eBay

Data Breach Round up : Last Month

June 12th, 2014


 

To get overview of recent data breaches, we are summing up the challenges and solutions to prevent information and credibility loss.  All the excerpts are part of communication with Rapid7 global security strategist Trey Ford.

Data Points

It’s crucial, Ford says, to ensure that everyone in your organization is fully aware of the sensitivity of the data they may be handling. “A lot of people are posting data, they’re moving things around – they’re just trying to do their jobs – and for a number of reasons they may not always be aware that, OK, this is a list, this is a database, and some of this data is sensitive,” he says.

While most companies are aware of the importance of protecting clearly sensitive data like Social Security numbers and credit card information, Ford says other data can easily slip through the cracks. “We’re in a culture where it’s been comfortable to give out your phone number, your email address, your mom’s maiden name – and we’ve forgotten that with just a few more data points, you can go through and start creating fraudulent accounts or purporting to be someone else,” he says.

“Attackers are going to be like water – they’re going to follow the path of least resistance,” Ford says. “So it may be that a lot of your core systems are very carefully measured, but you don’t get to wash your hands and shrug off liability when you give sensitive data to external companies.”

Breach Communication

Ford says the recent eBay breach serves as a good example of the importance of responding to a breach correctly. “EBay has historically very heavily invested in great technology, great people. They’ve had a very advanced security program, they’re very aggressive with their measurement strategy, they’re a metrics-driven security organization – and I’m confident that their internal response was actually very swift and well-executed internally,” he says.

Encryption is the answer

Finally, Ford says it’s frustrating to see data breaches resulting from the theft of unencrypted laptops and USB drives continuing to be an issue. “Encryption technology exists, it’s pervasive, every major operating system in production used today has it or has it available, and it’s not even terribly expensive,” he says. “The challenge lies in the fact that it’s hard to manage. There are concerns about, ‘What if the admin leaves, or what if we get locked out of something?’ – and those are valid concerns – but those problems have been solved, they’re addressable, and organizations not using encryption should be the exception, not the rule.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

ProMedica Bay Park Hospital suffers data breach

May 29th, 2014

ProMedica bay Park hospital has decided to notify about 500 affected patients about the data breach. Protected Health Information(PHI) had been copied by the incident when employee inappropriately gained access to the information. Compromised data includes patient names, dates of birth, diagnoses, attending physicians, and medications. According to reports, Social Security numbers and financial data were not accessed.

“ProMedica Bay Park Hospital values patient privacy and deeply regrets that this incident occurred,” the organization said in a statement, reported by northwestohio.com. “The hospital is taking this matter very seriously. ProMedica immediately deactivated the employee’s access to patient information and the individual is no longer employed by ProMedica. ProMedica Bay Park Hospital has completed an internal investigation and is taking precautions to prevent any further health information breaches. This includes additional training for employees to ensure they understand and follow patient information access policies.”

It was revealed that previous employee accessed records of patients when not in directly under the employee’s treatment. The hospital said it will offer all affected patients a one-year membership for identity theft protection services, which includes a security freeze on their credit file, 90-day fraud alert notice, and free annual credit reports and other account statements.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Organisations fear Data Theft from old laptops

September 25th, 2013

It often happens that many companies give or sell their old laptops to the computer firm from which they buy new laptops. The computer firm, such as Dell, then sells them to a firm that refurbishes laptops, which in turn sells them on eBay.

These Companies sometimes do not wipe the data from the laptops and assume that computer firm will wipe the data. But sometimes, the data wiping falls through the cracks.

That is what recently happened to U.K. film maker Glenn Swift, who returned a faulty Acer laptop to Sainsbury, where he initially bought it. Sainsbury told Swift that they needed to return the laptop to the manufacturer to have it fixed.

“But then, six days later, out the blue, I received an email from a gentleman who informed me he had just purchased a second-hand laptop on eBay. It still had my profile on it and he asked for my password to allow him to unlock it. Alarm bells started ringing,” told Swift.

Swift said “It was then I realised just how much information a Windows 8 profile can access. When you first use it you have to set up a profile. If you are an existing user your profile is automatically downloaded to the new computer–apps, settings and passwords, Facebook, Twitter, Yahoo, BlackBerry, Gmail, etc. all your information, accessible in one single place”.

Swift did not give the person the password, but contacted Sainsbury’s, who informed him that they had returned the laptop to the manufacturer for diagnostics. If the manufacturer further sold the laptop, it would first be refurbished and the data wiped, they told him.

There was a different case with Swift, Police had warned him that he was vulnerable to identity theft, so he started changing his passwords.

While Swift’s case involved an individual laptop, similar risks await for organizations that return used laptops to computer firm trusting that the data will be wiped by them.

IT security researcher, Graham Cluley advised “to prevent data from getting into the wrong hands, enterprises should ensure all laptops have hard disk encryption and that a complete erasure of data, including multiple passes across the hard drive, is performed before the used laptop is turned over to a third party”.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta