Log in

Posts Tagged ‘Check Point’

ICO issues Midlothian Council record fine of £140,000 for disclosing sensitive personal data

February 4th, 2012

Midlothian Council pays hefty fine for data breach

ICO is leaving no stone un-turned to punish data breach culprits. It is levying fines to those who compromised private data, especially children’s sensitive data.

Recently the council fined the Midlothian Council a record fine of £140,000 for disclosing sensitive child data. And we are not talking here about just one breach. There were 5 breaches between Jan and June 2011.

The case in detail

Breach 1 – This happened when documents related to the status of a foster carer were sent to seven healthcare professionals, who had no reason to see this data.

This particular incident took place in January 2011 and details came to light only in March when the council started to investigate. In spite of the investigation similar incidents took place in May and June.

Breach 2 – Minutes of a child protection conference were sent by mistake to the former address of the mother’s partner, where they were opened and read by an unauthorized individual. The documents contained personal data about the mother, who made a complaint to her social worker about this case.

Assistant Commissioner for Scotland Ken Macdonald said “the serious upset that these breaches would have caused to the children’s families is obvious and it is extremely concerning that this happened five times in as many months.’

“I hope this penalty acts as a reminder to all organizations across Scotland and the rest of the UK to ensure that the personal information they handle is kept secure.”

He further added that information about children’s care, details about their health and wellbeing, is the most sensitive information that is held by local authorities. It goes without saying that this information has to be protected and that strict policies are to be chalked out and followed.

The ICO’s investigation

According to the ICO all five breaches could have been avoided if the council had been strict about protection policies, training and had put checks in place. It has further ordered the council to take action to keep the personal data secure.

Since the incidents the council has recovered all of the information that was sent to the wrong recipients and is updating its security policies.

What the the ICO chiefly wants is that the government should give itstronger powers to audit local councils’ data protection compliance, if necessary without consent.

NHS bodies across the UK want the same kind of powers in light of the recent data protection breaches.

Midlothian Council comments:

Colin Anderson, chief social work officer for Midlothian Council, commented: “As soon as the council discovered the problem, it investigated and found eight letters or documents had been sent to the wrong recipients, for which the council is sincerely sorry.

“The council immediately took steps to retrieve the information, or have it destroyed, and voluntarily reported ourselves to the information commissioner. I must emphasise that there is no evidence that anyone was put at risk.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: AlertSec Xpress BigPond business Check Point data breach data security ICO Information privacy Ken Macdonald Midlothian Council Personally identifiable information Social Security number Telstra Theft

Stratfor site relaunched – Story continues

January 15th, 2012

Stratfor relaunches site post hack attack

Stratfor is officially back but its servers are heavily burdened due to its offer of free access. Stratfor CEO criticized the attackers for targeting the company, an email said. Stratfor aka Strategic Forecasting is back online after it was hacked into last month.

The new site

Stratfor relaunched the new site on Jan. 11 exactly 18 days after the hacking group Anonymous hacked into its servers on Dec. 24. The hackers hacked Stratfor’s servers and took away data related to its subscribers and also defaced the site. The information that was dumped online included 75,000 credit card numbers and 860,000 usernames and passwords. Almost 50,000 of the addresses had a .mil or .gov domain. According to a Stratfor spokesperson there was going to be a delay with the site re-launch. The company planned to bring in a team of consultants and experts to tackle the security issues. The company further decided to move all credit card management activities to a third-party company so that customer data remained secure.

According to George Friedman, CEO of Stratfor “This was our failure,”. “I take responsibility. I deeply regret that this occurred and created hardship for our customers and friends.” “I felt bound to protect our customers, who quickly had to be informed about the compromise of their privacy. I also felt bound to protect the investigation,” Friedman said. The FBI had informed credit card companies of the breach and had provided a list of compromised cards, so “our customers were therefore protected,” he said, adding, “We were not compelled to undermine the investigation.” “This attack was clearly designed to silence us by destroying our records and the website,”.

What went wrong?

Apparently Stratfor had failed to encrypt credit card data and had stored the information in cleartext. After the passwords were analyzed, it was seen that security practices were not followed.There was no check on passwords when they were created by users.

Friedman further added “We were no longer an organization that analyzed the world for the interested public, but rather a group of incompetents, and conversely, the hub of a global conspiracy,”. According to him the media had publicized “incompetents” part while the hacking community focused on the “global conspiracy” part.

Relaunch offer

The site was made free to all visitors for a limited time. But that did not last long as due to heavy traffic on the site, it had to be closed down. ”Due to the high volume of interest in our new website, we are currently encountering a service interruption. We are working with outside experts to increase our capacity to handle the increased traffic to the new website,” according to a message posted at Stratfor.com.

Protect yourself with Alertsec

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Identity and Information loss, computer security software, data breach, data encryption

Tags: anonymous Austin Texas Bank card number Check Point Company Credit card Dec. 24 FBI Federal Bureau of Investigation Friedman George Friedman Hackers Personal computer Stratfor YouTube

2011 a bad year for Medical data breaches – Millions of patient data compromised

December 21st, 2011

Beth Givens at Privacy Revolution session

PRC Director Beth Givens gives an insight into Medical data breaches

The San Diego-based Privacy Rights Clearinghouse has come up with a list of 2011’s six most significant data breaches.

An overview

2011 has been a bad year for Medical data breaches. According to the PRC there were a total of 535 breaches that involved 30.4 million sensitive records. When we talk about sensitive information we mean Social Security numbers, drivers license numbers, financial account information and medical data.

Top breaches

The worst hit was Health Net as nine of its data servers went missing from a Northern California data center in January. The servers had records of almost two million current and former policy holders.

Sutter Health experienced data breach when its company-issued computer was stolen from Sutter’s Medication Foundation offices. Health Data of more than 4 million patients was compromised.

Tricare Management Activity and Science Applications International Corporation – Backup tapes containing data ofto 4.9 million patients were stolen from an employee’s car.

What do regulators have to say?

Regulators feel industry and legislative mandates to protect sensitive information need a revamp. National data privacy laws are gaining importance on both the national and local levels. Regulators are looking at industries where personal information is of utmost importance. Institutes such as HIPAA in healthcare and the Gramm-Leach-Bliley Act (GLBA) in financial services. It is not only the lawmakers who are imposing mandates for data security. There are a few indutries like Payment Card Industry Data Security Standard (PCI DSS) that have come up with security regulations when it comes to storing credit card information.

The other important aspect eyed by IT professionals is cloud computing. A recent EMA survey shows that organisations that had adopted or planning to adopt cloud computing were making sure that the use of data security and privacy controls was an important aspect of Service Level Agreements (SLAs) with Cloud providers.

According to Paul Hogan, CEO of T3 “This recent legislation proposal shows the absolute crisis that the US and the world’s largest corporations and government are facing regarding data breaches and the subsequent leakage of extremely sensitive consumer and government information. Cyber attacks have been around for a long time, however due to their sensitive nature, large corporations have tried their best to keep them from being reported to the media, which would no longer be possible if this legislation passes which we believe is simply a matter of time.”

Here is Beth Givens, PRC director’s statement “This is a conservative number,” said Givens. “We generally learn about breaches that garner media attention. Unfortunately, many do not. And, because many states do not require companies to report data breaches to a central clearinghouse, data breaches occur that we never hear about. Our chronology is only a sampling.”

Hospitals can secure themselves with Alertsec

Organisations and hospitals, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Lawsuits and settlements, Security Flaw, computer security software, data breach, data encryption, identity theft, laptop encryption

Tags: AlertSec Xpress Check Point data breach Health Net January Northern California Payment Card Industry Data Security Standard Privacy Rights Clearinghouse San Diego Social Security number Sutter Health

Data breach at ICBC, employee accessed data of crime targets

December 18th, 2011

Data breach at ICBC

Data breach incidents are getting bizarre day by day and one never knows what comes up next. These incidents are not limited to accessing information of people alone but harming these individual’s lives as well.

The following incident details account of victims of data breach whose homes and cars were set on fire or their vehicles were shot at!

The series of fires started in September in Vancouver and continued throughout the province. When the RCMP started investigating these incidents, they realized that people who were associated with the Justice Institute of British Columbia were the targets of this crime.

Police work laid to arresting the perpetrator last week who apparently is an ICBC employee. This alleged employee accessed personal data of 65 individuals out of which 13 became a victim of arson and shooting. The victims were employees and past students.

According to the Chief Supt. Janice Armstrong of the Lower Mainland District Regional Police Service ”We can now state the investigation revealed a link to an ICBC employee, who allegedly accessed personal information of 65 individuals, including the 13 identified victims,” . “That employee, along with other individuals, is under continued police investigation.” She also added further “Additionally, police continue to pursue significant investigative avenues to determine if others could be at risk,”. “We recognize this is very disturbing for the victims and the individuals we warned.”

ICBC president CEO Jon Schubert’s statement: “We are appalled that one of our employees inappropriately accessed the information of so many customers without any apparent business reason to do so. Our main concern is for the customers who have suffered as a result of this privacy breach.”

The employee in question has been fired with no severance. The data breach victims are being informed about the breach and measures are being taken at the ICBC to prevent from such incidents happening in the future. ICBC CEO Jon Schubert said “We have conducted a thorough internal and an independent external review of our systems as a result of the privacy breach and have taken steps to better guard against this type of incident from happening again,”.

RCMP Sgt. Peter Thiessen is looking at another angle which might explain these crimes “Whether there’s organized crime links or whether it’s a disgruntled employee or someone who had a negative interaction at the Justice Institute, none of those have been eliminated at this particular time”.

Fortunately no one has been physically injured in these incidents.

More about Justice Institute of British Columbia

JIBC is a public post-secondary institution based out of New Westminster. It is into training people into a variety of disciplines related to justice. Professionals such as police officers, paramedics, social workers and correctional staff are trained at this Institution.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Check Point data breach Employment Justice Institute of British Columbia Lower Mainland New Westminster Personally identifiable information Police RCMP Royal Canadian Mounted Police Vancouver

ICO wants to maintain location privacy so that data is not misused

December 13th, 2011

Most of our posts have been concentrating on data breach and laptop theft. This one talks in particular about strengthening data security laws which is the need of the hour, especially for private firms.

The recently held conference called ‘A fine balance 2011: location and cyber privacy in the digital age’ focused on maintaining data privacy just when smart phones, credit cards and other devices are tracking user locations.

Here is what Jonathan Bamford, the head of strategic liaison from the Information Commissioner’s Office (ICO), had to say”"We need to inspire public trust into the way information is issued. What do we do as a regulatory option?” “There is no doubt that human activities have a geographic component and some may be more sensitive than others. Your phone is with you all the time so anything that relates to a smartphone can be very powerful in terms of how I live my life.”

It si very important to manage location data carefully, especially those who develop operating systems and applications. Bamford further adds”"People who develop applications have a series of obligations as do those who create the operating systems. Everybody has a role to play.” “If location data is obtained how long do you retain it for? You can build up a picture of how I live my life if you retain it too long.”

Bamford also explained ICO’s role in data security, especially in terms of audit inspections of govt organizations. Currently the general public is under the impression that the information that they fill up on any website is completely secure. They need to carry this impression for long hence data security is of utmost importance. The people also need to know exactly what is being done about their data and where it is sent. This is where location based services come in. All advertisers want your zip code. A zip code allows a advertiser/provider to get more insight into your life. Companies are getting closer to you with technologies like iPhone.

It is time that the ICO keeps a tab over private sector as well. These private companies are using location based services and getting private data of customers. There is a very high chance of this data getting misused. Currently the ICO can only monitor govt bodies. Companies like Facebook, Google and Groupon are a potential threat to privacy. To add oil to the fire, the development of IPv6 networks could be even more threatening as it will be able to access more private data.

According to Richard Hollis, US group of Info systems audit and control association “As we match the physical world to the virtual world, by placing items such as fridges or even your car keys on the internet, firms could have even more access to your data, your location and your life”.

Use Alertsec

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Use Alertsec
Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption