Log in

Posts Tagged ‘business’

WellPoint fined $100,000 for breach

July 12th, 2011

Indiana State files lawsuit against data breach

Health insurer WellPoint (Indiana-based) has to settle a fine of $100,000 to for a data breach that involved the personal information like name, date of birth, address, Social Security number, telephone number, e-mail address, and health and financial information of 32,000 Indiana customers.

Why?

The reason for the fine is because it waited for long before informing Indiana officials of a security breach that involved personal information of 32,000 members. It has also been asked to reimburse affected parties up to $50,000 as part of the settlement reached with the Indiana Attorney General. In addition it has to provide up to two years of credit monitoring and identity theft protection services to affected customers.

“This case should be a teaching moment for all companies that handle consumers’ personal data: If you suffer a data breach and private information is inadvertently posted online, then you must notify the attorney general’s office and consumers promptly,” Zoeller, Indiana Attorney General, said. “Early warning helps minimize the risk that consumers will fall victim to identity theft.”

What happened?

Personal information was compromised at least 137 days between October 2009 and March 2010. According to the suit WellPoint learned of the problem Feb. 22, 2010, but didn’t inform the clients until June. The Indiana state law also required that the Attorney General’s office be immediately notified but Wellpoint failed to do so.

The lawsuit

The Indiana Attorney General lawsuit alleged that member information was accessible from Oct. 23, 2009 till March 8, 2010. It stated further that WellPoint received written notification from Sarah Groveunder, a consumer, about the breach but failed to contact her till Mar 4. WellPoint started informing affected consumers only from June 18 and did not finish notifications until July 30.

What is surprising is that warning letters to a total of 47 companies were sent since the 2009 law went into effect for being slow to notify authorities about breaches. “Many companies keep vast quantities of consumers’ personal data and they are required to handle it confidentially and not carelessly. That’s not just good business practice; that’s the law,” Zoeller said in a statement

Security

According to Legal Newsline the site was immediately secured. WellPoint issued the following statement soon after the settlement: “Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members’ and applicants’ personal information. We have implemented I.T. security changes to ensure that this situation will not happen again, and we have received no indication that any information that may have been accessed has been used inappropriately.

How can Alertsec help?

Thus in the absence of full disk encryption, privacy of consumers gets compromised. It is vital to use Data encryption software in order to keep our data safe from breaches. Data security and recovery software is the need of the hour. $13/month is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Personal data compromised at Washington Post

July 8th, 2011

Hackers hit Washington Post

Hacking seems to be getting a profession these days and that too an exciting and lucrative one !

Security experts have been warning all organizations that they are vulnerable to cyber-attack. These attacks are not only limited to small companies but also big companies like Sony, NASA etc.

Definition of hacking

According to Wikipedia Hacking may refer to:

Computer hacking, including the following types of activity:
- Hacker (programmer subculture), activity within the computer programmer subculture
- Hacker (hobbyist), to heavily modify the software or hardware of one’s own computer system
- Hacker (computer security), to access computer networks, legally or otherwise
- Computer crime

Latest vicitm of hacking

The Washington Post Jobs site has been hacked ! Hackers accessed its employment Website and stole 1.27 million userIDs and e-mail addresses of its registered job-hunters.

According to the newspaper publisher’s July 6 report hackers hit the Washington Post’s job board twice, once on June 27 and again on June 28. They stole roughly 1.27 million user IDs and e-mail addresses. Fortunately passwords to the actual Jobs account and other personal information such as resumes and personal addresses were not compromised.

“We quickly identified the attack and took action to shut it down,” the Washington Post said.

Users may receive spam as a result of the breach and should avoid opening suspicious or unsolicited e-mails or responding to the messages, according to the Post. The problem is even more serious than that, according to Josh Shaul, CTO of Application Security.

This breach has affected the registered users big time. The people registered on the site are job-seekers who fall for spear phishing. “It’s impossible to resist looking into legit looking e-mails that come in offering you the opportunity to work,” said Shaul.

Washington Post has confirmed that additional security measures to prevent similar attacks have been implemented, and is “conducting a thorough audit of the security of the Jobs site.”

Michael Sutton, vice president of security research at Zscaler Labs, in an e-mail said “From the attacker’s perspective however, harvesting 1.27 million active email addresses constitutes a successful attack. When e-mail addresses can be sold in the underground market or used to send spam, there’s little doubt that the data breach will be leveraged for profit.”

Is hacker group Anonymous behind the attack?

This attack could be the work of Anonymous or any of the other members of the AntiSec campaign. Anonymous has been very active in recent weeks, breaking into the Arizona Police Department, among other targets.

AntiSec has typically targeted large governmental and media giants. But so far no one has admitted their role in this attack.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption, identity theft

Tags: Application Security breach notification breach notification laws business computer encryption software Computer security Credit card data breach data security data theft prevention E-mail Hacker hacking NASA Spam Washington Post

Possibility of Data Breach at HEI Hotels & Resorts, customers notified

September 14th, 2010

HEI Hospitality, owner and operator of Hi-end hotel chains and resorts like the Marriott, Sheraton, Westin and other monikers has sent notification letters to about 3400 customers informing them of a possibility of their data being compromised.

HEI discovered a vulnerability in an information system at certain of its hotel properties, which might have been exploited due to which credit card information related to certain transactions occurring between March 25 and April 17, 2010 may have been compromised.

The possible data breach could have given the hackers sensitive information such as credit card types, credit card numbers, expiration dates and security codes stored in the magnetic stripe on the back of each card. The hackers also compromised the property management system at the Algonquin Hotel, according to the letter signed by Troy Waterman, HEI’s senior vice president of finance.

In a letter to customers who stayed at one of its properties, the Algonquin Hotel, the firm informed customers that they believed that the point of sale system used in its restaurants, bars, and gift shops and the information management system used at check-in were illegally accessed and transactions intercepted. Customers were informed that the credit card’s number, expiration date, security code, and encoded magstripe data were at risk.

A HEI spokesman today said that though the company has notified 3,400 customers, there is no indication so far that the credit card data has been misused. Meanwhile, HEI is now offering a year’s worth of credit monitoring services for free.

Secure your organization with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption.

For security and technology observations, consider following us on Twitter.

Hotel Operator Warns of Data Breach (pcworld.com)
Accomodations Will Be Made – Hotel Card Systems Attacked, Breached (infosecurity.us)

1 comment »

Posted in Data Protection, data breach

Tags: Algonquin Hotel business Credit card HEI Hotels & Resorts Magnetic stripe card Marriott International Point of sale security

Laptop containing vital data stolen, reward on offer

September 13th, 2010

: Lapatop Theft

A laptop containing vital and sensitive data was stolen from Martin Hatton’s home in Blenheim Road, Horsham between 10pm on Monday August 30 and 5.20am on Tuesday August 31.

Mr. Hatton, the managing director of Mendage Projects Ltd, said: “The information contained on the laptop is quite crucial to me carrying on my day to day business.” He added, “The laptop even contained work he had done on the Houses of Parliament.”

Meanwhile, a reward of £10,000 is on offer for the recovery of the equipment and information leading to the conviction of those responsible.

The laptop was in a leather computer bag which also contained some memory sticks for each of the projects Hatton was working on. The bag also had all his business contacts’ cards along with all his current work notes. Moreover, his mobile phone containing 400-500 contacts was also taken.

Hatton said, “The theft has put me back weeks on the projects I was working on. It will cost me a lot of money to employ people to do the work again.” He also added, “I’m incensed by the fact someone’s broken into our home while we were sleeping in our beds.”

How to prevent data breach?

In cases of laptop theft, the insurance company may cover the hardware loss, but the data might be lost forever, or in worst cases might land in the wrong hands. Thus, data security software is required which will reduce the theft to merely that of hardware. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

WinMagic’s SecureDoc Full-Disk Encryption Solution to Fully Support Intel Advanced Encryption Standard New Instructions (AES-NI) (eon.businesswire.com)
Do You Know Where Your Laptops Are? (itexpertvoice.com)

No comments »

Posted in Uncategorized

Tags: business data data breach data security Hardware laptop Notebooks and Laptops security

Key findings from the Computer Theft survey

August 6th, 2010

: Image via Wikipedia

The main concern while running a business is keeping your computing devices like desktops, laptops etc. and their data secure. The portability offered by laptops, increases their chance of being stolen as people are constantly leaving them unattended at public places. Many a times these devices are left behind at restaurants, subways, coffee shops, airports etc. Although the insurance company may cover the hardware, the files and data on the machine may eventually be untraceable and forever lost.

Recently BSI carried out their 8^th Annual Computer Theft Survey in the United States. Here are the key findings from that survey:

More than 5.5 Million computers were stolen in the United States in the last 3 years.
More than half (58.7%) of the respondents have been a victim of computer theft in the last year.
According to FBI, 97% of unprotected computers (i.e. computers that do not use any data encryption software or computer security software) are never recovered.
68% of the devices stolen were laptops, followed by desktops (10%) & others like PDA’s, iphone etc. (22%)
67% of computer theft occurred while respondent was mobile (moving about),
91% of respondents did not use data encryption software to encrypt the proprietary data on their stolen device.
Average total replacement cost of each stolen computing device was $43,264.66.
71% of respondents reported downtime due to computer theft ranging from several days to more than a month.
Only 21% of those surveyed used extensive data protection like dedicated data encryption software, but about 70% did not use any safeguard or security protection at all.

These numbers are very similar to the numbers in the surveys done earlier on this issue, clearly indicating that people are not doing anything more to protect their data than they were doing earlier.

If you carefully analyze the survey data, you will notice that only 3% of stolen computing devices are recovered; even then only 9% people are using data encryption software to protect their data.

Encrypt your Data for peace of mind!

We spend huge sums to protect our internal networks, but forget that there are people carrying laptops that are connected to these internal networks. These laptops are equally vulnerable to theft & hacking. This fact has been highlighted in the survey, according to which 67% of computer thefts occurred when the respondent was outdoors.

By using laptop encryption software, we could have greatly enhanced the laptop security as there is no way that the information is compromised if the laptop is lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop.

Secure your data using Alertsec

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution. The AES encryption algorithm and extensive 3rd party certifications offer you security that is used by millions. Try it for free today.