Enter your zip code here

Reports coming in about a data breach at Puerta Grande restaurant in Winchester

July 11th, 2012
Credit cards Français : Cartes de crédit Itali...

Credit card victims of Puerta Grande Restaurant in Winchester getting help from banks

Did you recently eat at the Puerta Grande restaurant in Winchester? If the answer is yes, well, then you could be in deep soup (pun intended). All those who used their credit card at the diner seem to be having problems as their data has been breached! Fraudulent activity related to these credit cards has been reported.

The Kentucky residents have been asked to urgently look into their bank statements and report any illegeal activity.

Around 50-100 people seem to have been victims of data breach at this diner. The hackers purchased goods with the help of this information. The breach reports started coming in early last week and they all had a common link. All these credit card breaches seem to be coming from people who had recently ate at this Mexican eatery near Wal-Mart at Bypass road.

Some customers thought that this could be an inside job.

Winchester police detective Dennis Briscoe said “It was way too much for an individual person to be at fault here,” These were definitely hackers.

Restaurant employees were in fact very helpful with the investigation and as of now the restaurant is not accepting credit cards till a new secure system is put in place.

The diner owners have two other restaurants in Winchester but fortunately, they were not a victim of data breach. To be on the safer side, their credit card systems are being revamped.

According to the Police, the stolen credit and debit cards were used in North Carolina, Florida and Pennsylvania, and in the Dominican Republic. Reports further stated that one woman had her entire checking account depleted.

“All her money was somehow spent or sent to the Dominican Republic,” said Detective Briscoe.

As to how the data was hacked into is still not known and the case is under investigation. Most banks have refunded money of those who have been affected by the fraud.

This could be one of the major data breach and we will keep you posted as the reports come in. This could be a wake-up call for all restaurants whose credit card security systems have become outdated. Perhaps till then, you would like to pay by cash?

How can Alertsec help prevent such data breaches?

Alertsec cloud based information security service provides an easy and convenient way to protect information on your organization’s computers. No server, training or IT knowledge is required as everything is a part of the subscription plan. Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption has the highest security certifications – FIPS, Common Criteria, and BITS.

With Alertsec Xpress there is no impact on the performance of the encrypted computer. The Full Disk Encryption software is very fast and works on-the-fly by encrypting and decryption your files as you access them. Everything on your disk is encrypted, including the operating system and free space.

Enhanced by Zemanta

The Information Commissioner’s Office (ICO) issues 21 data breach fines amounting to £2 million since April 2010

July 9th, 2012
English: Christopher Graham, the UK Informatio...

Christopher Graham, the UK Information Commissioner, on a fine-slamming spree

Up till now only councils and trusts were falling prey to ICO’s data breach fines but now it is a consumer lender called Welcome Financial Services Limited. In November of last year, WFSL, lost data of half a million customer details on two back-up tapes which till date has not been recovered. ICO has imposed the company a fine of £150,000.

Through this report, the Information Commissioner, Christopher Graham, hopes that this is a wake-up call for the public and private sectors to strengthen their IT security.

“We hope these penalties send a clear message to both the public and private sectors that they cannot afford to fail when it comes to handling people’s data correctly,” he said.

“This year we have seen some truly shocking examples, with sensitive personal information, including health records and court documents, being lost or misplaced, causing considerable distress to those concerned. This is not acceptable and today’s penalty shows just how much information can be lost if organisations don’t keep people’s details secure.”

This annual report further states that there is a 7% rise in the number of freedom of information complaints, with 4,633 complaints received during 2011/12. In spite of low budget and heavy workload, the ICO has managed to solve 66% tof he number of FoI. The number of data protection cases that took more than 6 months to complete has also seen a reduction of 82%.

In addition, the report shows a 60% increase in the number of audits carried out by the ICO Good Practice team. 42 organisations were audited and 90% were of the opinion that the process raised awareness of the importance of data protection in their organisations. The ICO now plans to audit public companies and has planned advisory visits to help small and medium sized organisations.

ICO has been granted new powers

The ICO would be using its new powers to tackle unsolicited marketing calls and text messages – There has been a 43 per cent rise in complaints related to the above.

Mr. Graham said “We have now set up a dedicated team to enforce the Privacy and Electronic Communication Regulations and we are currently working to identify the operators responsible,”.

“The ICO has executed search warrants at a number of sites across the UK linked to companies we believe are breaking the law.

“We have also set up an online reporting mechanism on our website that allows people to report any marketing texts or calls from unidentified senders. We have received over 12,000 reports to date and we are confident that this work will help us identify those responsible.”

Organizations, beware! You could face fines of up to £500,000 if a data breach is reported.

So don’t wait, get Alertsec

By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

Alertsec’s mission is to continuously improve our products and services in order to deliver the easiest and most cost-effective managed encryption service on the market

The only way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

Enhanced by Zemanta

The Federal Trade Commission files complaint against Wyndham Hotels for data breach

June 29th, 2012
Wyndham Hotels & Resorts

Wyndham Hotels & Resorts sued by FTC over data breach

We did wonder, did not we, as to how come hotels were never in the news for data breaches? They store a large amount of customer data and it is vulnerable. Well, the wait is over. Here is a news item which very much talks about a data breach which took place at a hotel chain and now the owner is being used.

Who let the ‘hotel data’ out?

The franchiser of Days Inn hotels and Super 8 motels, Wyndham Worldwide Corp. (WYN), was sued by the U.S. Federal Trade Commission due to security breaches that exposed information of more than 500,000 credit card customers. These data breaches led to fraudulent charges on customers’ accounts and the export of credit card information to an Internet domain address that was registered in Russia.

FTC’s statement

“Wyndham’s privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers’ personal information,” the FTC said in a complaint filed today in federal court in Arizona. The breaches led to more than $10.6 million in “fraud losses,” the FTC said.

Comment by Wyndham spokesperson

“We regret the FTC’s recent decision to pursue litigation, as we have fully cooperated in its investigation and believe its claims are without merit,” Michael Valentino, a Wyndham spokesman, said in an e-mailed statement. Wyndham will fight the agency’s suit and doesn’t expect it to have a material impact on the company, he said.

Previous breaches at Wyndham

The first attack took place in 2008 where Intruders were able to install “memory-scraping malware” in the systems as well as find customer data stored in clearly readable text. A second attack took place in March 2009, when hackers hacked an administrator account in Wyndham’s Phoenix data center. The third attack on Wyndham was reported in late 2009. This time the hackers were able access the systems of multiple hotels.

About Wyndham Hotels

Wyndham is based out of Parsippany, New Jersey and licenses the Wyndham name to about 90 hotels under franchise and management agreements. As per the company report its first-quarter revenue rose about 9 percent to $1.04 billion, while net income fell 56 percent to $32 million due to early extinguishment charges related to debt tender offers. Since then the shares have gone up by 60 percent in the past year.

Alertsec can assist hotels and organizations in protecting data

This piece of post emphasises the importance to protect your identity these days, especially your e-identity i.e. digital identity. Credit cards, ATM cards, debit cards etc are more vulnerable than you know. Comapnies like Alertsec are here to protect your identities.

Alertsec Xpress uses Check Point Full Disk Encryption software. The software encrypts and decrypts data on the fly making it transparent to the user and to applications. One of the issues with traditional disk encryption software is that access time increases. In independent tests, Check Point Full Disk Encryption delivered the best performance results when compared with other major products on the market, with less than 2% degradation in disk performance.

Enhanced by Zemanta

Community Futures Trading Commission suffers data breach causing loss of customer social security numbers

June 26th, 2012
Commodity Futures Trading Commission

Commodity Futures Trading Commission the latest victim of data breach

Social security numbers and personal information of any individual are of utmost importance. If it gets stolen or lost, it is equivalent to losing one’s identity. Hence it needs to be safeguarded and we as consumers expect companies to safeguard our personal data. We fully trust them to handle it carefully. It is their responsibility to store it properly and have security policies in place. But what happens when our faith is shattered and data gets stolen or breached?

Today’s story talks about one such case of data breach where employee social security numbers and personal data got breached!

The CFTC data breach

The Community Futures Trading Commission suffered a data breach in early May compromising consumer social security numbers and personal information.

Although the breach took place in May, the employees were informed about it only now.

The compromised information did not include any trading or market data.

One of the CFTC employees received a “phishing” e-mail on May 21 that contained information to a fraudulent website. A hacker was then able to illegally enter the employee’s account, which had access to personnel information.

Here is what the email said “The e-mail account contained e-mails and attachments with the names, Social Security numbers and possibly other sensitive personally identifiable information of certain individuals,”. The CFTC has about 700 employees and regulates U.S. futures and swaps markets.

Comment by CFTC spokesperson

“The CFTC believes at this time that the data breach is contained to employee information and does not compromise any trading or market data. Law enforcement has been contacted and we will work with them as appropriate “ John Rogers, chief information officer at the CFTC, said in an e-mail statement on June 22.

Additional security for CFTC

The CFTC plans to implement additional security controls for CFTC computer systems and provide training for the staff especially for those who deal with sensitive data. The CFTC arranged for employees to receive identity protection from a credit-monitoring company.

About CFTC

It is as an independent agency with the mandate to regulate commodity futures and option markets in the United States. The agency’s mandate has been renewed and expanded often and recently by the Dodd-Frank Wall Street Reform and Consumer Protection Act.

Currently the agency is writing regulations required under the 2010 Dodd-Frank Act that will govern trading by JPMorgan Chase & Co. (JPM), Goldman Sachs Group Inc. (GS)and other companies in the $648 trillion global swaps market.

Learn more about Alertsec‘s data security systems

Alertsec Xpress is used by a wide range of organizations, from SMBs to large multinational companies with offices around the globe. Alertsec Xpress uses Check Point Full Disk Encryption software. The software encrypts and decrypts data on the fly making it transparent to the user and to applications. One of the issues with traditional disk encryption software is that access time increases. In independent tests, Check Point Full Disk Encryption delivered the best performance results when compared with other major products on the market, with less than 2% degradation in disk performance.

Enhanced by Zemanta

New Data Breach bill forces companies to disclose consumer personal information

June 25th, 2012
Pat Toomey

Sen. Pat Toomey introduces Data Breach Bill

Data breaches are increasing but so are proposals to combat them. The picture is not all that sad on the data security front although everyday we are reading news about data thefts and laptop thefts. It is like in any typical happy ending movie where good people fight the bad people, where the brave won over the evil! Similarly, the more laptop thieves and data hackers we have, the more senators and data security experts there are to stop data from getting breached.

This time Senator Toomey plays the part of the Hero and let us hope he wins at the end.

Sen. Toomey introduces the Data Security and Breach Notification Act (S. 3333). This bill will preempt 46 state data breach laws and replace them with a national standard. Let us hope this bill gets passed.

This bill will set national standards on how companies should inform consumers about data breaches when it relates to personal information.

The bill states:

The act directs corporations, trusts, cooperatives and similar entities that retain personal information to inform the owners of that information of a breach as quickly as possible. The breached entities have to inform the owners of the breached information on the date it was accessed, the information that was stolen and how to contact the breached entity for more information. The notification can be by telephone, email or on paper.

The bill further states that the organization will be required to notify the FBI or the US Secret Service. Law enforcement agencies can request, in writing, that the organization delay notification if doing so might compromise a criminal investigation or have an impact on national security.

More about the bill – People will be notified by telephone, email or on paper. They would have to be told when the breach occurred and what information was compromised. The legislation cites specific examples of such personal data, including Social Security numbers, driver’s license numbers, and bank and credit card account numbers.

The downside of the bill:

There is no specific period for actually sending out these notifications. That is what the consumers are worried about, they feel that companies learn about breaches but do not inform consumers immediately. The states do have notification laws but not sans loopholes.

There are strict data breach laws already in place like in the State of Connecticut. This bill appears weak in comparison. Connecticut–a state that is “in the forefront in protecting the personal information of its residents”–now requires a data breach notification to be made whenever there is a “breach of security.” The state’s data breach notification law defines such a breach as the “unauthorized access to or unauthorized acquisition of electronic files, media, databases, or computerized data containing personal information when access to the personal information has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable.”

Let the Bills do their work, Let Alertsec do its own – that of data encryption

Alertsec’s mission is to continuously improve its products and services in order to deliver the easiest-to-use and most cost-effective managed encryption service on the market.

Enhanced by Zemanta