member of staff. In Kent, a USB drive that had school children’s personal data and assessment results got lost due to the negligence of an outreach worker.

The report is a result of Freedom of Information requests made by Big Brother Watch to 434 local authorities between July 2008 and July 2011.

Encryption software prevents data breaches

Traditional antivirus approaches don’t work any more and a new approach to endpoint security is required to better protect your company from malicious threats.

The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Big Brother Watch breach notification breach notification laws Buckinghamshire Civil liberties Computer security Confidentiality data breach Data loss Grant Shapps Information Commissioners Office Kent Local government Programs Television

Ohio teacher sues Software firm for accessing stolen laptop

September 9th, 2011

Absolute's LoJack causes trouble for school teacher

Who would have thought that stolen laptops could cause such uproar? The latest incident of a stolen laptop caused an Ohio teacher quite an embarrassment.

The story

It all started when Clements-Jeffrey, an Ohio substitute teacher, bought a used laptop from one of her students in the year 2008. Apparently, it was a stolen laptop, which Ms Jeffrey had bought from a student for $40. The student wanted to make fast money and had taken this route.

Incidentally, the laptop was property of Ohio’s Clark County School District. The school had a contract with Absolute Software, which installs hidden tracking software known as LoJack on all of its machines to track a thief in case of data theft. This software records all data that the user is accessing. LoJack is a legal security service but in this particular case, the company has violated the Electronic Communications Privacy Act and the Stored Communications Act.

The tracking company had been keeping track of her laptop, which of course is fine, but it crossed the line when it viewed her naked images and captured them. The woman had been sitting naked in front of her laptop and chatting to her school sweet heart. Absolute passed these sexually explicit private images to the police along with the location data.

Ms Clements and her boyfriend, Carlton Smith, who lived in Boston, were shocked beyond doubt and sued Absolute Software for violating their personal rights.

The court ruling

Absolute’s defense – Absolute asked a summary judgment in its favor. According to them, the officer was just doing his job when he captured sexually explicit images of Susan Clements-Jeffrey who was chatting with her boyfriend through a webcam and later passed them to the police in an effort to track the thief of the stolen laptop.

Absolute further added that it was acting on behalf of its customer, the school district, and was covered under “color of law” and “safe harbor” statutes. It appears that the company had an agreement with the school district which reads “the ability to view and recover any files that are present” on the school’s computers.

The judge wrote in his decision “It is something entirely different to violate federal wiretapping laws by intercepting the electronic communications of the person using the stolen laptop.”

According to the Judge Absolute had crossed its limit. There was no need to capture these images at all once it had tracked the IP number of the laptop. The regular procedure is to provide a suspect’s IP address to law enforcement agents, so that they could issue a subpoena to the suspect’s ISP to obtain the user’s name and physical address.

Alertsec helps track stolen laptops

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data

No comments »

Posted in Computer security, computer security software, laptop encryption, laptop theft

Tags: breach notification breach notification laws data breach Enter your zip code here IP address laptop laptop encryption Ohio Substitute teacher

Maine’s Central Voter Registration (CVS) breach exposes voters personal data

August 30th, 2011

CVR-linked computer breached in Millinocket

What is a CVR system?

Central Voter Registration System (CVR) is used to improve the accuracy and integrity of voter lists and to enhance services to voters. The CVR also provides new efficiencies for election administrators and meet the requirements of the Help America Vote Act of 2002 (HAVA).

The CVR contains personal information on registered voters including names, addresses, dates of birth and driver’s license numbers. It does not include Social Security numbers.

It is not a large amount of personally identifiable information (PII), but valuable enough for the data-hungry hacking community.

CVR system breached

Apparently one of the CVR-linked remote computer, at the town clerk’s office in Millinocket, had a Malware installed which stole large amounts of voters data. Maine Secretary of State Charlie Summers confirmed this information. The Department of Homeland Security’s US-CERT team first found out about it and informed Summers office. The CVR contains information of one million registered Maine voters.

Although no personal information was accessed, there is a strong possibility that some data was snooped into. What and how much is yet to be found.

“I am in the process of assessing what, if any, information has been compromised”, Summers said. “I have taken immediate action to shut this computer down and disable the username and password assigned to the town clerk. I will keep the press updated with information as it is made available to me”

Maine Officials and the state police computer crimes department are investigating the breach.

Latest update

The latest update gives a twist in the story. It now appears to be a mountain made out of a molehill. There was a single malware infected computer in the remote town of Millinocket, which apparently did not access any information.

This is a sensitive issue, which discusses about regulations related to disclosure of security breaches: When is a breach really a breach and when should it be made public?

It is important to disclose even if the tiniest amount of data has been breached.

There are companies, which sweep such issues under the carpet. But in this case State of Maine is to be applauded for divulging the facts sooner than later.

Encryption software prevents data breaches

Traditional antivirus approaches don’t work any more and a new approach to endpoint security is required to better protect your company from malicious threats.

The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.

No comments »

Posted in Computer security, Data Protection, Security Flaw, computer security software, data breach, data encryption

Tags: breach notification Charles E. Summers Jr. Cockpit voice recorder data encryption data security Encryption Enter your zip code here Help America Vote Act Maine Malware Millinocket Maine Social Security number United States Department of Homeland Security Voter registration

Poor IT security measures lead to data theft in Citigroup Japan

August 26th, 2011

Another cyber attack on Citigroup

Hackers love Citigroup and they waste no time in finding loopholes to hack into their system. They have done it again but in a different way. This is not an online hack but an offline one.

This time they have illegally accessed personal information of 92,408 Citigroup Inc. credit card customers in Japan and sold this info to third parties. This is a clear indication that banks are vulnerable to cyber attacks and need to beef up their security.

Customer account numbers, names, addresses, phone numbers, birth dates, account-opening dates and gender information were stolen hacked into. Thankfully, personal identification numbers and card security codes were safe.

So far, no unauthorized use of the cards had been reported by the end of business on Aug. 5, the Kyodo News reported.

Citi is getting in touch with all customers affected by the theft and plans to reissue cards at the customer’s request. It further added that customers won’t be responsible for fraudulent transactions on their accounts.

Who is the perpetrator this time?

According to Citigroup Japan, the system was hacked by a third-party vendor that had been given access to Citi’s internal systems.

Avivah Litan, a distinguished analyst at Gartner, sums up in exact words ”This is a CIO’s worst nightmare,”. “I am sure Citi is not sitting around and twiddling its thumbs as the hackers gain the upper-hand. However, it does prove what a leaky sieve most large banks and corporations are when it comes to protecting customer data. There are so many points of compromise that it’s very difficult for them to thwart all potential attacks.”

Customers have started worrying as cyber criminals are getting better and better in their online attacks stealing private information and documents. They are not fully able to trust the big companies who are handling their money and credit card information.

Citi has been a constant target of hackers

In 2006, Citi’s system had been breached through a third party, giving away corporate banking information. Citi had to take the step of blocking PIN-based transactions for customers in Canada, Russia, and the United Kingdom. This was a followed by an incident in June where the FBI arrested a former Citi executive who allegedly embezzled more than $19 million from the bank and its customers.

About Citigroup

Citigroup is a leading global financial services company housing 200 million customer accounts and operating in more than 140 countries. Through Citicorp and Citi Holdings, Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, and wealth management.

Protect yourself with Alertsec

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, Uncategorized, computer security software, data breach, data encryption, identity theft

Tags: breach notification data breach data encryption data security Enter your zip code here identity theft

Unauthorized person breaks into Purdue University’s computer system

August 23rd, 2011

Data of former students accessed illegally

First it was the gaming sites, followed by big corporations like NASA, later it was the healthcare industry and now its time for educational institutes to get their data breached !

Hackers hacked big time into Purdue University’s server which contained the personal information, including Social Security numbers and course records, of more than 7,000 former Purdue University students. These students had enrolled into a Math course.

The breach

The breach took place on April 5, 2010. As soon as the Purdue staff learned about it, they took the server offline. The notification came 16 months after the discovery of the breach.

The server contained 6.6 million nine-digit numbers in the hacked files. It took Purdue six months to analyze those numbers. After analysis Purdue determined that approximately 65,000 of those number combinations could be Social Security numbers. The numbers were further reanalyzed and the University matched 7,093 of those number combinations to Social Security numbers of former students.

The computer showed older course records from 2000 through the summer session of 2005.

Not only ex- students but a few professors, family members and contractors were potentially affected. A letter was sent to those affected stating a toll-free phone number for inquiries at 866-520-0492

Breach investigation

Investigation by Purdue University officials showed that 7,093 Social Security numbers were accessed by the hacker.

According to Laszlo Lempert, head of the Department of Mathematics ”Through our investigation, we found no evidence that the unauthorized user attempted to find or read any files with personal information in our system, but felt informing people who may have been affected was a necessary precaution,” . “We regret the breach occurred, and we’ve taken extensive measures to prevent this from happening again.”

As per Purdue University policy, Social Security numbers are no longer used except where required by law. A Purdue identification number is issued to all students, alumni, faculty and staff.

Security tips by Purdue

Place a fraud alert on your credit file, if you haven’t already done so.
Close accounts that you believe have been tampered with.
File a complaint with the Federal Trade Commission. For step-by-step instructions and contact information, go to: http://www.ftc.gov/bcp/edu/microsites/idtheft/

AlertSec’s security services

Organisations and educational institutes which contain a large amount of data have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

To protect information on laptops with encryption is of paramount importance if you want to comply to today’s legislation, not to mention the peace of mind for people managing security for a mobile workforce. We have found Alertsec Xpress to be secure, yet easy to use and implement.