Launched in 1999, FS-ISAC was established by the financial services sector in response to 1998’s Presidential Directive 63. That directive – later updated by 2003’s Homeland Security Presidential Directive 7 – mandated that the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure.

To learn more about the conference and to make your registrations please visit the summit website at http://www.fsisac.com/events/spring_conference/2011/.

Meet us in Miami for the Spring 2011 Financial Services – Information Sharing and Analysis Center, FSTC and BITS Annual Summit Conference. We will be there to answer any questions about encryption and securing your laptop computers, but more importantly we can help you dramatically reduce your cost of ownership for encrypting your laptops.

Security Breach at BoA

For banking institutions “Security” is an inherent word which has got its meaning across two layers the monetary security and the information/data security.

Bank of America needs to use better data security programs as its website exposes customer accounts data in an unprecedented online security breach. Yes, if your account is also in BoA then your full online account details access may be in the hand of someone else. This is not just another case of security breach because bank accounts are one the most important things for people and data breach like this can damage a lot. According to the Ray Wert, who is editor in chief of the gawker media, “Bank of America’s online banking system experienced a security breach or glitch that enabled logged in users to see other people’s accounts”.

BoA didn’t informed Customers about Breach

Bank of America did not inform its customers about the breach. It neither sent e-mail nor mentioned about this breach on its website.

Ray Wert, said in a statement on Jalopnik that “Someone very close to me called moments ago and told me that when she logged into her Bank of America account earlier this evening she saw, rather than her credit card account, the mortgage and home equity account of someone else. That’s right, Bank of America was showing her, instead of her own credit card account, the accounts for a Bank of America account holder in Randolph, NJ. The only similarity between the two- The same last name. The person I spoke with immediately called Bank of America, and was told that although they knew of the problem, they didn’t they yet know what was causing the problem, and despite having known about it for over a half an hour, they had not shut down online access. One hour later, my source tells me she still has access to the other party’s account information”.

Bank of America

BoA has not Rectified Problem Yet

After discovering the security flaw in its online banking system, BoA subsequently blocked the online access to at least one affected account. But it’s still not clear whether access to all of online banking was blocked or not. So, if you have a BoA account, make sure to check your accounts now. You can also call the BoA customer service number in the case of any problem in your online banking account and urge them to shut down their website immediately. Bank of America tweeted that everything is ok but has not fully rectified this problem yet.

Be Secure with Alertsec Xpress

Security Breaches like this are becoming just like a regular crime nowadays and society as a whole has come to grips of it. In an incident which highlights the need of a data security and data encryption software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles

• Bank of America Blocks WikiLeaks Payments (mashable.com)
• Bank of America talking in Dublin about Cloud Computing (bestconnected.enterprise-ireland.com)
• The Consensus Opinion on Bank of America: Mostly Bullish (fool.com)
• Did Security Firms Pitch Bank Of America On Sabotaging WikiLeaks? (blogs.forbes.com)
• “Bank of America Agrees to Pay $410 Million to Settle Overdrafts Lawsuits” and related posts (theyeshivaworld.com)

ABC News has published a list of 10 severe data breaches that have affected the industry in this decade beginning from 2000.

The list of data breaches has been compiled by a San Diego-based non-profit, called the Privacy Rights Clearinghouse. The list includes  exhaustive list of data breaches by government agencies, institutions and corporations. Some of these incidents highlight the breaches of all kinds and including the number of people affected.

Let us analyze some of these incidents

1. 2009 — Heartland Payment Systems

   The Heartland payment systems was billed as the largest credit card crime of all time. Princeton, New Jersey based Heartland  processes card payments for restaurants and other businesses. The computers which were processing 100 million transactions for 1,75,000 merchants were penetrated by hackers. In January this year, Heartland was notified by Visa and MasterCard notified Heartland about suspicious transactions.

2. 2007 – TJX Companies

   4 years ago, the Massachusetts-based TJX informed that more than 45 million customer records in 2003 and 2004. Over $20 million were spent in investigating the incident, hiring the lawyers and notifying the customers. This incident exposes the security vulnerabilities of retailers.

3. 2009 – U.S. Department of Veterans Affairs

   Information of around 76 million veterans was compromised when a defective hard drive was sent for repair and recycling without first having the data on it erased. Apparently, the hard drive contained millions of social security numbers.

4. 2005 – Card Systems

   CardSystems, an Atlanta based payment transactions processor suffered a breach incident when more than 40 million card accounts were exposed to potential fraud. Infact, the leaked details that were used by hackers belonged to Mastercard accounts (68,000), Visa accounts (100,000) and other brands (30,000).

5. 2006 – Theft of Veterans Laptop with Personal data

   Way back in May 2006, a laptop that contained personal information for millions of veterans was stolen in a burglary from the Maryland based agency. Apparently, over 17.5 million veterans were at risk and were offered to cover the cost of monitoring their credit for one year.

6. 2008 – Bank of New York Mellon

   When the Bank of New York Mellon lost a box of computer data tapes with information such as Social Security numbers, names, addresses and possibly bank account numbers, the personal information of more than 12.5 million people was compromised.As a settlement amount, Connecticut was paid $150,000 by the bank and was also promised credit monitoring and fraud alerts for the affected people for 36 months.

7. 2007 – Certegy Check Services

   A St. Petersburg, Florida-based financial services firm, Certegy revealed the theft of customer records by an employee that included credit card, bank account and other personal information. The volume estimates of the data breach incident was found out to be $ 8.5 million.

For further insights about the breach incidents, do check out the ABC News article on 10 of the Top Data Breaches of the decade.

Security against Data Breach with Alertsec Xpress

Why do data breach incidents happen in the first place? Perhaps your organization didn’t take the requisite steps or there was some level of negligence with the handling of data.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles by Zemanta

• Top 10 Data Breaches of the Decade (abcnews.go.com)
• Heartland Slowly But Steadily Settles IT Breach Lawsuits (spectrum.ieee.org)
• Heartland settles with MasterCard for $41 million (riskpundit.com)

Businesses like HSBC are doing the right thing by looking out for their customers’ safety. Additionally, the move has generated lots of free positive press and helped put the bank in a positive light. The promotion is also low cost and affordable, making it a smart business decision. HSBC’s actions are commendable, however, it’s unclear whether the organization is fully protecting itself. Security experts are questioning some of the bank’s website features and the choice of Rapport as the security provider. The criticisms serve as a reminder- it’s crucial for businesses to defend themselves in every way possible to be fully prepared for the future. When it comes to a business’s security, there’s no such thing as being over-prepared when dealing with the Internet.

Spreading Your Resources

A company like HSBC usually has several separate budgets to cover expenses. These range from amounts allocated for administrative costs to figures backing the latest marketing campaign. HSBC’s move showed an in-depth understanding for business strategy. It’s important for companies to work on promoting a fully integrated message- one which shows how all of its different areas work together to create a great product. HSBC spent money to provide customers with free security software and the purchase helped decrease the need for spending in marketing, advertising, public relations, and even recruiting! After the media picked up the story, HSBC can sit back and enjoy its investment.

However, it appears the company standpoint on security fell short- an analyst at a rival firm crictized HSBC in an interview with eWeek Europe:

Cluley …questioned HSBC’s decision to allow banking customers to save their user ID on their browser. Rather than entering the ID every time they access the site, user’s can choose to have their browser remember the code.

“Certainly I wouldn’t feel comfortable if my online banking password was being remembered for me in this fashion,” he told eWEEK Europe UK. “A home computer may not be ‘public’ or ’shared’, but it can still be stolen or a dodgy workman might have access to it. My suspicion is that security and usability have once again had a wrestling match, with those who want less support calls from forgetful consumers winning.”

It’s unclear whether Cluley’s claims are well-founded; a representative of HSBC explained that the ID saved requires an additional password and exists as added convenience. Nonetheless, organizations need to evaluate how their budgets are being spent and make sure that security is well funded. A firm protected by Alertsec Xpress would be able to use advertisements to promote its business’s high level of security and market itself as a safe organization which uses encryption to protect customers. Companies should explore how their security spending is connected and find the strings which can be cut.