Log in

Posts Tagged ‘identity theft’

Vacationland Vendors admit to serious data breach

September 15th, 2011

Vendstar 3000 Vending Machine at Approved Cash...

Vending machine exposes visitors' personal data

Should you be staying away from vending machines? Many folks keep themselves away from vending machines for health sake.

There is one more reason to stay away now. Your personal information is at risk here ! Folks swipe credit cards whilst buying from the vending machines thereby storing personal data.

The following incident makes one think twice before putting that chip from the vending machine into your mouth.

A hacker gained entry into certain parts of Vacationland Vendors point-of-sale systems used to process payment-card transactions at Wilderness Resorts located in Tennessee and in the city of Wisconsin Dells, Wisconsin. The breach has affected around 40,000 people. Company’s spokesperson said “a computer hacker improperly acquired credit card and debit information.”

It is still not known how the breach was discovered or when. Whether those affected by the breach have been notified or not is also not known. The breach affected only arcade systems. Fortunately the resort operations and systems — reservations, restaurants, and shops — were not breached.

According to Vacationland, internal security has nothing to do with the breach at either of the two Wilderness Resorts. The statement further adds “Vacationland Vendors has learned that other businesses just like its own have been affected by this computer hacker,”.

Vacationland Vendors is working with an outside consultant and has beefed up its security of point of sale systems to protect from future breaches.

Customers who have used their credit card or debit card at the Wilderness Resort locations from December 12, 2008 through May 25, 2011have been asked to take the following immediate steps in order to prevent the unauthorized and unlawful use of their personal information.

According to Bill Bray, spokesperson for the Wisconsin Dells-based Vacationland Vendors, the same intruder had hacked other businesses as well.

a. Keep a close watch on bank statements and credit card bills and if you notice something strange immediately get in touch with authorities

•b. Place a fraud alert on your consumer credit file. This can be done by contacting one of the three national credit reporting agencies – Equifax (800-525-6285), Experian (888-397-3742) or TransUnion (800-680-7289).

c. Inform the local law enforcement or the state attorney general of any incident related to identity theft

How can Alertsec help?

Thus in the absence of full disk encryption, privacy of consumers is compromised. It is vital to use Data encryption software in order to keep our data safe from breaches. Data security and recovery software is the need of the hour. $13/month is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software-licensing model

Why is Alertsec the number 1 laptop encryption service?

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Uncategorized, data breach, data encryption, identity theft

Tags: breach notification laws computer encryption software Credit card data security disk encryption Encryption Enter your zip code here Equifax Hacker identity theft TransUnion Vending machine

The Oregon Department of Transportation admits to data breach

September 12th, 2011

Data breach at ODOT exposes participants social security numbers

2011 has probably seen the most and the worst set of data breaches. In April 2011, Sony reported a data breach within their Playstation Network. Expedia’s Trip Advisor, email marketing provider Epsilon and professional engineering society Institute of Electrical and Electronics Engineers followed suit.

In the latest incident of data breach, data of 62 current and former employees remained exposed to the public online for nine long years. The breach was reported on Friday.

Details of the breach

Oregon Department of Transportation immediately removed the data from the site and apologized to its users who had participated in the environmental program. Fortunately, no one has had any problems with the exposed data.

Aug. 26 email gave details of this breach to all its users.

According to Theresa Masse, the state’s chief information security officer with the Department of Administrative Services ”Some were electronic — misdirected email, lost laptop, or a file exposed on a website,”. She further added “Others involved misdirected letters or a lost folder. The largest affected 500 people; the smallest, one individual.”

ODOT found out about the breach two weeks ago when it got a call from a citizen who brought to notice that a file in the agency’s file transfer protocol site contained encoded Social Security numbers. A file-transfer protocol site is used to transfer large files to internal and external users. The file contained names and encoded Social Security numbers of 62 people working with ODOT’s environmental programs. This information could have been online since 2002.

This is what ODOT spokesman Dave Thompson had to say when users found out about the breach ” “None of them were necessarily happy with us, or with the news this happened,” Thompson said. “But none of them has indicated they have noticed any sort of issue. It does not mean it hasn’t happened — and that’s why we spoke to them first before we announced it.”

Comparison with two private sector firm breaches

Health histories of 120,000 Oregon customers covered by Health Net were breached in March. Computer disks and backup tapes with details of 365,000 Oregon patients of Providence Health & Services went missing in Dec 2005

Another incident in early 2010

This incident was far more serious than the recent breach. A pen drive with payroll information of 550 Department of Corrections employees was found in Madras. The drive contained Social Security numbers of 300 employees at the Deer Ridge Correctional Institution near Madras and the Shutter Creek Correctional Institution in North Bend, and information of employees at the Warner Creek Correctional Facility in Lakeview.

How can Alertsec help protect data?

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Identity and Information loss, computer security software, data breach, identity theft

Tags: California computer encryption software data breach data encryption disk encryption Emergency department Enter your zip code here Health Net identity theft Oregon Oregon Department of Transportation Palo Alto California Personal computer PlayStation Network Providence Health & Services Social Security number Stanford Hospital and Clinics United States Department of Health and Human Services Website

SCRA breaches data for the second time exposing children’s details

September 7th, 2011

Sensitive info papers lost from filing cabinet

Data breaches are online as well as physical

Data breaches are not restricted to online or soft copy data loss. They also include theft or loss of physical documents.

Here’s a look at a recent case of physical and digital data theft.

Scottish Children’s Reporter Administration (SCRA) breaches Data Protection Act for the second time

The Scottish Children’s Reporter Administration (SCRA) is in breach of data security related to children’s data twice in the last 6 months. The SCRA is an organization dedicated to protect children in the judicial system. The body investigates the care of Scotland’s most vulnerable children.

Details of the two breaches

In January 2011 the Scottish body sent documents containing a child’s personal data to the wrong email address. The documents carried sensitive information like child abuse related to the legal case which had the contact information of the child’s mother and witnesses.

Later, in September 2010, the body somehow lost 9 case files which contained personal data such as birth dates, names and social report. Apparently the files got lost when the filing cabinet which contained these files was moved and later sold to a second-hand furniture shop.

Mishandling of sensitive information

Ken Macdonald, assistant information commissioner for Scotland, is concerned that data had been breached twice by the same organization.

“On both occasions the personal data which was compromised related to young children and was caused by human errors that could easily have been avoided,” said Macdonald. He further added “I am pleased that the Scottish Children’s Reporter Administration has taken action to make sure that the personal information they handle is kept secure and would urge other organizations, particularly those handling sensitive information relating to young people, to follow suit,”. Fortunately both times the information was not circulated.

Information handling post breach

Neil Hunter, chief executive of the SCRA, is renewing the organization’s data protection policy and training employees about data security.

The ICO (Information Commissioner’s Office) is holding workshops related to raising awareness of data protection obligations among staff.

About ICO

The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

Security guaranteed with Alertsec Xpress

This incident highlights the need of a data security and data encryption software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Alertsec has offices in the US, UK, Sweden and operates in many other countries around the world through partners.

Its mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market

No comments »

Posted in Data Protection, Identity and Information loss, data breach, identity theft

Tags: business Crime data breach Data theft identity theft Information Commissioners Office security Theft

California data breach law revised

September 2nd, 2011

Gov. Jerry Brown signs Senate Bill 24

Breach after breach is forcing lawmakers to make changes in the security policy.

A California lawmaker has come up with a bill that would update the state’s data breach notification law, SB-1386, to help prevent sensitive data.

About Senate Bill 24

Existing law requires any agency, and any person or business

conducting business in California, that owns or licenses

computerized data that includes personal information, as defined,

to disclose in specified ways, any breach of the security of the

system or data, as defined, following discovery or notification of

the security breach, to any California resident whose unencrypted

personal information was, or is reasonably believed to have been,

acquired by an unauthorized person

Existing law requires any agency, and any person or businessconducting business in California, that owns or licensescomputerized data that includes personal information, as defined,to disclose in specified ways, any breach of the security of thesystem or data, as defined, following discovery or notification ofthe security breach, to any California resident whose unencryptedpersonal information was, or is reasonably believed to have been,acquired by an unauthorized person

Bill Update

Senator Simitian had submitted three versions of his security breach notification to former Governor Schwarzenegger in 2008, 2009 and 2010. But they were vetoed all three times.

This time though, he was lucky. The current Governor, Jerry Brown, signed the bill which helps consumers with information to help prevent identity theft.

SB 24 defines key details that must be a part of the notification letter and forces the Attorney General to take cognizance of the breach. In case a social security number or drivers license details get compromised, the notice letter explains how to contact major credit agencies. This is very important as consumers can keep a track of their accounts and get proof of identity theft (if one takes place). The bill further empowers to prevent identity theft, including freezing your credit report.

As per the update the breach notification letters will contain details of the incident i.e. the type of personal information compromised, a description of what happened, and steps to be taken to protect oneself from identity theft. The law also makes it compulsory for organizations to submit a copy of the alert letter to the state attorney general’s office in case the breach has affected 500 or more people

What are the other States doing about ID theft?

Taking a cue from California law, over 40 states have adopted security breach notice laws. Some of them are Alaska, Arkansas, Connecticut, Hawaii, Indiana, Louisiana, Maine, Maryland, Massachusetts, Missouri, New Hampshire, New Jersey, New York, North Carolina, Puerto Rico, South Carolina, Vermont, and Virginia.

Will hackers stop?

Cyber thieves will continue breaking the law but businesses and agencies will take more precautions to protect their data henceforth and if they ever become a victim of data breach, they will know who to turn t0.

It was high time California got the added protection that SB 24 will provide.

Alertsec offers encryption service

Security services like the ones offered by Alertsec are the need of the hour. Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way. Alertsec is part of the Durator Group which has been awarded the highest credit rating available.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Lawsuits and settlements, Uncategorized, data breach, data encryption, identity theft

Tags: California Consultants Crime data breach identity theft Jerry Brown Notification system Personally identifiable information security security policy

Poor IT security measures lead to data theft in Citigroup Japan

August 26th, 2011

Another cyber attack on Citigroup

Hackers love Citigroup and they waste no time in finding loopholes to hack into their system. They have done it again but in a different way. This is not an online hack but an offline one.

This time they have illegally accessed personal information of 92,408 Citigroup Inc. credit card customers in Japan and sold this info to third parties. This is a clear indication that banks are vulnerable to cyber attacks and need to beef up their security.

Customer account numbers, names, addresses, phone numbers, birth dates, account-opening dates and gender information were stolen hacked into. Thankfully, personal identification numbers and card security codes were safe.

So far, no unauthorized use of the cards had been reported by the end of business on Aug. 5, the Kyodo News reported.

Citi is getting in touch with all customers affected by the theft and plans to reissue cards at the customer’s request. It further added that customers won’t be responsible for fraudulent transactions on their accounts.

Who is the perpetrator this time?

According to Citigroup Japan, the system was hacked by a third-party vendor that had been given access to Citi’s internal systems.

Avivah Litan, a distinguished analyst at Gartner, sums up in exact words ”This is a CIO’s worst nightmare,”. “I am sure Citi is not sitting around and twiddling its thumbs as the hackers gain the upper-hand. However, it does prove what a leaky sieve most large banks and corporations are when it comes to protecting customer data. There are so many points of compromise that it’s very difficult for them to thwart all potential attacks.”

Customers have started worrying as cyber criminals are getting better and better in their online attacks stealing private information and documents. They are not fully able to trust the big companies who are handling their money and credit card information.

Citi has been a constant target of hackers

In 2006, Citi’s system had been breached through a third party, giving away corporate banking information. Citi had to take the step of blocking PIN-based transactions for customers in Canada, Russia, and the United Kingdom. This was a followed by an incident in June where the FBI arrested a former Citi executive who allegedly embezzled more than $19 million from the bank and its customers.

About Citigroup

Citigroup is a leading global financial services company housing 200 million customer accounts and operating in more than 140 countries. Through Citicorp and Citi Holdings, Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, and wealth management.

Protect yourself with Alertsec

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.