Log in

Posts Tagged ‘Consultants’

Anonymous is back with a bang! This time they breach Stratfor Inc.

January 9th, 2012

Stratfor Inc hacked and credit card data stolen

Anonymous has always been in the news for data hacking and just when we were wondering what they were up to, they are here! This time they have been successful in breaching data of the security Think-Tank Strategic Forecating Inc, based out of Austin.

The details

The group managed to hack into Stratfor’s web site and get data about the company’s corporate subscribers. This resulted in the website being closed down temporarily. Anonymous was proud to announce that they stole passwords, credit card details, and home addresses of about 4,000 people on Stratfor’s private client list. Their plan was to use the credit card information to make fraudulent donations to charities. The hackers described the data on Pastebin, then provided several links to websites hosting the information. According to them some 50,000 of the e-mail addresses released end in “.mil” or “.gov.”

Strangely enough, some representatives of the Anonymous group denied complete responsibility of the attacks. According to an Anonymous spokesman “it does not attack media sources.” The organization has been known for its hacks on Sony’s PlayStation services, the Church of Scientology, as well as companies, banks, and organizations that supported WikiLeaks.

What business is Stratfor into?

The company offers its clients like the U.S. Air Force, the Miami Police Department, and Apple, high-quality economic, political, and even military analysis to clients, delivered daily via email, video, and the Web.

After the hack

Stratfor is offering a free one-year subscription to an identity protection service to those affected. Stratfor’s CEO, George Friedman confirmed on the company’s Facebook page on Monday that the hack disclosed the names of some corporate subscribers along with personal and credit card data.

Barrett Brown, spokesman for Anonymous said “This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade,”. “Many of those contacts work for major corporations within the intelligence and military contracting sectors, government agencies and other institutions.”

Stratfor’s chief George Friedman’s statement

“While addressing matters related to the breach of Stratfor’s data systems, the company has been made aware of false and misleading communications that have circulated within recent days,” said Friedman. “Specifically, there is a fraudulent email that appears to come from George.Friedman[@]Stratfor.com.”

High profile attacks are making the rounds and security agencies are scrambling to get the security policies of such companies in place. Stratfor’s website is under repair as of today and will take some time before it gets back in shape.

Alertsec equips firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: anonymous Austin Austin Texas Consultants Credit card data Facebook George Friedman Hack Miami Police Department Pastebin security Stratfor United States Air Force Website Wikileaks

California data breach law revised

September 2nd, 2011

Gov. Jerry Brown signs Senate Bill 24

Breach after breach is forcing lawmakers to make changes in the security policy.

A California lawmaker has come up with a bill that would update the state’s data breach notification law, SB-1386, to help prevent sensitive data.

About Senate Bill 24

Existing law requires any agency, and any person or business

conducting business in California, that owns or licenses

computerized data that includes personal information, as defined,

to disclose in specified ways, any breach of the security of the

system or data, as defined, following discovery or notification of

the security breach, to any California resident whose unencrypted

personal information was, or is reasonably believed to have been,

acquired by an unauthorized person

Existing law requires any agency, and any person or businessconducting business in California, that owns or licensescomputerized data that includes personal information, as defined,to disclose in specified ways, any breach of the security of thesystem or data, as defined, following discovery or notification ofthe security breach, to any California resident whose unencryptedpersonal information was, or is reasonably believed to have been,acquired by an unauthorized person

Bill Update

Senator Simitian had submitted three versions of his security breach notification to former Governor Schwarzenegger in 2008, 2009 and 2010. But they were vetoed all three times.

This time though, he was lucky. The current Governor, Jerry Brown, signed the bill which helps consumers with information to help prevent identity theft.

SB 24 defines key details that must be a part of the notification letter and forces the Attorney General to take cognizance of the breach. In case a social security number or drivers license details get compromised, the notice letter explains how to contact major credit agencies. This is very important as consumers can keep a track of their accounts and get proof of identity theft (if one takes place). The bill further empowers to prevent identity theft, including freezing your credit report.

As per the update the breach notification letters will contain details of the incident i.e. the type of personal information compromised, a description of what happened, and steps to be taken to protect oneself from identity theft. The law also makes it compulsory for organizations to submit a copy of the alert letter to the state attorney general’s office in case the breach has affected 500 or more people

What are the other States doing about ID theft?

Taking a cue from California law, over 40 states have adopted security breach notice laws. Some of them are Alaska, Arkansas, Connecticut, Hawaii, Indiana, Louisiana, Maine, Maryland, Massachusetts, Missouri, New Hampshire, New Jersey, New York, North Carolina, Puerto Rico, South Carolina, Vermont, and Virginia.

Will hackers stop?

Cyber thieves will continue breaking the law but businesses and agencies will take more precautions to protect their data henceforth and if they ever become a victim of data breach, they will know who to turn t0.

It was high time California got the added protection that SB 24 will provide.

Alertsec offers encryption service

Security services like the ones offered by Alertsec are the need of the hour. Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way. Alertsec is part of the Durator Group which has been awarded the highest credit rating available.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Lawsuits and settlements, Uncategorized, data breach, data encryption, identity theft

Tags: California Consultants Crime data breach identity theft Jerry Brown Notification system Personally identifiable information security security policy

Data Breach Costs Scale-up to over 7 million

March 11th, 2011

Image via Wikipedia

As per the research conducted by an American agency, the average cost of a breach has risen by 7% and is now $214. The study which was conducted by Symantec-Ponemon also found out that the cost of data breach incidents last year was $US7.2 million.

The annual study was 6th in number and it made an assessment of the total costs incurred by data breach incidents. In total, around 51 US organizations were analyzed. What is also very interesting is that, the costs have increased on an average year by year and this is the 5th year.

Out of all the breaches, the most expensive breach costed $US35.3 million. In contrast, the lowest was $US780,000.

According to Ponemon, “It’s not uncommon that people will say, ‘That’s a pretty expensive proposition and we might be underestimating it,’”.

The breach incidents led to increase in business costs such as loss of customer information and reduction in employee productivity. The other costs that were also responsible were notification provided to people affected by data breaches and other things likes detection/discovery of data breaches.

Francis deSouza, senior vice president of Enterprise Security Group, Symantec said, “Securing information continues to challenge organizations at all levels, but the vast majority of these breaches are preventable,” . “Organizations must not only protect the data itself wherever it is stored or used, but also create a culture of security including training, policies and actions. The results of this study show that companies with information protection best practices in place can greatly lower their potential data breach costs.”

Some of the other findings of the study are:

Per record cost of companies responding early to data breach incidents is more by 54%
Responding early to data breach incidents i.e. within a period of one month can actually cost you more. The per record cost of such organization was $268 per record.
The most expensive incidents are criminal/malicious attacks
Out of all the breach incidents, 31% of the cases were the one’s that involved criminal act. The average cost of these incidents was $318 per record.
Companies are more vigilant about preventing system failures. On the positive side, the failure caused due to malfunctioning of systems has dropped by 8 points and come down by 27%. The clear indication by this trend is that organizations have become more conscious and very particular about preventing and mitigating data breaches. They are adopting new security technologies and also ensuring their data practices are in compliance with security policies and regulations.

Brian Tokuyoshi, senior product marketing manager for Symantec said that deploying encryption before a breach could lead to cost savings. Data breach regulations vary by state but organisations typically were not required to notify individuals when missing data is encrypted. “We’ve seen a lot of encryption projects get taken up after a breach,” he said. “That is usually too late. It’s not going to do anything to help data that’s already been lost.”

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

How not to handle a data breach (infoworld.com)
Study: Negligence cause of most data breaches (news.cnet.com)

No comments »

Posted in Data Protection, data breach

Tags: Consultants data breach IPad Policy Ponemon Institute security Symantec United States

Potential Data Breach at Massachusetts Secretary of State’s office

July 9th, 2010

: CD – ROM

Recently over 1,39,000 letters were issued by the Massachusetts Secretary of State’s office to investment advisers. Do you know the reason why?

Perhaps many of you have guessed it right. Another day, another victim this time the Secretary of State’s office became the latest data breach victim due to an accidental release of confidential information by an employee. Once again this incident raises question marks over the use of Computer Security Software. The result – Full exposure of critical and confidential information of over 1,39,000 investment advisers to a business publication.

The security unit of the office securities unit unknowingly mailed an electronic list of the investment advisors, along with their names, social security numbers, and other information.The personal information was present inside a CD-ROM and was sent to IA Week which is an investment industry publication. On the contrary, IA Week had issued an information request of the office’s Securities Division for a list of registered investment companies. On discovery of the error, the CD-ROM was sent back. It is believed that the data has not been copied by IA Week.

The experts at the Masachussets Security division are still not sure whether this incident qualifies as a data breach as no information loss has been reported and the CD-ROM was returned back.

Some of the security experts hold a similar view which is encouraging for the potential users whose information has been risked.

According to David Berman, director of product marketing for Voltage Security, “The users should treat this as if their personal information is now at risk”. “If gotten into the wrong hands, the exposed data could be used to obtain a fake ID, which can subsequently be used by hackers to infiltrate or open personal accounts using the victim’s personal information”.

Berman added, “In this basic case, any encryption at all would have prevented sensitive data being leaked outside the institution”. “In this case, it’s probably more than an unfortunate mistake. There are security best practices, operation processes and some technology requirements that this particular office doesn’t have.”

Brian McNiff, spokesman for Secretary of State William F. Galvin, said that there was no reason to believe any of the data was misused.

According to Massachusetts law the organizations who’re suspect of data breach incidents are required to notify the individuals affected, the state attorney general, and the director of consumer affairs whenever there is exposure of personal information.

At Alertsec, we would agree with the thoughts of Berman. A use of basic encryption software would have been enough to protect the sensitive data from being leaked outside. Perhaps, this incident will make government institutions in the United States better aware of the dangers of potential data breaches.

Data Security with Alertsec Xpress

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Protect Yourself Against Data Loss. Join Our Free Webinar Thursday (palisadesystems.com)
ID Thefts Go Unreported Despite Notification Laws (informationweek.com)

No comments »

Posted in AlertSec Xpress, Data Protection, computer security software, data breach

Tags: Confidentiality Consultants data breach data security Massachusetts security Social Security number United States

Organizations Need to Comply With Strict Data Regulations

February 16th, 2010

: Image via Wikipedia

If you were thinking that you could get away with unstructured ways of storing data, think again

In a couple of months time, i.e. from April onwards we are going to witness stringent regulations of DPA i.e. Data Protection Act. The new rules would mean strict application towards the compliance of data storage and management:

If you don’t live upto the benchmark of data management/security, the monetary implications would scale up to 5,00,000 Euros in penalty.
In addition, there is also a possibility of 12 months of ban being handed out to those who fail to manage the data properly.

At Alertsec, we have been constantly focusing on data security and we think it is a fantastic move, especially considering the chain of events at ING, Ceridian and many other corporations where there has been tremendous data loss. Infact there was a case involving HSBC, where they were fined $3 million and it contained the personal information of thousands of customers.

According to an executive, ‘When a high profile company or government organization, looses some important data and gets penalised for it, that is when you will see other firms start to take notice.’

The key issue is the negligence shown on part of the organizations towards data security and management methods. While the organizations are aware of these standards, they were a bit careless about these incidents. But now, with penalties being imposed they would want to tread data security with caution.

Cost is a concern for variety of customers, but in the end they need to realize that there are variety of solutions available out there in the market to meet respective needs. In other words it doesn’t necessarily need to be a high end security solution. It has to be something that matches the checklist of meeting security compliance.

As proponents of Computer Security Software, we feel that a customer should always be educated about the correct choice of product. Not only that, if there are any changes in regulations and laws which govern the data storage techniques, the customer should be always made aware about the same.

If you read the Channel Web magazine’s latest article on this subject, you would agree that their suggestions are very well reflected in our approach:

Keep yourself updated with new and old laws that create an impact on customer’s business or their data
Always keep the customers in loop about the new penalties.
Ensure the upgradation of your products to match the security standards
Explore the domain experts and make appropriate recommendations to the customers for meeting security compliance

Primarily, organizations need to adopt a multi-pronged approach to manage their data security. Say for e.g. if you are talking about a USB disk, then you need to ensure that it is encrypted correctly. Having said that, encryption isn’t a complete firewall. While it would ensure protection to some level, there needs to be an extra layer. That extra protection could simply be through the physical protection of your USB disk.

http://www.alertsec.com/index.php?page=ov_data_security