Federal Bureau of Investigation

Hacked server of St. Joseph leads to data breach affecting 405,000

February 26th, 2014

St. Joseph Health System (SJHS) in Texas reported a data breach due to hacking of server. It has affected more than 405,000 patients, employees, and employee beneficiaries. Hackers from china and other locations accessed information through single server. The server has employee and patient data from St. Joseph Regional Health Center in Bryan, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center as per the health system. The server was taken offline as soon as breach was discovered.
Information about patient names, birth dates, Social Security numbers, possibly addresses, Medical information as well as bank information for current and former employees were present on the server. Investigators failed to determine if any information had been extracted.
“SJHS is working with the United States Federal Bureau of Investigation, which is also looking into this incident. SJHS is providing written notice of this incident to affected individuals, to the U.S. Department of Health and Human Services, as well as to certain state and international regulators.”SHJS mentioned in a release on its website.
St. Joseph stated that there has been no report about misuse of information. It has setup a confidential call center for affected people. Statement on their website further added, ‘To further protect individuals from identity theft or financial loss, we encourage patients, employees, and their families to remain vigilant, to review their account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity.

Individuals can also check their credit by obtaining a free credit report.  Under U.S. law, individuals are entitled to one free credit report every year from each of the three major credit bureaus.
SJHS have five hospitals, two long term care centers, more than a dozen physician clinic locations and a charitable foundation. It has a designated Accountable Care Organization.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data Theft at JPMorgan

December 10th, 2013

A warning has been sent across 465,000 holders of JPMorgan prepaid cash cards issued by the bank that their personal information may have been accessed by hackers who attacked its network.

The cards were issued for corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.

JPMorgan reported the law enforcement as soon as it detected that its web servers used by its site www.ucard.chase.com had been breached.

Bank spokesman Michael Fusco said that since the breach was discovered the bank has been investigating to find out exactly which accounts were involved and what pieces of information could have been taken. He declined to discuss how the attackers breached the bank’s network.

Fusco said the bank is notifying the cardholders about the breach because it cannot rule out the possibility that their personal information was among the data removed from its servers. The cardholders account for about 2 percent of Fusco’s roughly 25 million UCard users.

The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the data breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity.

The bank believes “a small amount” of data was taken, but not critical personal information such as social security numbers, birth dates and email addresses.

Cyber criminals covet such data because it can be used to open bank accounts, obtain credit cards and engage in identity theft. Many states require banks to notify customers if they believe there is any chance that such information may have been taken in a breach.

The bank is also offering the cardholders a year of free credit-monitoring services.

The warning only affects the bank’s UCard users, not holders of debit cards, credit cards or prepaid Liquid cards.

Fusco said the bank has not found that any funds were stolen as a result of the breach and that it has no evidence that other crimes have been committed. As a result, it is not issuing replacement cards.

The bank said it does not know who was behind the attack, though the Secret Service and FBI are investigating the matter.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

University of Delaware’s system hacked

July 29th, 2013

University of Delaware is a major research institution, and one of the oldest universities in the US. UD has become the victim of recent data breach incidents, as personal information of more than 72,000 past and present employees was compromised from the university’s system.

Email had been sent by the university to ensure that those affected are properly informed. To pin down the scale of the breach and to identify any other risk, investigators have been called in.

A system was set up for the employees to check if they were affected or not, all the affected employees were offered credit monitoring services to keep an eye out for potential identity theft.

The risk of identity theft is high as the data stolen included names, addresses, university IDD numbers and Social Security Numbers.

The FBI and forensic teams are probing further, but so far few specifics have emerged, beyond the rather vague statement in the official announcement that the breach was down to “a vulnerability in software acquired from a vendor” – basically saying the fault was with some piece of software not created internally, which doesn’t really narrow the field very much.

However, local news sources claim the flaw was in Struts2 software, which suggests the hack is related to Java.

“The University will not contact you and ask to confirm any of your personal information. If an unknown person contacts you and claims that he or she can help you if you would just confirm your personal information, do not surrender any information,” the university stated.

The university is working with FBI officials on the issue, and is trying to make sure something like this doesn’t happen again. Local news report suggested that the breach was first spotted more than a week ago, leading to sections of the university website being inaccessible for a time.

Get your personal as well as office laptops encrypted by Alertsec

With so much vulnerability on public networks unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

3 charged in malware scheme targeting bank accounts

January 21st, 2013

U.S. authorities have charged three foreign nationals with creating and distributing a virus that allowed thieves to steal tens of millions of dollars from victims’ bank accounts.

The three are accused of creating the Trojan virus Gozi, which infected more than 1 million computers worldwide and 40,000 in the United States, including computers belonging to NASA, according to court documents unsealed today by U.S. Attorney Preet Bharara in Manhattan. Nikita Kuzmin, 25, Deniss Calovskis, 27, and Mihai Ionut Paunescu, 28, are accused of creating “one of the most financially destructive computer viruses in history.”

The malware installed itself on computers after users clicked on an apparently benign PDF file embedded in an e-mail, allowing the cybercriminals to siphon user names, passwords, and other security information used to hijack online bank accounts, prosecutors alleged.

“Banking Trojans are to cybercriminals what safe-cracking or acetylene torches are to traditional bank burglars — but far more effective and less detectable,” FBI Assistant Director-in-Charge George Venizelos said in a statement. “The investigation put an end to the Gozi virus.”

Kuzmin, a Russian national who was arrested in 2010, pleaded guilty to bank fraud charges in 2011 and agreed to cooperate with federal prosecutors. Kuzmin began conceiving Gozi in 2005 to steal bank account information and hired co-conspirators to write the virus’ source code, prosecutors said today.

Kuzmin then rented out the malware to cybercriminals for a weekly fee through a business he called “76 Service,” before eventually selling the virus to his co-conspirators in 2009, according to court documents. Calovskis, of Latvia, is accused of writing the virus’ code, while Paunescu, of Romania, allegedly provided “bullet-proof hosting” to distribute Gozi.

The U.S. is seeking extradition of Kuzmin’s alleged co-conspirators, who were arrested late last year in their home countries. It was not immediately clear who, if anyone, had been hired to represent the defendants in court. The trio faces up to 60 to 95 years in prison if convicted of the charges.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta