Log in

Posts Tagged ‘data breach’

Visa drops Global Payments Inc. after data breach

April 9th, 2012

Global Payments Inc. investigates data breach incident

‘Shop till you drop’ say most credit card companies as it is so easy to shop these days with a credit card. It is becoming a paperless world, everything these days is ‘card’ driven. But the following news item makes you wonder if you should go back to the traditional way of paying in cash!

The report in detail

A massive data breach at Global Payments has exposed 1.5 million credit card accounts. Visa, MasterCard and American Express firms process their payments through Global Payments. Thieves managed to access credit card numbers, security codes and expiration data. This breach has led Visa to think twice about Global Payment being its vendor. American Express is investigating the loss towards its customers and Discover Financial Services is in the process of reissuing new cards. Needless to say, the share price has taken a fall; it fell by 3% on Monday and dropped to 9% on Monday.

Few days after the breach, thieves exported the stolen information to Global payments but were not lucky enough to access customer names, addresses and social security numbers.

Emerging details

Global Payment’s spokesperson said “Based on the forensic analysis to date, network monitoring and additional security measures, the company believes that this incident is contained”. The spokesperson further added “We expect to be reinstated once we have been issued a new report of compliance,” noting that the company continues to process transactions for its merchants and customers.

The Statement

Chief Executive Paul Garcia admits that he wasn’t surprised when pulled Global’s name from the list of vendors. There is a strong possibility that Mastercard will follow suit.

“MasterCard is investigating a potential account data and it has alerted payment of card issuers regarding certain MasterCard accounts that are potentially at risk.” The breach is currently going through an ongoing forensic review by an independent data security organization.

Update from Garcia – The breach has been “absolutely contained.”

Measures being taken post-breach

Global Payments is working with regulators, industry third parties and law enforcement officials to minimize the after-effects to those affected by this breach. Compared to other recent credit card breaches, this one appears to be a small one. The Heartland breach was pretty massive wherein 130 million cardholder accounts were exposed. Heartland had to bear about about $147.1 million in costs related to its breach, including about $110 million for settlements with Visa and MasterCard. TJX Cos.breach in 2007 involved 40 million to 90 million card accounts, incurred $256 million in costs.

About Global Payments

Global Payments is contracts with merchants to provide card processing. The company is the seventh-largest merchant acquirer in the U.S. based on the volume of Visa and MasterCard payments it processed in 2011.

Protect your sensitive data with Alertsec’s encryption service

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. There are no short cuts to Data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, computer security software, data breach, data encryption, identity theft

Tags: American Express data breach Global Payment Mastercard Monday Paul Garcia TJX Companies Visa

Gaming Website ‘RockYou’ to pay $250k over Data Breach

March 31st, 2012

Rockyou reaches settlement with FTC over data breach

RockYou, a social gaming website, settled the pending charges of $250,000 towards the U.S Federal Trade Commission (FTC). The data breach that happened in 2009 where ‘RockYou’ exposed personal information of thirty two million users to the hackers rocked the data world. The pending charges included the civil penalty and other concessions. Violation of Children’s Online Privacy Protection Act (COPPA), not engaging in deceptive claims regarding privacy and data security and maintaining a data security program are included in the other concessions charged.

What did RockYou do?

The FTC suspected that RockYou collected information from 179,000 children. According to the federal law, collection, use or exposing the personal information of children below 13 years of age is not allowed. They need to take their parent’s consent. The information collected by RockYou contained date of birth of children. FTC in an agency’s wider campaign took action against Rock You. This campaign was to ensure that companies live up to their promises on data security of their customers. Along with FTC, there was an Indiana man, Alan Claridge who also filed suit against Rock You for the massive data breach in November 2009. However, the case got settled out of the court for $2000 and legal fees which amounted to $290,000.

Rock You proved to be a good example for weak passwords. A study showed that RockYou members had bad password practices like RockYou, 12345,123456 and so on.

A study indicated that passwords like names, slang words dictionary words are very popular. If a hacker tries to guess the first 5000 words from the dictionary, it is very obvious that he would likely have access to many accounts. At this rate, a hacker will gain access to 1000 accounts in less than 17 minutes.

To avoid data theft

RockYou should have had a strong data security policy and they should encourage people to keep strong passwords when they sign in. Companies like gaming sites or social networking sites should educate people on the importance of having strong passwords. There should be a set of password policies. Encryption is necessary for the confidentiality and security of the customers. FTC has a new publication to help the teens in navigating internet safely known as Living Life Online. A regular data security program should be implemented by organisations like RockYou and audited by third party. RockYou will also need to delete the information collected from children under 13 years of age as stated by FTC and will need to pay $250,000 as a penalty towards COPPA violations.

Alertsec Rocks

Organisations and individuals are being trained to handle their data security in a better way. Names like Sarbanes-Oxley, PCI Data Security Standard, HIPAA, and the Data protect Act are all examples of guides for different industries and sectors. Companies are expected to have an information security policy in place to safeguard the information.

With Alertsec, your data can remain safe. It uses encryption software to protect your data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Identity and Information loss, Lawsuits and settlements, computer security software, data breach, data encryption, full disk encryption, identity theft

Tags: Children's Online Privacy Protection Act data breach data security disk encryption Federal Trade Commission FTC information security Personal computer rockyou security

Data Breach and Hacktivism- A major threat faced by today’s organizations

March 28th, 2012

Verizon divulges deep into the Hacktivism world

A very shocking news but real fact came to light today when Verizon reported that hacktivism was responsible for the majority of stolen records in their annual data breach report. However, hacktivism is accounted for only 3 percent of the total 855 recorded attacks among several countries.

Emerging details

Hactivism has increased worldwide since last year. According to Verizon, last year 58 percent data theft was due to hactivism. Hactivists attribute a very small percentage of group of people but they are proving a major threat than criminals. Criminals usually target small thefts that cannot be detected fast and easily. According to the annual data breach report it was found that from a total of 174 million records that comprised of individual database entries and documents compromised in the 855 incidents, hacktivists had a share of 100 million records.

Professional criminals target smaller companies at large as they are yet to invest in security whereas large companies have already done so. Also it was found that hacking incidents were aimed at social and political objectives rather than aiming at financial gain.

The report stated that breaches were also noticed in India, US and 34 more countries and nearly 70 percent of those originated in Eastern Europe.

The statement given by Verizon

The latest trend distinguishes the past several years trend, when majority of the attacks were carried out with the aim of financial gain. It was also observed that seventy-nine percent of breaches that took place were opportunistic and ninety seven percent of them could have certainly been avoided. Data breaches were mainly caused due to external attacks while target being the outsiders. It included organised crime, activist groups, former employees, lone hackers and even organisations sponsored by foreign governments.

How to avoid data theft

In earlier times, data theft was related to website defacement or denial of service. Now the reports state otherwise. The problem always has been the detection of data thefts. Many of them go unnoticed. Some are not detected in the first attempt. Majority of data breach attacks are not recorded.

Verizon has verified its data breaches from various sources like the US Secret Service (USSS), the UK’s Police Central e-Crime Unit (PCeU), the Dutch National High Tech Crime Unit (NHTCU), the Irish Reporting & Information Security Service (IRISSCERT), the Australian Federal Police (AFP), the Irish Reporting & Information Security Service (IRISSCERT).

The EU plans to appoint a Data Breach Directive in the near future which will be active 24 x 7 for the reporting of consumer data as a legal requirement across the 27-nation economic area.

The organisations also need to speed up in protecting the vulnerable security system that cause data breach frequently.

Encryption software offered by Alertsec!

There are no short cuts to data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption, laptop theft

Tags: AlertSec Xpress Australian Federal Police data breach Data theft Encryption Hackers Hacktivism information security United States Secret Service Verizon Verizon Communications

Student data online for 8 months at University of Tampa

March 25th, 2012

University of Tampa faces trouble due to data theft

The report in detail

While conducting an in-class project on advanced search techniques, news of major data breach came into light. This data breach happened at University of Tampa (UT) in Florida. Number of students who had enrolled last fall and who got affected due to this breach are more than 6,800. The data, that was on web for around eight months included date of births and social security numbers of the students. Notably, this breach occurred due to server management error, in which a text file was publicly accessible for around eight months.

More two database files containing UT identification number, name, social security number and photos of 22,722 faculty, staff and students were on the web. The files were on web from July 2011 to March 13, 2012 and were discovered during in-class search exercise. It so happened when two UT students viewed the files on March 13, 2012 and reported to the IT staff. The IT Staff with the help of University representatives has deleted all the files that were made publicly accessible on web.

Statement given by the University

The two databases were not indexed by Google and so there is a possibility that they might not have been viewed by others. However, there was no clarification from the University on why only one file was been indexed by Google.

How did the data theft take place?

The new server was made operational in July 2011 and the text file and two databases were created to solve the problem of UT identification cards. This information was supposed to reside on UT’s internal servers. But unfortunately, the text file got inadvertently indexed by Google. However, the two databases were not indexed by Google or any other search engine.

How to prevent data theft?

News of data exposure on web is common. But protecting data is not impossible. There are a variety of things that IT admin can do to prevent data theft. According to Privacy Rights Clearinghouse, 16 schools in United States suffered from data breaches this year. Even though there has not been any maliciously viewing of the above data breach, it is not the case always. But an individual with malicious intent can use the information as an identity theft and then for credit fraud. The University is taking efforts to minimise the possibility of such data thefts in future. Reviewing of security procedures and policies is being done by the University. The university is planning to appoint a third-party, qualified security assessor (QSA) for reviewing of information on security procedures. It is making continuous and constant efforts to avoid breaches to ensure maximum protection of data, information and networks.

Time to plan your cyber-security with Alertsec

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. There are no short cuts to Data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: data breach Data theft Google Information Technology Privacy Rights Clearinghouse Social Security number Theft University of Tampa

Data breach affects University of Tampa

March 19th, 2012

Students data compromised at the University of Tampa

Every University has a data security policy in place and tries its best to secure confidential information of its students, alumni, staff and faculty. In spite of this, student data is getting compromised and private data getting misused. The recent data breaches at Missouri State University, University of South Carolina and Midland Tech shows that educational and student data is vulnerable and susceptible to compromise.

The University of Tampa breach

Private data of about 30,000 students and staff at the University of Tampa remained open on the Interne for anyone to see. The information was seen in the form of an file indexed by Google and displayed name and long string of numbers — social security number, student ID number and date of birth.

On Mar 13 some students were practicing advanced search techniques and that’s when they bumped on to this data. They immediately informed about this accident to the information technology department. This happened because the file got created as a back-up a new server was installed in July 2011 and in turn the file accidentally got indexed by the search engine.

Post-incident, Google has taken down this file and removed it from the cache.

What is UT doing post-breach?

The University plans to send a letter to students and staff regarding the breach. At the same time the students may contact the IT department to find out if they were on the list of those affected.

According to the University officials there is no evidence of the information being misused till date. Nevertheless, the University has offered to pay for fraud alert services for anyone who requires them.

Data breach history at the University of Tampa

Two other breaches were reported in January 2000 and July 2011 that had affected about 30,000 records related to faculty, students and staff.

As this is the third data breach in the University’s history, it is needless to say students at the downtown university are concerned about their data and authorities are having a hard time convincing students about data security policies.

Statements

According to Cpl. Bruce Crumpler, economic crimes division of the Hillsborough County Sheriff’s Office, “I’m not sure I can find words to express how worried they should be,”. “I think they should be very concerned.”

Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse in San Diego, adds further “This would be categorized as a major and critical breach because of the nature of the information,” he said. “Anytime Social Security numbers are involved, particularly in connection with dates of birth, those are the keys to the kingdom for an identity theft.”

Donna Alexander’s, vice president of information technology, take on the matter

“We took immediate action to take the files down so they would not be accessible any longer,” Alexander said. “We know the exposure is somewhat limited, but we are certainly concerned about any exposure whatsoever.” In this case there was a situation where the protective measures for that particular directory were not as tight as they should have been,” Alexander said.

Encrypt your data with Alertsec’s help and stay safe

Universities and educational institutes are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.