Big Brother Watch’s recent report focuses on data loss across local authorities. BBW has investigated more than 1000cases across 132 local authorities, that include a minimum of 35 councils that have lost information about children and patients.

Following statistics shows how grave a danger we are in for data loss:-

The response to the report by Grant Shapps, minister for local government, was

Big Brother Watch exposes data loss cases

:”I welcome this research by Big Brother Watch. This reinforces the need for steps to protect the privacy of law-abiding local residents.

“Civil liberties are under threat from the abuse of town hall surveillance powers, municipal nosy parkers rummaging through household bins and town hall officials losing sensitive personal data on children in care.

Data loss incidents that could have been avoided – in the Buckinghamshire incident around 2,000 email addresses were sent to the public . In Essex, documents related to children were found in a hire car by a member of staff. In Kent, a USB drive that had school children’s personal data and assessment results got lost due to the negligence of an outreach worker.

The report is a result of Freedom of Information requests made by Big Brother Watch to 434 local authorities between July 2008 and July 2011.

Encryption software prevents data breaches

Traditional antivirus approaches don’t work any more and a new approach to endpoint security is required to better protect your company from malicious threats.

The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.

Gabe Newell confirms the data breach

You are an video game addict. You can’t have enough of it. You are entering your private data in there thinking you are in safe hands, thinking your data is secured. Alas! Your private data just got stolen!

We are talking about the latest data breach that occurred at the video game company Valve. Valve’s gaming cloud service Steam was hacked last week causing breach of personal data of game users. This was published on the forums and users have been asked to scrutinize their credit card statements. Gabe Newell, Valve co-founder notified on the forum on Thursday confirming the breach.

How did it happen?

On the night of November 6, the intruders defaced the site’s forums. They accessed the database that contained user names, hashed and salted passwords, game purchases, email addresses, billing addresses, and encrypted credit card information.

Post-breach

Steam forums have been taken offline. The sites were shutdown because of the defacement.

What does Gabe Newell, the co-founder, have to say about it?

Gabe said “the intrusion goes beyond the Steam forums”. According to Mr Newell there was no evidence that the encrypted credit card information or personal data of gamers had been taken. He said, “we are still investigating”.

“I am truly sorry this happened, and I apologize for the inconvenience,” was was Newell said before winding up his speech.

About Steam

Steam is a gaming service that allows gamers to buy, download, play and chat games. Some of these have been made by Valve itself.One can browse through the current 1,500 titles  which include Skyrim, LA Noire and Modern Warfare 3  along with other free games.

Security check

Users should change passwords, monitor credit card statements, remove card numbers from Valve’s servers. Never use the same password for more than one site on which you use your credit card.

At the back of your mind you may be thinking that Valve will give you some freebies in order to make up for this breach. Maybe it will. But will it make you play games again knowing your data might get compromised?

Bad time for Internet companies?

It started with Sony PlayStation network which was hacked compromising 77 million accounts. Hackers are now confident thatn they can hack e-commerce sites. They are getting better at it daily and our recent news reports have confirmed this. Internet crime is increasing at a fast pace, companies need to act now and strengthen their security policies.

Alertsec – Need of the hour

Organizations must have essential security guidelines to combat any internet crime. This news item makes it all the more clear why data protection in applications is a must. Alertsec offers Data encryption software and recovery software at a reasonale price. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

SEC orders companies to report data breaches

Corporate giants have been handling data breaches traditionally i.e. not revealing the breaches, not offering details. They always preferred keeping mum. It won’t be an exaggeration if we say that tens of billions of dollars worth of data is compromised every year from U.S. companies and very few of it gets reported !

But that is about to change. The Securities and Exchange Commission (SEC) has formally asked corporations to report data breaches and cyber crimes. The new guidelines issued by the SEC state that publicly traded companies must report cybertheft or attack and any risks associated with data.

These guidelines have been a result of Sen. John D. Rockefeller’s initiative. “This guidance changes everything. It will allow the market to evaluate companies in part based on their ability to keep their networks secure.”

“For years, cyber risks and incidents material to investors have gone unreported in spite of existing legal obligations to disclose them,” “Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark.”

The current regulations do not specifically talk about cyberattacks. They only expect companies to report if there is risk to their material wealth. But now companies will be forced to talk about cyberattacks, thanks to these guidelines. The guidelines might, in addition to the above, ask the companies to disclose data breaches that took place in the past.

Cyber security is being beefed up through these regulations as cyber crime is on the rise. The recent major breaches including Sony’s and Citigroup Inc have resulted into this action.

Melissa Hathaway, an ex-White House cyber coordinator said in her statement “It’ll force executives to really understand what’s going on within their corporations,”. “I think it will create the demand curve for cybersecurity.”

Which cyber-incidents will be included in the guidelines?

Cyber incidents that could materially affect products, services, relationships with customers or suppliers, or competitive conditions will be a part of these new regulations.

Here is the exact wording in the guidance:

Registrants should address cybersecurity risks and cyber incidents in their MD&A [management discussion and analysis] if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

State of Massachusetts has seen the maximum number of data breaches in the past twenty months. Personal information of about two million Massachusetts residents i.e. one in every three people who are residents of Massachusetts, has been breached through electronic data breaches.

According to the 2007 state laws all companies doing business in Massachusetts must inform consumers and state regulators about security breaches that might result in identity theft. The list includes leaks of individual names along with sensitive data like Social Security numbers, bank account, credit card and debit card numbers. The law came into being in 2007 as a result of a 45 million hack of credit card numbers from Framingham-based retailer TJX Cos.

Martha Coakley, Attorney General, said that nearly 1,200 data breaches have been reported. Quarter of these were the result of intentional hacking.

The largest breach in the time period was the hacking of information of about 800,000 people that was lost by a vendor hired to destroy it. In addition, information on 210,000 residents entrusted to a state agency was put at risk.

These data breaches contained information from names and addresses to medical histories.

What MA residents had to say?

Daniel Paul, a courier, gets the jitters when he thinks about it. He made online purchases with his credit card but started getting charged for things he didn’t buy: his credit card had been hacked. It was a nightmare to get things back on track.

Here is what he had to say ”Just going through getting everything changed back, changed over, getting charges off your account, your credit– it was awful,” said Paul.  ”I hope I never have to go through it again.”

Mike Paquette, Chief Strategy Officer for Corero Network Security in Hudson, MA said ”In today’s internet world there are so many opportunities where information can be disclosed, as an individual, unfortunately there is very little that you can do,”said.

Consumers do have the option of suing, but it really doesn’t get them anywhere as it is very difficult to prove data theft.

Consumers must carefully keep a track of their online transactions. It is always advisable to deal with well-known companies and do your homework about the company’s info.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

.

Data of former students accessed illegally

First it was the gaming sites, followed by big corporations like NASA, later it was the healthcare industry and now its time for educational institutes to get their data breached !

Hackers hacked big time into Purdue University’s server which contained the personal information, including Social Security numbers and course records, of more than 7,000 former Purdue University students. These students had enrolled into a Math course.

The breach

The breach took place on April 5, 2010. As soon as the Purdue staff learned about it, they took the server offline. The notification came 16 months after the discovery of the breach.

The server contained 6.6 million nine-digit numbers in the hacked files.  It took Purdue six months to analyze those numbers. After analysis Purdue determined that approximately 65,000 of those number combinations could be Social Security numbers.  The numbers were further reanalyzed and the University matched 7,093 of those number combinations to Social Security numbers of former students.

The computer showed older course records from 2000 through the summer session of 2005.

Not only ex- students but a few professors, family members and contractors were potentially affected. A  letter was sent to those affected  stating a toll-free phone number for inquiries at 866-520-0492

Breach investigation

Investigation by Purdue University officials showed that 7,093 Social Security numbers  were accessed by the hacker.

According to Laszlo Lempert, head of the Department of Mathematics ”Through our investigation, we found no evidence that the unauthorized user attempted to find or read any files with personal information in our system, but felt informing people who may have been affected was a necessary precaution,” . “We regret the breach occurred, and we’ve taken extensive measures to prevent this from happening again.”

As per Purdue University policy, Social Security numbers are no longer used except where required by law. A Purdue identification number is issued to all students, alumni, faculty and staff.

Security tips by Purdue

• Place a fraud alert on your credit file, if you haven’t already done so.
• Close accounts that you believe have been tampered with.
• File a complaint with the Federal Trade Commission. For step-by-step instructions and contact information, go to: http://www.ftc.gov/bcp/edu/microsites/idtheft/

AlertSec’s security services

Organisations and educational institutes which contain a large amount of data have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

To protect information on laptops with encryption is of paramount importance if you want to comply to today’s legislation, not to mention the peace of mind for people managing security for a mobile workforce. We have found Alertsec Xpress to be secure, yet easy to use and implement.

Macbook Pro stolen from an ex- FBI

Of all the people, this laptop thief had to rob a an IT security specialist and former FBI and NASA employee!

Interesting story ahead

When Greg Martin, an IT security specialist and former FBI and NASA employee, returned home late night he was shocked to see his house burgled. His laptop, a Macbook Pro, and other valuables were stolen. The thief had used a scaffold pole to open the security bars on his basement window! But Martin did not react the way most of us would. Had we been in his place, we would have panicked, right? Well, this guy is a former FBI and had installed a tracker on his laptop. So he knew that sooner or later the thief is going to get caught.

More about Greg

Greg Martin runs a blog called InfoSecurity 2.0. Is it not ironic to be stealing a laptop from a security guy? — Apparently Martin had installed an open source tracking software called Prey on his computer. According to the product’s website the software “lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen,”.

What happened later?

Martin registered a case of stolen laptop and waited for the thief to surface on the Internet. Two days later he received an email – that meant the thief had logged on to his machine. With the help of the tracking software Martin was able to get a clear picture of the user, as well as details of the IP address and wireless network that he was using and his location. As if Martin needed more, he was able to capture a screenshot of the user when he was logged into his Facebook thus giving away his name and the school that he had been to.

The thief is caught

Martin passed on this valuable piece of information (Facebook screenshot) to the London police who tracked down the thief in no time. Martin lived in an affluent neighbourhood where robbery is a rare phenomenon. The thief was hoping to take advantage of the fact that there were riots in the city and that the Police would be too occupied to look into a laptop theft.

Details about the thief

The thief was an 18-year-old young man by the name of Soheil Khalilfar.  The police raided his apartment and recovered the laptop. It was later returned to Martin.

Martin’s wish

“My hope was I was going to watch him being arrested from my laptop camera — that would have been the perfect ending. But they arrested him when I was on the plane back to London,” Mr Martin said

Tracking software from Alertsec

The above case is a classic example of why security software needs to be a part of any laptop/computer. Your laptop is practically your life. It contains valuable data like financial documents, passwords to important files, business deals etc.

Alertsec Xpress offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution.

Battle between Sony and Insurer Zurich American Insurance Co. over Playstation hacks

After reading this piece of news you might wish you were not a PlayStation Network (PSN) user!

Sony’s mainstay insurance provider, Zurich American Insurance Co., is refusing to accept liability for damages and compensation regarding the recent hacks where 77 million PSN customer accounts were compromised.

The insurance provider has filed legal papers covering a total of 55 pending class-action lawsuits that customers have lodged against Sony.

The firm has brushed off its responsibility of covering data breach monetary damages as well as any other miscellaneous claims made by Sony.

History

Sony’s PlayStation Network and Qriocity networks were compromised in the month of April. According to their statement “An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services,”

On Tue April 26 Sony confirmed that personal data of millions of customers had been compromised.

On Wed April 27 a class-action lawsuit was filed in the U.S. accusing Sony of failing to protect, encrypt and secure the private and sensitive data of its users.

Present

Nevertheless, Sony has gone ahead and filed insurance claims as it feels it is a fair coverage under previously agreed upon terms.

According to Sony the financial loss from the breaches is more than $178 million this year.  The Japan based firm wants the insurer to cover costs related to the 55 class-action lawsuits under a general liability insurance policy written by Zurich.

Customer reactions and cyber risks

Customers are furious about their loss of privacy and waiting for settlements. It is time to redefine cyber security and the legalities there in. Companies are under the impression that general liability insurance covers everything. According to Ty Sagalow, an insurance consultant and founder of Innovation Insurance Group, “There are probably still some risk managers out there that think that their comprehensive general liability policy cover breaches,” says Sagalow, who was one of the main experts in charge of first drafting cyberinsurance policies for Zurich when he worked for the company prior to starting his own consulting shop. “These types of cyberevents are not covered in the typical standard forms of insurance.”

Cyber insurance

Cyber insurance  is the insurance which covers loss occurred over the internet . The phenomenon is a recent one and yet to stabilize. Hence organizations like Sony must take into account adding additional coverage that can hold up to court scrutiny when things go haywire.

How can Alertsec help in cases of data breach?

Alertsec Xpress is the security service that protects data stored on your PC. As laptops are used in place of desktops, chances of data getting hacked are more. Unless your laptop is encrypted, you are running a big risk of your data getting compromised.

Encryption software helps enhance the laptop security. Alertsec uses industry leading Check Point Full Disk Encryption (former Pointsec) software that simplifies data protection.

Data breach at Wake Forest Baptist Medical Center

Medical records are the most vulnerable lot. Umpteen cases of hacking into medical data have been making headlines.

The latest joining the bandwagon is the Wake forest Baptist.

What happened?

Winston-Salem, N.C.-based Wake Forest Baptist Medical Center suffered a data loss of medical records and documents that affected 357 people.

Wake Forest Baptist Medical Center had fired an employee, Linda Bowden Turner, on June 1. It appears she had taken pages from 136 patient medical records and 221 employee documents that included Social Security numbers of past and current employees.

Ms. Turner was charged with larceny by employee. According to her attorney and WFBMC Ms. Turner was a hoarder and did not commit this deed intentionally.

Here is the statement issued by the Medical Center “On the afternoon of May 31, 2011, Wake Forest Baptist Medical Center received a call about documents, belonging or pertaining to the medical center, discovered in the basement of a rental home. Following an immediate response by our Privacy and Compliance Offices and with assistance from the Winston-Salem Police Department, our staff removed boxes from properties and storage units owned by former employee, Linda Turner”.

“None of the documents discovered comprised a complete patient medical record,” the center said. “The employment records date from a time when many hospitals used Social Security numbers as the employee identification number. Wake Forest Baptist discontinued this practice several years ago.”

Investigation showed that there were employment and medical documents mixed in with large volumes of the former employee’s personal documents, newspapers, magazines and trash.

There was no evidence found that said that the information was misused in any way. The documents appeared to be undisturbed in storage areas till the discovery.

Post breach

Wake Forest Baptist mailed Thursday a letter to affected individuals offering a free year of Debix credit-monitoring services, which require registration for use.

Soon after the incident the medical center has started training employees regarding the proper handling of paper documents containing personal or protected health information. Training program also includes training new staff and implementing this program in the annual mandatory compliance training.

The medical center has submitted a report to the appropriate regulatory agencies, including the U.S. Department of Health and Human Services, the North Carolina Attorney General and The Joint Commission. A review of the case has been completed by the North Carolina Department of Health Services Regulation (DHSR). DHSR found no discrepancies.

Implementing security measures with Alertsec

Time and again it has been proven that most laptops are stolen or valuable document taken from the place of work. Alertsec Xpress is the web-based service powered by Check Point Full Disk Encryption – the global leader in encryption for laptops and is used by big and small organizations that have recognized the need to protect their information.

Alertsec Xpress provides:

• Fully managed service for your convenience.
• Very cost effective service.
• Market leading laptop protection service.
• Quick and easy implementation.
• Easy to use protection.
• Transparent solution.
• Global 24/7 helpdesk.
• 100% secure and reliable encryption.
• Powered by Check Point – the market leader

.

The dept. of defense unveils a new cyber security program

The U.S. Defense Department yesterday made a startling revelation. It admitted becoming a victim of a massive cyber-attack and also announced a new strategy to deal with online threats to national security.

The story

Hackers belonging to a foreign government broke into a Pentagon contractor’s computer system and stole 24,000 files in late March. They wanted access to files related to missile tracking systems, unmanned aerial vehicles and the Joint Strike Fighter.

According to William J. Lynn III, deputy defense secretary, the U.S. government knew what country the hackers belonged but refused to comment in the interest of diplomatic discretion. The breach coincided with the Thursday announcement of the Pentagon’s latest cyber-security initiative.

The program has been designed to proactively discourage cyber-criminals. It is the final step in the Obama administration’s push to secure U.S. military and civilian online networks. The plan consist of “five pillars” which outline the Pentagon’s general goals, for example classifying cyberspace as a military “operational domain,” like land, sea, air and space. Military personnel are being trained to deal with cyber-security issues.

“It is a significant concern that over the past decade terabytes of data have been extracted by foreign intruders from corporate networks of defense companies,” Lynn said.

The cyber-security program

The U.S. government wanted to make sure that cases like Sony and Citigroup where the companies informed their users very late about the breach, don’t happen again.

The cyber security program has been jointly created by the Defense Department and department of homeland security. This pilot program is called Defense Industrial Base Cyber-Pilot and is used to share classified information with defense contractors and commercial ISPs.

Under this program the government won’t be monitoring, intercepting or storing any private-sector communications. The goal is to collect the threat intelligence and use it to identify and stop malicious activity within their networks.

In addition, the Pentagon will integrate cyber-scenarios into military exercises and training.  The Defense Department also plans to set up cyber-capabilities in the Reserve and National Guard.

Cyberspace has been listed as the “fifth domain” of warfare, after air, land, sea and space in the 13-page unclassified document that was released with the speech.

Defense department’s reaction

More than 60,000 “new malicious software programs or variations are identified every day, threatening our security, our economy and our citizens,” Defense Secretary Leon Panetta said in a statement.

“Our assessment is that cyber-attacks will be a significant component of any future conflict, whether it involves major nations, rogue states or terrorist groups,” Lynn said

The other side of the coin

“The reality is this is really a document focused on cybersecurity efforts, which are not unimportant, but it’s only one or two slices of the pizza,” said Dr. Dan Kuehl of the National Defense University. “Where’s the DoD’s strategy for the use of cyberspace to influence operations?”

Plan cyber-security with Alertsec

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Meridian Healthcare employee victim of laptop theft

It just takes one quick grab to steal a laptop or mobile. Users make it easy for thieves by putting such stuff out in the open in a restaurant, in an outside pocket of a backpack or leaving windows open at night.

One such incident took place recently in Meridian.

The incident

According to Asbury Park police Detective Capt. Anthony Salerno the theft occurred between 2 and 7 a.m. June 25.

It appears that a 55-year-old woman had left a window open at her home on Locust Drive before going to bed. In the morning she found that the screen had been cut and the window had been opened more. Her house was burgled and items taken were her work laptop computer and seven thumb drives containing financial documents for her employer, Meridian Health.  The heist also included second laptop owned by the woman, two credit cards, a 19-inch television set and a bicycle. The items were around $5,000.

The woman’s laptop contained personal information of Meridian health care’s employees. There is no indication that any of the employee information was accessed. Probably identity theft was not the thief’s intention.

As to how many employees are affected is still not known. The police are also trying to find out whether the Asbury Park woman was authorized to bring the computer equipment home. The woman’s designation or profile in the company is also not known.

Laptop theft part of Cybercrime

Cyber-crime is defined as an intentional crashing of the servers, the stealing of important data, or the release of a virus or other malicious software.

Cyber criminals are getting more creative and big and small companies are in a frenzy to deploy new tools and procedures to deal with these new attacks

Security Measures taken by Meridian Healthcare

Meridian is the parent company of Jersey Shore University Medical Center in Neptune, Riverview Medical Center in Red Bank, Ocean Medical Center in Brick, Southern Ocean Medical Center in Stafford and Bayshore Community Hospital in Holmdel. Its partner companies include home health services and rehabilitation centers.

A national identity theft consulting company, appointed by Meridian Healthcare, is notifying the employees and providing them with comprehensive identity theft protection at Meridian’s expense for three years.

Learning from the incident, Meridian leaders are reforming security policies by offering continued protection of team members’ personal identification information in-house as well as hiring a security consultant to conduct an independent audit of Meridian’s policies and procedures.

Hire Alertsec

This incident stresses the need for data protection applications. The need of a Data encryption software and recovery software is felt by big and small companies in today’s vulnerable data world. The threat could have simply been reduced to an insurance matter by a mere investment of $13/month. Certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.