Log in

Posts Tagged ‘Information Commissioner’

UK mobile phone operator O2 suffers data breach

January 30th, 2012

Every data breach is a wake-up call for all of us using the Internet. We just assume our data is safe but how about thinking twice before posting private information on the world wide web? There are technical things which we, laymen, do not understand. Our information gets leaked to third parties and we don’t even know about it. Guess what, every time you visit a site, your phone number is getting leaked through your mobile service provider!

The O2 Scandal

Customers of O2, the European mobile network, suffered a data breach as their phone numbers were exposed to web sites visited from their smartphones. Unfortunately the security breach went on for two weeks before it was fixed on Jan 25.

Mobile customers in the United Kingdom started tweeting Wednesday morning about the breach after mobile developer Lewis Peckover found out about a security loophole in devices carried by European mobile network O2. It appeared that after O2 had performed its routine maintenance on its network this month, some users’ mobile phones started sending their owners’ phone numbers to web sites that were visited using mobile browsers through a 3G/WAP connection. Fortunately those who used Wi-Fi were saved from this ordeal.

This post shows that customer privacy is at stake. The breached phone numbers could be used for SMS spam or for hacking purpose. They are a treat for hackers and just waiting to be exploited!

The mobile device security industry is going through a bad phase. Just last April, Apple iPhones (running iOS 3.2 and above) had a flaw wherein the bug logged users’ location data in unencrypted files stored on the phones themselves. Customers were at their wits end when they heard this and there was chaos in the mobile industry. As if that was not enough, just last month, phone-monitoring software maker Carrier IQ admitted that its data-tracking program was already installed on all its phones across the country!.

Comment by O2

O2 issued a statement last Wednesday and explained that the issue has been fixed.

“In between the 10th of January and 1400 Wednesday 25th of January…there has been the potential for disclosure of customers’ mobile phone numbers to further website owners,” O2′s statement read. “It was fixed as of 1400 on Wednesday 25th January 2012.”

The office of the Information Commissioner (The ICO is a public U.K. body that enforces and oversees activity pertaining to the Data Protection Act of 1998) is looking into this matter presently.

“When people visit a website via their mobile phone they would not expect their number to be made available to that website,” the ICO said in a statement issued Wednesday. “We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed.”

Update from O2

According to O2, it regularly gives subscriber’s phone numbers to web-sites that offer age-restricted information and premium-rate billing without the user’s knowledge.

Apparently the company has been providing user phone numbers to web-sites that are browsed by millions of users from their phones using the 3G network. This has been happening since Jan 10. Obviously the site owners are having a ball with this piece of information.

What should a common man do to avoid such a pitfall?

Always read the terms and conditions of any mobile service that you choose to use. Better to be safe than sorry!

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress

O2, the mobile phone service provider, suffers data breach

is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Uncategorized, computer security software, data breach, data encryption

Tags: AlertSec Xpress Business and Economy Carrier IQ Cellular network data breach Data Protection Act 1998 data security disk encryption ICO Information Commissioner Information Commissioners Office Information privacy IPhone Personal computer Ponemon Institute Telecommunications Telephone number Wednesday

ICO wants to maintain location privacy so that data is not misused

December 13th, 2011

Most of our posts have been concentrating on data breach and laptop theft. This one talks in particular about strengthening data security laws which is the need of the hour, especially for private firms.

The recently held conference called ‘A fine balance 2011: location and cyber privacy in the digital age’ focused on maintaining data privacy just when smart phones, credit cards and other devices are tracking user locations.

Here is what Jonathan Bamford, the head of strategic liaison from the Information Commissioner’s Office (ICO), had to say”"We need to inspire public trust into the way information is issued. What do we do as a regulatory option?” “There is no doubt that human activities have a geographic component and some may be more sensitive than others. Your phone is with you all the time so anything that relates to a smartphone can be very powerful in terms of how I live my life.”

It si very important to manage location data carefully, especially those who develop operating systems and applications. Bamford further adds”"People who develop applications have a series of obligations as do those who create the operating systems. Everybody has a role to play.” “If location data is obtained how long do you retain it for? You can build up a picture of how I live my life if you retain it too long.”

Bamford also explained ICO’s role in data security, especially in terms of audit inspections of govt organizations. Currently the general public is under the impression that the information that they fill up on any website is completely secure. They need to carry this impression for long hence data security is of utmost importance. The people also need to know exactly what is being done about their data and where it is sent. This is where location based services come in. All advertisers want your zip code. A zip code allows a advertiser/provider to get more insight into your life. Companies are getting closer to you with technologies like iPhone.

It is time that the ICO keeps a tab over private sector as well. These private companies are using location based services and getting private data of customers. There is a very high chance of this data getting misused. Currently the ICO can only monitor govt bodies. Companies like Facebook, Google and Groupon are a potential threat to privacy. To add oil to the fire, the development of IPv6 networks could be even more threatening as it will be able to access more private data.

According to Richard Hollis, US group of Info systems audit and control association “As we match the physical world to the virtual world, by placing items such as fridges or even your car keys on the internet, firms could have even more access to your data, your location and your life”.

Use Alertsec

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Use Alertsec
Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption

ICO wants to inspect private firms for data security issues

.

No comments »

Posted in Computer security, Lawsuits and settlements, computer security software, data breach

Tags: Check Point Credit card data breach data security disk encryption ICO Information Commissioner Information Commissioners Office Information privacy IPhone Operating system privacy Richard Hollis security

Data Breach Incidents in UK Cross 1000

June 7th, 2010

Data Security concerns in UK

The number of data breach incidents in the UK are on a steep rise. The Information Commissioner’s Office (ICO) in Britain has now received over 1,000 reports of data breaches and losses since its initial information, issuing a strong message to remaining organizations to take stringent steps to ensure the protection of their data.

According to ICO’s report the list is topped by the NHS which has reported 305 breaches since November 2007. Out of these about 116 cases were reported due to data theft, 43 were reported to error related issues and 87 were because of data loss.

The Deputy commissioner at ICO’s office, David Smith mentioned, “Staff must be adequately trained in the value of personal information and how to protect it,” he said. “Organisations should have clear security and disclosure procedures that staff can understand, and these should be properly implemented and followed by staff.”

But the real question is will mere training help? In other words, what we intend to say is that policies and procedures will remain static unless you implement them.

Out of total cases reported, the private sector has accounted for 288 incidents while the local goverrnment accounted for 305 cases. Infact, the central government has also reported 132 cases of data security breach incidents. The last sector that is voluntary groups accounted for 44 security breach incidents. In total, 1007 breaches have been reported.

In the past six months, action was taken against 14 Department of Health organisations that exposed private data. The ICO has also mentioned that that the NHS data breach in which a data stick having information of psychiatric patients in Scotland was handed in to Glasgow-based Scottish newspaper The Daily Record in the incident.

Last year, ICO had also gained the right to fine organisations up to £500,000 for serious data breaches, although the power hasn’t been exercised yet.

How Alertsec Can help?

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution. The AES encryption algorithm and extensive 3rd party certifications offer you security that is used by millions. Try it for free today.

Of those breaches, 58 are attributed to stolen data or hardware, and 43 to lost data or hardware.

Data breaches reported to the ICO top 1,000 (v3.co.uk)
NHS ‘worst for breaches of data’ (news.bbc.co.uk)
InfoSec 2010: Europe to mandate reporting of serious breaches (v3.co.uk)

No comments »

Posted in AlertSec Xpress

Tags: David Smith ICO Information Commissioner Information Commissioners Office National Health Service NHS Scotland security

Alert: New ICO Penalties Beginning Next Month

March 23rd, 2010

: Image by smallcaps via Flickr

If you & your brand were thinking that you could get away with incidents of data theft and loss, think again ! The security industry is planning to come up with stringent and stricter rules which will lead to sever penalties for any cases that report data loss.

These new rules have been issued by the Information Commissioners Office (ICO) and are all set to be rolled out starting 1st week of April. According to Clearswift CEO Richard turner, the level of financial penalty is set to rise to a maximum of £500 000 (from £5 000), for those companies who do not comply with the Act.

Apparently, Clearswift has been helping organizations to equip themselves with the most sophisticated content inspection technology in the industry & protect companies of confidential data.

According to Turner, “Organisations can no longer ignore the seriousness of corporate data breaches and not complying with the Data Protection Act. On 6th April 2010, the Information Commissioner is upping the financial penalties to act as a deterrent for companies who flout these rules”.

In a recent incident, Information Commissioner’s Office (ICO) had reprimanded the Royal London Mutual Insurance Society for breaching the Data Protection Act. The penalty was issued after the theft of eight of the firm’s laptops, two of which contained details of 2,135 people from the company’s Edinburgh offices. The data were password protected but unencrypted.

What the Analysts Say

Industry analysts have expressed their view points on the imposition of these fines,

Susan Hall, partner and IT specialist at Cobbetts thinks, “These new fines will have a profound impact on internal procedures, especially at medium-sized, data-rich businesses, whose growth commonly outmatches their internal development and the maintenance of procedures”.

Dave Ellis, e-security director at security distributor Computerlinks said, “Mid-market firms have not been under as much pressure so this should open up some good opportunities.”

Stewart Room, a keynote speaker at Infosecurity Europe & partner at Field Fisher Waterhouse LLP, believes that organisations need to focus on two vital aspects: the system and the operations. The system defines the security position via documented rules, policies and procedures. Operations details out the implementation of system in daily activities. According to Stewart, in a recent online poll a third of organisations admitted if they have experienced a security breach tomorrow they do not have a system in place to adequately deal with the incident.

Go Secure, Choose Alertsec Now

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption. Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution.

For further information, please email us on info@alertsec.com.