Log in

Posts Tagged ‘Encryption’

The European Union to revamp data-protection rules that will control information flow

January 24th, 2012

Europe has been struggling for stricter data breach laws for a long time. The recent data thefts have pushed the EU to make tough rules as regards data breaches and data security. This certainly is the need of the hour, not only in Europe but all over the world as data breaches are on the rise and hackers are taking advantage of the loopholes in the system.

EU Justice Commissioner Viviane Reding talks about introducing new data protection regulations

The European Union is in the process of proposing new regulations regarding how companies use the personal information of Internet users this week. The new regulations are going to have a major impact on companies like Google and Facebook. This is going to put stricter limits on how they use the information of the people that use their services. According to Viciane Reading, vice president of the European Commission, a branch of the EU, these new regulations are absolutely required to protect personal data of the users and rebuild a sense of confidence in them.

The current state of security laws in Europe:

At present there are conflicting laws from various countries that form the Union. These laws force the companies to collect data on consumers from the Internet. Companies who do not follow any regulations are becoming a victiom of data breach and are always at loggerheads with the governments. For e.g. Facebook, has been in the limelight as it was targeted by both U.S. and European regulators for the wayt they use user data. The company underwent 20 years of independent audits after the U.S. Federal Trade Commission proved that the company’s use of customer information was illegal.

What data privacy means for consumers?

Privacy is a major concern for today’s insurance industry. The more transactions we carry out online, the more we stand to risk of becoming a target of cyber crime. Data Breaches puts information of millions of consumers at risk and that means monetary losses for companies and insurance groups.

What will the new rules exactly do?

The new rules will make it compulsory for financial services firms and credit card processors to report incidents of lost or stolen data within 24 hours of a breach. These rules are set to come into effect today. The companies must, as per new rules, appoint a data protection officer to preside over the protection of personal data stored and processed by individual businesses.

EU Justice Commissioner Viviane Reding’s comment

“I want to explicitly clarify that people shall have the right – and not only the ‘possibility’ – to withdraw their consent to the processing of the personal data they have given out themselves,” says Reding. “If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.” ”Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay,” adds Reding. “As a general rule, without undue delay means for me ‘within 24 hours’.”

Data security with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security. There are no short cuts to Data security in any organization. Alertsec offers ervice that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: AlertSec Xpress Cryptography data breach data security Encryption European Union Facebook Federal Trade Commission Information privacy Internaut laptop Personal computer Personally identifiable information Theft Viviane Reding

Unencrypted laptop stolen from Ruth Crawford QC during Holiday

November 21st, 2011

We have mentioned before about laptop theft cases going unreported. In the following case laptop was stolen in 2009 but the incident came to light only now, after 2 years! To top it all, this laptop belonged to a Scottish lawyer who we expect should have been diligent enough to guard client’s data.

Ruth Crawford QC was on a holiday when her laptop went missing. The laptop contained personal information related to clients who were a part of Ms Crawford’s eight court cases. This data was specifically about the mental and physical health of the clients.

Ms Crawford was lucky that the incident took place in 2009. Had it taken place seven months later, she would have been fined for breaching the data protection Act as that was when the ICO was given new powers to impose fines of up to £500,000.

As of today Ms Crawford has signed an undertaking that says she is going to encrypt all her portable devices and secure them properly. These are the exact words of the undertaking ”The theft occurred while the data controller (Ms Crawford) was on holiday, having left plumbers to fit a new boiler at her home. The data controller provided the plumbers with keys and the code to her alarm. She highlighted the importance of keeping her front door locked and of activating the alarm when leaving the house.

“Upon returning from holiday on September 3 2009, the data controller discovered that the laptop and a purse were missing from her study. She subsequently reported the matter to the police. The commissioner has noted that physical security measures were in place at the time of the incident but that there was insufficient technical security employed on the laptop to protect the data.”

According to Ken Macdonald, Assistant Commissioner for Scotland: “The legal profession holds some of the most sensitive information available. It is therefore vital that adequate security measures are in place to keep information secure.”

“As this incident took place before the 6 April 2010, the ICO is unable to serve a financial penalty in this instance. But this case should act as a warning to other legal professionals that their failure to protect personal information is not just about potentially being served with a penalty of up to £500,000, it could affect their careers too. If confidential information is made public, it could also jeopardise the important work they do in court.

“The ICO would also like to assure the legal profession that any information reported to this office will not be disclosed unless there is specific legal authority for us to do so. Therefore all breaches should be reported to our office as soon as practically possible.”

Alertsec is a data encryption service company. Organisations, be it big or small, must have encryption in place. If you are an individual works independently or is not covered by the organisation can also use self-encrypted drives. Alertsec helps with the installation, the cost of this encryption service is negligible compared with the hassle, cost and embarrassment.

Safeguard your data with Alertsec Encryption Service

No comments »

Posted in Identity and Information loss, identity theft, laptop encryption, laptop theft

Tags: Crawford Cryptography Data Protection Act 1998 Encryption Hardware ICO Ken Macdonald laptop Mental health Notebooks and Laptops Personally identifiable information Ruth Crawford QC Scotland Theft

Video game company Valve notifies its Gamers of data breach

November 15th, 2011

Gabe Newell confirms the data breach

You are an video game addict. You can’t have enough of it. You are entering your private data in there thinking you are in safe hands, thinking your data is secured. Alas! Your private data just got stolen!

We are talking about the latest data breach that occurred at the video game company Valve. Valve’s gaming cloud service Steam was hacked last week causing breach of personal data of game users. This was published on the forums and users have been asked to scrutinize their credit card statements. Gabe Newell, Valve co-founder notified on the forum on Thursday confirming the breach.

How did it happen?

On the night of November 6, the intruders defaced the site’s forums. They accessed the database that contained user names, hashed and salted passwords, game purchases, email addresses, billing addresses, and encrypted credit card information.

Post-breach

Steam forums have been taken offline. The sites were shutdown because of the defacement.

What does Gabe Newell, the co-founder, have to say about it?

Gabe said “the intrusion goes beyond the Steam forums”. According to Mr Newell there was no evidence that the encrypted credit card information or personal data of gamers had been taken. He said, “we are still investigating”.

He further added that only a few forum accounts had been compromised and were defaced. That said, all forum users should change their passwords immediately as soon as the website is back on track.

“I am truly sorry this happened, and I apologize for the inconvenience,” was was Newell said before winding up his speech.

About Steam

Steam is a gaming service that allows gamers to buy, download, play and chat games. Some of these have been made by Valve itself.One can browse through the current 1,500 titles which include Skyrim, LA Noire and Modern Warfare 3 along with other free games.

Security check

Users should change passwords, monitor credit card statements, remove card numbers from Valve’s servers. Never use the same password for more than one site on which you use your credit card.

At the back of your mind you may be thinking that Valve will give you some freebies in order to make up for this breach. Maybe it will. But will it make you play games again knowing your data might get compromised?

Bad time for Internet companies?

It started with Sony PlayStation network which was hacked compromising 77 million accounts. Hackers are now confident thatn they can hack e-commerce sites. They are getting better at it daily and our recent news reports have confirmed this. Internet crime is increasing at a fast pace, companies need to act now and strengthen their security policies.

Alertsec – Need of the hour

Organizations must have essential security guidelines to combat any internet crime. This news item makes it all the more clear why data protection in applications is a must. Alertsec offers Data encryption software and recovery software at a reasonale price. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in computer security software, data breach, data encryption

Tags: computer encryption software Computer security data theft prevention Encryption Gabe Newell Newell Personal computer PlayStation Network Steam User (computing) Valve Valve Corporation

Mitsubishi Nuclear and Warplane data compromised

October 31st, 2011

Hackers don’t just hack small accounts like Hospital data or Software data. They get into big stuff like military and warplane data too!

According to Japanese Defense Ministry hackers have most probably accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems.

The news in detail

Mitsubishi Heavy–Japan’s largest defense contractor is best known in America for manufacturing the surface-to-air Patriot missile.–In August it found out that multiple computers were infected with a Trojan application. Further investigation showed that the information had been sent outside the company’s computer network, clearly indicating an outsider’s involvement.

The computers were located in 11 different places. Some were placed in sensitive areas like the Kobe and Nagasaki shipyards that are into submarines and destroyers constructions. A few others were located at the Nagoya facility that manufactures guided missile systems. The nuclear data that was stolen included anti-quake measures.

Mitsubishi Heavy Industries was reluctant to share this info at first. It kept the Japanese authorities in dark stating that its military information was safe and that all security measures were followed. Initially the company said that the attackers were caught early on but later contradicted their own statement saying that data had been compromised.

Statement issued by the company

“The company recently confirmed unintended transferring of some information on the company’s products and technologies between servers within the company,” said Mitsubishi Heavy in a statement. “Based on the finding, the company investigated the incident further and recognized the possibility of some data leakage from the server in question.”

Other recent military data breaches

Lockheed Martin, which manufactures the F-22 Raptor and F-35 Lightning II fighter aircraft, was a victim of military data theft recently. The Lockheed hack was done by using information stolen earlier from RSA Security. RSA is the branch of EMC that produces the SecurID two-factor authentication token used by thousands of contractors and corporations to secure their networks.

What are the Tokyo Police doing about it?

Mitsubishi Heavy has given a complaint to the Tokyo Metropolitan Police Department with details about damage done to its computer system in late September. The police are looking into computer records to find out the source of the data.

Protect your confidential data with Alertsec

Alertsec Xpress offers a customizable data encryption software solution from Checkpoint, the industry leader in encryption software (former Pointsec). Alertsec has come up with a web based encryption service that helps in deployment and management of PC encryption.

The need of a Data encryption software and recovery software is felt by big and small companies in today’s vulnerable data world. The threat could have simply been reduced to an insurance matter by a mere investment of $13/month. Certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, data breach, data encryption, identity theft

Tags: alertsec AlertSec Xpress checkpoint EMC Encryption Kobe Lockheed Martin Military aircraft Mitsubishi Mitsubishi Heavy Mitsubishi Heavy Industries Nagoya Nuclear power Personal computer security Tokyo Metropolitan Police Department United States

TRICARE in trouble for data breach

October 11th, 2011

TRICARE data breach affects millions

Data breach incidents are on the rise and even though effects of some of them many not be that serious, data loss and identities are at stake.

A data breach involving personal health information of an estimated 4.9 million military clinic and hospital patients made headlines last week. The report was about Tricare Management Activity, the federal government’s health care coverage for active and retired military personnel and their families.

What Tricare had to say?

According to TRICARE the data was stolen from a backup system that contained electronic patient data from 1992 through Sept. 7, 2011 from patients that were treated at San Antonio area military treatment facilities (MTFs) (including the filling of pharmacy prescriptions) and some of them whose laboratory data was processed in these same MTFs although the patients had received treatment somewhere else.

A total of 4.9 million patient’s documents were affected. The stolen data includes Social Security numbers, addresses and phone numbers, and some personal health data. Fortunately no financial data, such as credit card or bank account information was compromised.

The incident is still under investigation and it could take anywhere between 4 to 6 weeks for Tricare to notify those who have been affected by the breach. Tricare further stated that the risk of harm to patients is fairly low. Affected Tricare beneficiaries will receive personalized letters with details about the data breach.

In the past Tricare contractors had received free credit monitoring but in this case TRICARE has not promised anything.

TRICARE releases statement

“Reading the tapes takes special machinery. Moreover, it takes a highly skilled individual to interpret the data on the tapes. Since we do not believe the tapes were taken with malicious intent, we believe the risk to beneficiaries is low.”

How was the data stolen?

The data was stolen from the car of an employee of Science Applications International Corp. It contained backup tapes of electronic health records. According to the police report the car was parked at 300 Convent from 7:53 a.m. to 4:30 p.m. Sept. 13. Along with the backup tapes a stereo system valued at $300 and a GPS device were stolen.

Apparently the employee was planning to transport this data between federal facilities.

According to a SAIC spokesman the data was partially encrypted.

What users had to say?

“The fact that the tapes were encrypted should go to show how important it is to keep the information safe. That is not a way for the Govt employee or contractor transporting to feel safer about leaving them unattended in a vehicle. Had this happened in the military equivalent with secret media, they would be run through. The lack of disciplinary action is somewhat disturbing”.

Data Protection with Alertsec

Alertsec Xpress is the laptop security service that supplies SMBs with the leading data security software for their laptop encryption implementation. The core function in any mobile data protection system is the hard drive encryption – outperforming file encryption and other kinds of data encryption software on speed, security and flexibility.