Log in

Posts Tagged ‘Crime’

SCRA breaches data for the second time exposing children’s details

September 7th, 2011

Sensitive info papers lost from filing cabinet

Data breaches are online as well as physical

Data breaches are not restricted to online or soft copy data loss. They also include theft or loss of physical documents.

Here’s a look at a recent case of physical and digital data theft.

Scottish Children’s Reporter Administration (SCRA) breaches Data Protection Act for the second time

The Scottish Children’s Reporter Administration (SCRA) is in breach of data security related to children’s data twice in the last 6 months. The SCRA is an organization dedicated to protect children in the judicial system. The body investigates the care of Scotland’s most vulnerable children.

Details of the two breaches

In January 2011 the Scottish body sent documents containing a child’s personal data to the wrong email address. The documents carried sensitive information like child abuse related to the legal case which had the contact information of the child’s mother and witnesses.

Later, in September 2010, the body somehow lost 9 case files which contained personal data such as birth dates, names and social report. Apparently the files got lost when the filing cabinet which contained these files was moved and later sold to a second-hand furniture shop.

Mishandling of sensitive information

Ken Macdonald, assistant information commissioner for Scotland, is concerned that data had been breached twice by the same organization.

“On both occasions the personal data which was compromised related to young children and was caused by human errors that could easily have been avoided,” said Macdonald. He further added “I am pleased that the Scottish Children’s Reporter Administration has taken action to make sure that the personal information they handle is kept secure and would urge other organizations, particularly those handling sensitive information relating to young people, to follow suit,”. Fortunately both times the information was not circulated.

Information handling post breach

Neil Hunter, chief executive of the SCRA, is renewing the organization’s data protection policy and training employees about data security.

The ICO (Information Commissioner’s Office) is holding workshops related to raising awareness of data protection obligations among staff.

About ICO

The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

Security guaranteed with Alertsec Xpress

This incident highlights the need of a data security and data encryption software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Alertsec has offices in the US, UK, Sweden and operates in many other countries around the world through partners.

Its mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market

No comments »

Posted in Data Protection, Identity and Information loss, data breach, identity theft

Tags: business Crime data breach Data theft identity theft Information Commissioners Office security Theft

California data breach law revised

September 2nd, 2011

Gov. Jerry Brown signs Senate Bill 24

Breach after breach is forcing lawmakers to make changes in the security policy.

A California lawmaker has come up with a bill that would update the state’s data breach notification law, SB-1386, to help prevent sensitive data.

About Senate Bill 24

Existing law requires any agency, and any person or business

conducting business in California, that owns or licenses

computerized data that includes personal information, as defined,

to disclose in specified ways, any breach of the security of the

system or data, as defined, following discovery or notification of

the security breach, to any California resident whose unencrypted

personal information was, or is reasonably believed to have been,

acquired by an unauthorized person

Existing law requires any agency, and any person or businessconducting business in California, that owns or licensescomputerized data that includes personal information, as defined,to disclose in specified ways, any breach of the security of thesystem or data, as defined, following discovery or notification ofthe security breach, to any California resident whose unencryptedpersonal information was, or is reasonably believed to have been,acquired by an unauthorized person

Bill Update

Senator Simitian had submitted three versions of his security breach notification to former Governor Schwarzenegger in 2008, 2009 and 2010. But they were vetoed all three times.

This time though, he was lucky. The current Governor, Jerry Brown, signed the bill which helps consumers with information to help prevent identity theft.

SB 24 defines key details that must be a part of the notification letter and forces the Attorney General to take cognizance of the breach. In case a social security number or drivers license details get compromised, the notice letter explains how to contact major credit agencies. This is very important as consumers can keep a track of their accounts and get proof of identity theft (if one takes place). The bill further empowers to prevent identity theft, including freezing your credit report.

As per the update the breach notification letters will contain details of the incident i.e. the type of personal information compromised, a description of what happened, and steps to be taken to protect oneself from identity theft. The law also makes it compulsory for organizations to submit a copy of the alert letter to the state attorney general’s office in case the breach has affected 500 or more people

What are the other States doing about ID theft?

Taking a cue from California law, over 40 states have adopted security breach notice laws. Some of them are Alaska, Arkansas, Connecticut, Hawaii, Indiana, Louisiana, Maine, Maryland, Massachusetts, Missouri, New Hampshire, New Jersey, New York, North Carolina, Puerto Rico, South Carolina, Vermont, and Virginia.

Will hackers stop?

Cyber thieves will continue breaking the law but businesses and agencies will take more precautions to protect their data henceforth and if they ever become a victim of data breach, they will know who to turn t0.

It was high time California got the added protection that SB 24 will provide.

Alertsec offers encryption service

Security services like the ones offered by Alertsec are the need of the hour. Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way. Alertsec is part of the Durator Group which has been awarded the highest credit rating available.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Lawsuits and settlements, Uncategorized, data breach, data encryption, identity theft

Tags: California Consultants Crime data breach identity theft Jerry Brown Notification system Personally identifiable information security security policy

Albright College in Reading Data Breach Incident

April 15th, 2011

Image by Don Hankins via Flickr

Albright College is a public, co-ed, liberal arts college affiliated with the United Methodist Church. It was founded in 1856 and is located in Reading, Pennsylvania. Apparently, Albright College is in news for a massive data breach incident. On the discovery of breach the college has sent out alert notice to its current and prospective students, former students about a possible data breach. The alert was sent after it was discovered that several computers have been stolen from the school’s financial aid office in the month of February.

The letter was distributed earlier this week on Wednesday.

It is still not clear as to why the public disclosure of theft was made only on Wednesday although this sensational theft incident happened almost two months ago in February. As far as the College officials are concerned they have stated the reason for delay due to hiring of a risk management firm to sift through the data which was located on the computers. The idea behind hiring a eisk management firm was to provide free credit monitoring with identity theft protection to the affected individuals.

Gregory E. Eichhorn, vice president for enrollment management and dean of admission at Albright, said in the letter, ”The information on the stolen computers includes name, address, date of birth, and Social Security number, may include data supplied by students or parents, and may affect not only the supplying parties but also spouses or joint account holders, among others,”

News Update:

An update posted on news portal www.wmfz.com states that the cops have been able to recover one of the stolen computers which were stolen from the Albright College in Reading. The information was provided by the school security and the state police acted on their information to recover the stolen computer and other misc. items. It is believed that the stolen computer comprised of most of the personal information.

It is believed that as many as 10,000 people could have been affected by the theft incidents which includes current and prospective students, graduates, college faculty, and staff.

Security Beefed up at School

Eichhorn, an officer at school said: ”We have increased evening and weekend patrols by Public Safety,”. “Information Technology Services will be working with departments across campus to reduce the use of confidential information in their processes and better protect necessary information, including the use of enhanced encryption technology. We are also examining policies pertaining to retention and use of documents and information.”

How can you help?

If you are anyone in your network have information which can help with the investigation process, please contact Tom McDaniel, the school’s director of public safety, or Crime Alert Berks County. The contact number of Crime Alert is 877-373-9913. The organization is also offering a cash reward of up to $5,000 for information that could lead to an arrest.

Secure your Data with Alertsec

Worried with the data breach incidents like the one mentioned above and you think that you could also be a potential victim? While you cannot avoid theft incidents what you can certainly do is secure your data to avoid further damage. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with laptop encryption software thereby ensuring no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Is the Value of Confidential Information Different From Copyrighted Material Under the Computer Fraud & Abuse Act? (shawnetuma.com)
Commerce Secretary Locke’s Digital Identity Initiative Rests On Flawed Justification (themoderatevoice.com)

No comments »

Posted in data breach

Tags: Albright College Crime data breach Encryption identity theft Public Safety Social Security number Theft

Cord Blood Registry Data Loss

March 12th, 2011

LTO 2 cartridge without the top shell Note: Th...

Image via Wikipedia

The ever growing data theft problems have now attacked the world’s largest stem cell bank which Cord Blood Registry (website www.cordblood.com). On being affected by data breach, the bank has mailed warning letter to over 300,000 people. Apparently the theft involved loss of storage tapes as well as a laptop from an employee’s car.

We were going through the reports and this incident was first discovered by the author of scamsafe who received a notification letter from the bank since he is a customer. The letter was dated for February 14th 2011.

A PDF copy of the letter can be downloaded from datalossdb.org website. The letter written by Execute Vice President, External Affairs clearly notifies the customers of a potential data theft.

According to the police reports, the theft incident happened before midnight on Dec. 13, 2010 exactly outside a private data center in San Francisco. The data center is called 365 Main Street. But what is really surprising is that the customers received letter from the Bank only in February 14.

The director of corporate communications, Kathy Engle says that the tapes that have been stolen contained personal information of customers that was un-encrypted.

According to Engle, “Notifications went out to approximately 300,000 people,” Engle says. “The vast majority of those people were clients who had signed up prior to 2006, but we did the broadest evaluation of possible missing data, which also included some more recent clients or recent prospect activity.” “The tapes may have contained personal client data of adults (credit card numbers, driver’s license numbers or social security numbers); nothing on children and no health information at all”.

While CBR is not a HIPAA-covered entity neither did the breach covered any health information what is not clear is whether CVV codes/Credit Card numbers were stored on the stolen backup and the breach did not involve any health information.

As one would expect, the Cord Blood Registry bank has strengthened its security:

We have taken extra steps on behalf of our customers in providing the credit monitoring free of charge. CBR has also strengthened and tightened our data security procedures. We hired security experts and implemented a number of improvements to protect our client data. The company continues to monitor these processes but will not share any details of these changes in order to preserve the integrity of the security mechanisms. The data on the tapes was not encrypted. We recognize that the loss of unencrypted data poses a risk, and that’s why we sent out the notices to our customers.

Here’s a video from ABC news which analyzes this breach:

What the customers think?

An IT professional who also happens to be an ex-employee at EMC, the storage company was shell-shocked with the new. He questioned, “What on earth are LTO4 tapes doing in a trunk with all this ’secure’ information? CBR hasn’t described what was actually stolen either. I’m frustrated.”

Another woman, Tania Doughter who is the mother of a 4 year old said, “They came highly recommended, we trusted them”. “We gave them information on our family and on our new baby.” However, now she has serious doubts about her decision as parents across the country are receiving new about the major data breach.

If you are potentially impacted by the data breach incident, you can write an email to Cord Blood at client_inquiries@cordblood.com or telephone (888) 578-4480.

Secure your Data with Alertsec

Worried with the above incident and think you could also be a potential victim? In-order to avoid such incidents, following essential guidelines is very necessary for data security in any organization. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.