Log in

Posts Tagged ‘data security’

ICO issues Midlothian Council record fine of £140,000 for disclosing sensitive personal data

February 4th, 2012

Midlothian Council pays hefty fine for data breach

ICO is leaving no stone un-turned to punish data breach culprits. It is levying fines to those who compromised private data, especially children’s sensitive data.

Recently the council fined the Midlothian Council a record fine of £140,000 for disclosing sensitive child data. And we are not talking here about just one breach. There were 5 breaches between Jan and June 2011.

The case in detail

Breach 1 – This happened when documents related to the status of a foster carer were sent to seven healthcare professionals, who had no reason to see this data.

This particular incident took place in January 2011 and details came to light only in March when the council started to investigate. In spite of the investigation similar incidents took place in May and June.

Breach 2 – Minutes of a child protection conference were sent by mistake to the former address of the mother’s partner, where they were opened and read by an unauthorized individual. The documents contained personal data about the mother, who made a complaint to her social worker about this case.

Assistant Commissioner for Scotland Ken Macdonald said “the serious upset that these breaches would have caused to the children’s families is obvious and it is extremely concerning that this happened five times in as many months.’

“I hope this penalty acts as a reminder to all organizations across Scotland and the rest of the UK to ensure that the personal information they handle is kept secure.”

He further added that information about children’s care, details about their health and wellbeing, is the most sensitive information that is held by local authorities. It goes without saying that this information has to be protected and that strict policies are to be chalked out and followed.

The ICO’s investigation

According to the ICO all five breaches could have been avoided if the council had been strict about protection policies, training and had put checks in place. It has further ordered the council to take action to keep the personal data secure.

Since the incidents the council has recovered all of the information that was sent to the wrong recipients and is updating its security policies.

What the the ICO chiefly wants is that the government should give itstronger powers to audit local councils’ data protection compliance, if necessary without consent.

NHS bodies across the UK want the same kind of powers in light of the recent data protection breaches.

Midlothian Council comments:

Colin Anderson, chief social work officer for Midlothian Council, commented: “As soon as the council discovered the problem, it investigated and found eight letters or documents had been sent to the wrong recipients, for which the council is sincerely sorry.

“The council immediately took steps to retrieve the information, or have it destroyed, and voluntarily reported ourselves to the information commissioner. I must emphasise that there is no evidence that anyone was put at risk.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: AlertSec Xpress BigPond business Check Point data breach data security ICO Information privacy Ken Macdonald Midlothian Council Personally identifiable information Social Security number Telstra Theft

Around 1000 patients of Lexington Clinic lose data because of Laptop theft

January 31st, 2012

Seal of the United States Federal Trade Commis...

The Federal State Commission issues data protection guidelines. Lexington Clinic suffers data breach

We have mentioned this before and are reiterating – Medical data is very very vulnerable. Most data breach and laptop stealing cases are related to Medical data. We have covered so many posts related to medical data breach that they have almost become a routine now! It is as if Medical data simply cannot be secured. Is the data security world listening? It is so very important to protect data, especially patient data.

Breaking news: Today’s post highlights the vulnerability of medical data breach and laptop thefts.

Lexington Clinic Laptop Theft

According to the Lexington clinic the laptop was atolen last month from the neurology department in the Saint Joseph office park on Harrodsburg Road.

The clinic further adds that the laptop contained patients’ names and some medical information. Fortunately it did not contain Social Security, credit card, or bank account numbers. A total of 1,018 patients lost their private data.

Letters are being sent to the affected parties.

The moment Lexington Clinic found out about the theft, it informed the police and all door locks to the neurology department were urgently changed. Lexington Clinic is currently working with the St. Joseph security officials to ascertain the security of offices located in the St. Joseph Office Park.

Note for Lexington Clinic patients – In case you have been or currently are a patient of the Lexington Clinic Neurology Department, and if you have not received a letter about this theft then it is safe to assume that your data was not on the stolen laptop. So far there is no proof that any of the stolen data has been misused.

The Federal Trade Commission is requesting everyone to take steps to protect information:

Beware of signs of identity theft, such as:

• Bank Accounts you didn’t open and debts on your accounts that you are not aware of

• Wrong information on your credit reports, including accounts and personal information, such as your Social Security number, address(es), name or initials and employers.

• In case you do not receive your bills on time, follow-up with your creditors.

• Receiving credit cards that you didn’t apply for.

• Being denied credit or being offered less favorable credit terms. If it is too good, then it is not true

• Receiving calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.

About Lexington Clinic – It is Central Kentucky’s oldest and largest group practice, with more than 200 providers offering primary and specialty care services. Founded in 1920, Lexington Clinic offers more than 30 specialties and operates offices in more than 25 locations throughout Central and Eastern Kentucky.

Source: LexingtonClinic.com

Alertsec secures your Laptops

3 easy steps to encrypt your data with Alertsec

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption, laptop theft

Tags: Central Kentucky data breach data security Federal Trade Commission Information Commissioners Office Information privacy laptop Medicine Personally identifiable information Saint Joseph Social Security number Theft

UK mobile phone operator O2 suffers data breach

January 30th, 2012

Every data breach is a wake-up call for all of us using the Internet. We just assume our data is safe but how about thinking twice before posting private information on the world wide web? There are technical things which we, laymen, do not understand. Our information gets leaked to third parties and we don’t even know about it. Guess what, every time you visit a site, your phone number is getting leaked through your mobile service provider!

The O2 Scandal

Customers of O2, the European mobile network, suffered a data breach as their phone numbers were exposed to web sites visited from their smartphones. Unfortunately the security breach went on for two weeks before it was fixed on Jan 25.

Mobile customers in the United Kingdom started tweeting Wednesday morning about the breach after mobile developer Lewis Peckover found out about a security loophole in devices carried by European mobile network O2. It appeared that after O2 had performed its routine maintenance on its network this month, some users’ mobile phones started sending their owners’ phone numbers to web sites that were visited using mobile browsers through a 3G/WAP connection. Fortunately those who used Wi-Fi were saved from this ordeal.

This post shows that customer privacy is at stake. The breached phone numbers could be used for SMS spam or for hacking purpose. They are a treat for hackers and just waiting to be exploited!

The mobile device security industry is going through a bad phase. Just last April, Apple iPhones (running iOS 3.2 and above) had a flaw wherein the bug logged users’ location data in unencrypted files stored on the phones themselves. Customers were at their wits end when they heard this and there was chaos in the mobile industry. As if that was not enough, just last month, phone-monitoring software maker Carrier IQ admitted that its data-tracking program was already installed on all its phones across the country!.

Comment by O2

O2 issued a statement last Wednesday and explained that the issue has been fixed.

“In between the 10th of January and 1400 Wednesday 25th of January…there has been the potential for disclosure of customers’ mobile phone numbers to further website owners,” O2′s statement read. “It was fixed as of 1400 on Wednesday 25th January 2012.”

The office of the Information Commissioner (The ICO is a public U.K. body that enforces and oversees activity pertaining to the Data Protection Act of 1998) is looking into this matter presently.

“When people visit a website via their mobile phone they would not expect their number to be made available to that website,” the ICO said in a statement issued Wednesday. “We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed.”

Update from O2

According to O2, it regularly gives subscriber’s phone numbers to web-sites that offer age-restricted information and premium-rate billing without the user’s knowledge.

Apparently the company has been providing user phone numbers to web-sites that are browsed by millions of users from their phones using the 3G network. This has been happening since Jan 10. Obviously the site owners are having a ball with this piece of information.

What should a common man do to avoid such a pitfall?

Always read the terms and conditions of any mobile service that you choose to use. Better to be safe than sorry!

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress

O2, the mobile phone service provider, suffers data breach

is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Uncategorized, computer security software, data breach, data encryption

Tags: AlertSec Xpress Business and Economy Carrier IQ Cellular network data breach Data Protection Act 1998 data security disk encryption ICO Information Commissioner Information Commissioners Office Information privacy IPhone Personal computer Ponemon Institute Telecommunications Telephone number Wednesday

The European Union to revamp data-protection rules that will control information flow

January 24th, 2012

Europe has been struggling for stricter data breach laws for a long time. The recent data thefts have pushed the EU to make tough rules as regards data breaches and data security. This certainly is the need of the hour, not only in Europe but all over the world as data breaches are on the rise and hackers are taking advantage of the loopholes in the system.

EU Justice Commissioner Viviane Reding talks about introducing new data protection regulations

The European Union is in the process of proposing new regulations regarding how companies use the personal information of Internet users this week. The new regulations are going to have a major impact on companies like Google and Facebook. This is going to put stricter limits on how they use the information of the people that use their services. According to Viciane Reading, vice president of the European Commission, a branch of the EU, these new regulations are absolutely required to protect personal data of the users and rebuild a sense of confidence in them.

The current state of security laws in Europe:

At present there are conflicting laws from various countries that form the Union. These laws force the companies to collect data on consumers from the Internet. Companies who do not follow any regulations are becoming a victiom of data breach and are always at loggerheads with the governments. For e.g. Facebook, has been in the limelight as it was targeted by both U.S. and European regulators for the wayt they use user data. The company underwent 20 years of independent audits after the U.S. Federal Trade Commission proved that the company’s use of customer information was illegal.

What data privacy means for consumers?

Privacy is a major concern for today’s insurance industry. The more transactions we carry out online, the more we stand to risk of becoming a target of cyber crime. Data Breaches puts information of millions of consumers at risk and that means monetary losses for companies and insurance groups.

What will the new rules exactly do?

The new rules will make it compulsory for financial services firms and credit card processors to report incidents of lost or stolen data within 24 hours of a breach. These rules are set to come into effect today. The companies must, as per new rules, appoint a data protection officer to preside over the protection of personal data stored and processed by individual businesses.

EU Justice Commissioner Viviane Reding’s comment

“I want to explicitly clarify that people shall have the right – and not only the ‘possibility’ – to withdraw their consent to the processing of the personal data they have given out themselves,” says Reding. “If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.” ”Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay,” adds Reding. “As a general rule, without undue delay means for me ‘within 24 hours’.”

Data security with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security. There are no short cuts to Data security in any organization. Alertsec offers ervice that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: AlertSec Xpress Cryptography data breach data security Encryption European Union Facebook Federal Trade Commission Information privacy Internaut laptop Personal computer Personally identifiable information Theft Viviane Reding

Data breach at Kansas Department on Aging

January 21st, 2012

Laptop stolen from vehicle belonging to the Kansas Dept. of Aging

Stealing valuables, especially laptops and pen-drives, are in vogue. Thieves have gotten very smart and have realized the value of laptops and mobile devices. It is very difficult to track such thefts and data thieves are getting away easily.

The above will be more clear after reading the following news story.

A laptop computer, flash drive and paper files were stolen from a locked vehicle that belonged to an employee of the Dept.on Aging, Wichita. The Kansas Department on Aging is informing clients tabout this information breach.

The theft took place on Jan. 12 at the Best Western Airport Inn, 6815 W. Kellogg. The suspects broke a rear window on a state-owned car that contained the laptop and paper files. Apparently the employee had covered the items with a blanket before getting into the hotel for safety sake.

Emerging details

The laptop contained data about department clients in Sedgwick, Harvey and Butler counties. So far the police have not been able to recover any of the items. At the same time there is no proof that the stolen information has been misused.

According to the Department on Aging no banking or driver’s license information was involved. But there is a possibility that the stolen information could have full names, addresses, Social Security and Medicaid information and other personal or protected health information. The stolen data also contained social security numbers of 100 people that were a part of the Senior Care Act program. The Department of Aging is trying to reach these people over phone to inform about the theft.

Comments by Secretary Shawn Sullivan of the Department on Aging: ”To date, the laptop, the flash drive, and the paper files that were stolen, has not been recovered. There’s also no evidence to date that shows the information has been accessed or been misused,”. ”Our staff immediately began notifying and calling the families and the customers that was affected with those 100 files. For the most part, they’ve all been very understanding, very appreciative that we notified them immediately,”

The affected parties have been requested to check all bills and check on credit reports.

“You want to know what’s on your credit report. You want to see and recognize any changes or things that you don’t understand. You can see what changes are happening in your credit report and make sure they’re all accurate and up-to-date,” said Clifton O’Neal, communications director for TransUnion.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.