Log in

Posts Tagged ‘Computer security’

Local Authority data loss exposed by Big Brother Watch

November 27th, 2011

It is time to worry and take strict action. We are talking about data loss and their increasing cases.

Big Brother Watch’s recent report focuses on data loss across local authorities. BBW has investigated more than 1000cases across 132 local authorities, that include a minimum of 35 councils that have lost information about children and patients.

Following statistics shows how grave a danger we are in for data loss:-

At least 244 laptops and portable computers were lost, a minimum of 98 memory sticks and more than 93 mobile devices went missing. From the total 1035 cases, only 55 were reported to the Information Commissioner’s Office. Worst still, just 9 incidents resulted in termination of employment. Maximum data loss was by Buckinghamshire (72 incidents), Kent (72 incidents) and Essex (62). Northamptonshire and North Yorkshire were also included in the list of top five data loss cases.

Big Brother Watch is of the opinion that this rise in data loss incidents clearly shows that not enough is being done about data security. Tons and millions of sensitive information is getting exposed and authorities are doing little about it. It is high time data security policies are revamped and priority given to data protection. Data protection laws must be followed and those who breach it ought to be fined.

According to Big Brother Watch: “The growing volume of personal information held by local authorities is a significant threat to personal privacy and civil liberties. This report highlights how, despite data protection law, not enough is being done to ensure sensite information is held securely and protected.”

The response to the report by Grant Shapps, minister for local government, was

Big Brother Watch exposes data loss cases

:”I welcome this research by Big Brother Watch. This reinforces the need for steps to protect the privacy of law-abiding local residents.

“Civil liberties are under threat from the abuse of town hall surveillance powers, municipal nosy parkers rummaging through household bins and town hall officials losing sensitive personal data on children in care.

Data loss incidents that could have been avoided – in the Buckinghamshire incident around 2,000 email addresses were sent to the public . In Essex, documents related to children were found in a hire car by a member of staff. In Kent, a USB drive that had school children’s personal data and assessment results got lost due to the negligence of an outreach worker.

The report is a result of Freedom of Information requests made by Big Brother Watch to 434 local authorities between July 2008 and July 2011.

Encryption software prevents data breaches

Traditional antivirus approaches don’t work any more and a new approach to endpoint security is required to better protect your company from malicious threats.

The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Big Brother Watch breach notification breach notification laws Buckinghamshire Civil liberties Computer security Confidentiality data breach Data loss Grant Shapps Information Commissioners Office Kent Local government Programs Television

Video game company Valve notifies its Gamers of data breach

November 15th, 2011

Gabe Newell confirms the data breach

You are an video game addict. You can’t have enough of it. You are entering your private data in there thinking you are in safe hands, thinking your data is secured. Alas! Your private data just got stolen!

We are talking about the latest data breach that occurred at the video game company Valve. Valve’s gaming cloud service Steam was hacked last week causing breach of personal data of game users. This was published on the forums and users have been asked to scrutinize their credit card statements. Gabe Newell, Valve co-founder notified on the forum on Thursday confirming the breach.

How did it happen?

On the night of November 6, the intruders defaced the site’s forums. They accessed the database that contained user names, hashed and salted passwords, game purchases, email addresses, billing addresses, and encrypted credit card information.

Post-breach

Steam forums have been taken offline. The sites were shutdown because of the defacement.

What does Gabe Newell, the co-founder, have to say about it?

Gabe said “the intrusion goes beyond the Steam forums”. According to Mr Newell there was no evidence that the encrypted credit card information or personal data of gamers had been taken. He said, “we are still investigating”.

He further added that only a few forum accounts had been compromised and were defaced. That said, all forum users should change their passwords immediately as soon as the website is back on track.

“I am truly sorry this happened, and I apologize for the inconvenience,” was was Newell said before winding up his speech.

About Steam

Steam is a gaming service that allows gamers to buy, download, play and chat games. Some of these have been made by Valve itself.One can browse through the current 1,500 titles which include Skyrim, LA Noire and Modern Warfare 3 along with other free games.

Security check

Users should change passwords, monitor credit card statements, remove card numbers from Valve’s servers. Never use the same password for more than one site on which you use your credit card.

At the back of your mind you may be thinking that Valve will give you some freebies in order to make up for this breach. Maybe it will. But will it make you play games again knowing your data might get compromised?

Bad time for Internet companies?

It started with Sony PlayStation network which was hacked compromising 77 million accounts. Hackers are now confident thatn they can hack e-commerce sites. They are getting better at it daily and our recent news reports have confirmed this. Internet crime is increasing at a fast pace, companies need to act now and strengthen their security policies.

Alertsec – Need of the hour

Organizations must have essential security guidelines to combat any internet crime. This news item makes it all the more clear why data protection in applications is a must. Alertsec offers Data encryption software and recovery software at a reasonale price. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in computer security software, data breach, data encryption

Tags: computer encryption software Computer security data theft prevention Encryption Gabe Newell Newell Personal computer PlayStation Network Steam User (computing) Valve Valve Corporation

SEC wants companies to disclose their data breaches

October 15th, 2011

SEC orders companies to report data breaches

Corporate giants have been handling data breaches traditionally i.e. not revealing the breaches, not offering details. They always preferred keeping mum. It won’t be an exaggeration if we say that tens of billions of dollars worth of data is compromised every year from U.S. companies and very few of it gets reported !

But that is about to change. The Securities and Exchange Commission (SEC) has formally asked corporations to report data breaches and cyber crimes. The new guidelines issued by the SEC state that publicly traded companies must report cybertheft or attack and any risks associated with data.

These guidelines have been a result of Sen. John D. Rockefeller’s initiative. “This guidance changes everything. It will allow the market to evaluate companies in part based on their ability to keep their networks secure.”

“For years, cyber risks and incidents material to investors have gone unreported in spite of existing legal obligations to disclose them,” “Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark.”

The current regulations do not specifically talk about cyberattacks. They only expect companies to report if there is risk to their material wealth. But now companies will be forced to talk about cyberattacks, thanks to these guidelines. The guidelines might, in addition to the above, ask the companies to disclose data breaches that took place in the past.

Cyber security is being beefed up through these regulations as cyber crime is on the rise. The recent major breaches including Sony’s and Citigroup Inc have resulted into this action.

Melissa Hathaway, an ex-White House cyber coordinator said in her statement “It’ll force executives to really understand what’s going on within their corporations,”. “I think it will create the demand curve for cybersecurity.”

Which cyber-incidents will be included in the guidelines?

Cyber incidents that could materially affect products, services, relationships with customers or suppliers, or competitive conditions will be a part of these new regulations.

Here is the exact wording in the guidance:

Registrants should address cybersecurity risks and cyber incidents in their MD&A [management discussion and analysis] if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, Security Flaw, computer security software, data breach, data encryption

Tags: business Citigroup Computer crime Computer security data breach International Monetary Fund John D. Rockefeller Melissa Hathaway Public company SEC Securities and Exchange Commission Sony U.S. Securities and Exchange Commission US Securities and Exchange Commission

Data of one out of every three people in the state of MA has been compromised in the past 20 months

September 25th, 2011

State of Massachusetts has seen the maximum number of data breaches in the past twenty months. Personal information of about two million Massachusetts residents i.e. one in every three people who are residents of Massachusetts, has been breached through electronic data breaches.

According to the 2007 state laws all companies doing business in Massachusetts must inform consumers and state regulators about security breaches that might result in identity theft. The list includes leaks of individual names along with sensitive data like Social Security numbers, bank account, credit card and debit card numbers. The law came into being in 2007 as a result of a 45 million hack of credit card numbers from Framingham-based retailer TJX Cos.

Martha Coakley, Attorney General, said that nearly 1,200 data breaches have been reported. Quarter of these were the result of intentional hacking.

The largest breach in the time period was the hacking of information of about 800,000 people that was lost by a vendor hired to destroy it. In addition, information on 210,000 residents entrusted to a state agency was put at risk.

These data breaches contained information from names and addresses to medical histories.

What MA residents had to say?

Daniel Paul, a courier, gets the jitters when he thinks about it. He made online purchases with his credit card but started getting charged for things he didn’t buy: his credit card had been hacked. It was a nightmare to get things back on track.

Here is what he had to say ”Just going through getting everything changed back, changed over, getting charges off your account, your credit– it was awful,” said Paul. ”I hope I never have to go through it again.”

Mike Paquette, Chief Strategy Officer for Corero Network Security in Hudson, MA said ”In today’s internet world there are so many opportunities where information can be disclosed, as an individual, unfortunately there is very little that you can do,”said.

Consumers do have the option of suing, but it really doesn’t get them anywhere as it is very difficult to prove data theft.

Consumers must carefully keep a track of their online transactions. It is always advisable to deal with well-known companies and do your homework about the company’s info.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

.

No comments »

Posted in Data Protection, Encryption, Uncategorized, computer security software, data breach, data encryption

Tags: Attorney general Computer security data breach Desktop computer Enter your zip code here identity theft iTunes Martha Coakley Massachusetts Massachusetts Attorney General Personal computer Personally identifiable information security Social Security number United States

Unauthorized person breaks into Purdue University’s computer system

August 23rd, 2011

Data of former students accessed illegally

First it was the gaming sites, followed by big corporations like NASA, later it was the healthcare industry and now its time for educational institutes to get their data breached !

Hackers hacked big time into Purdue University’s server which contained the personal information, including Social Security numbers and course records, of more than 7,000 former Purdue University students. These students had enrolled into a Math course.

The breach

The breach took place on April 5, 2010. As soon as the Purdue staff learned about it, they took the server offline. The notification came 16 months after the discovery of the breach.

The server contained 6.6 million nine-digit numbers in the hacked files. It took Purdue six months to analyze those numbers. After analysis Purdue determined that approximately 65,000 of those number combinations could be Social Security numbers. The numbers were further reanalyzed and the University matched 7,093 of those number combinations to Social Security numbers of former students.

The computer showed older course records from 2000 through the summer session of 2005.

Not only ex- students but a few professors, family members and contractors were potentially affected. A letter was sent to those affected stating a toll-free phone number for inquiries at 866-520-0492

Breach investigation

Investigation by Purdue University officials showed that 7,093 Social Security numbers were accessed by the hacker.

According to Laszlo Lempert, head of the Department of Mathematics ”Through our investigation, we found no evidence that the unauthorized user attempted to find or read any files with personal information in our system, but felt informing people who may have been affected was a necessary precaution,” . “We regret the breach occurred, and we’ve taken extensive measures to prevent this from happening again.”

As per Purdue University policy, Social Security numbers are no longer used except where required by law. A Purdue identification number is issued to all students, alumni, faculty and staff.

Security tips by Purdue

Place a fraud alert on your credit file, if you haven’t already done so.
Close accounts that you believe have been tampered with.
File a complaint with the Federal Trade Commission. For step-by-step instructions and contact information, go to: http://www.ftc.gov/bcp/edu/microsites/idtheft/

AlertSec’s security services

Organisations and educational institutes which contain a large amount of data have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

To protect information on laptops with encryption is of paramount importance if you want to comply to today’s legislation, not to mention the peace of mind for people managing security for a mobile workforce. We have found Alertsec Xpress to be secure, yet easy to use and implement.