Log in

Posts Tagged ‘Information Commissioners Office’

Around 1000 patients of Lexington Clinic lose data because of Laptop theft

January 31st, 2012

Seal of the United States Federal Trade Commis...

The Federal State Commission issues data protection guidelines. Lexington Clinic suffers data breach

We have mentioned this before and are reiterating – Medical data is very very vulnerable. Most data breach and laptop stealing cases are related to Medical data. We have covered so many posts related to medical data breach that they have almost become a routine now! It is as if Medical data simply cannot be secured. Is the data security world listening? It is so very important to protect data, especially patient data.

Breaking news: Today’s post highlights the vulnerability of medical data breach and laptop thefts.

Lexington Clinic Laptop Theft

According to the Lexington clinic the laptop was atolen last month from the neurology department in the Saint Joseph office park on Harrodsburg Road.

The clinic further adds that the laptop contained patients’ names and some medical information. Fortunately it did not contain Social Security, credit card, or bank account numbers. A total of 1,018 patients lost their private data.

Letters are being sent to the affected parties.

The moment Lexington Clinic found out about the theft, it informed the police and all door locks to the neurology department were urgently changed. Lexington Clinic is currently working with the St. Joseph security officials to ascertain the security of offices located in the St. Joseph Office Park.

Note for Lexington Clinic patients – In case you have been or currently are a patient of the Lexington Clinic Neurology Department, and if you have not received a letter about this theft then it is safe to assume that your data was not on the stolen laptop. So far there is no proof that any of the stolen data has been misused.

The Federal Trade Commission is requesting everyone to take steps to protect information:

Beware of signs of identity theft, such as:

• Bank Accounts you didn’t open and debts on your accounts that you are not aware of

• Wrong information on your credit reports, including accounts and personal information, such as your Social Security number, address(es), name or initials and employers.

• In case you do not receive your bills on time, follow-up with your creditors.

• Receiving credit cards that you didn’t apply for.

• Being denied credit or being offered less favorable credit terms. If it is too good, then it is not true

• Receiving calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.

About Lexington Clinic – It is Central Kentucky’s oldest and largest group practice, with more than 200 providers offering primary and specialty care services. Founded in 1920, Lexington Clinic offers more than 30 specialties and operates offices in more than 25 locations throughout Central and Eastern Kentucky.

Source: LexingtonClinic.com

Alertsec secures your Laptops

3 easy steps to encrypt your data with Alertsec

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption, laptop theft

Tags: Central Kentucky data breach data security Federal Trade Commission Information Commissioners Office Information privacy laptop Medicine Personally identifiable information Saint Joseph Social Security number Theft

UK mobile phone operator O2 suffers data breach

January 30th, 2012

Every data breach is a wake-up call for all of us using the Internet. We just assume our data is safe but how about thinking twice before posting private information on the world wide web? There are technical things which we, laymen, do not understand. Our information gets leaked to third parties and we don’t even know about it. Guess what, every time you visit a site, your phone number is getting leaked through your mobile service provider!

The O2 Scandal

Customers of O2, the European mobile network, suffered a data breach as their phone numbers were exposed to web sites visited from their smartphones. Unfortunately the security breach went on for two weeks before it was fixed on Jan 25.

Mobile customers in the United Kingdom started tweeting Wednesday morning about the breach after mobile developer Lewis Peckover found out about a security loophole in devices carried by European mobile network O2. It appeared that after O2 had performed its routine maintenance on its network this month, some users’ mobile phones started sending their owners’ phone numbers to web sites that were visited using mobile browsers through a 3G/WAP connection. Fortunately those who used Wi-Fi were saved from this ordeal.

This post shows that customer privacy is at stake. The breached phone numbers could be used for SMS spam or for hacking purpose. They are a treat for hackers and just waiting to be exploited!

The mobile device security industry is going through a bad phase. Just last April, Apple iPhones (running iOS 3.2 and above) had a flaw wherein the bug logged users’ location data in unencrypted files stored on the phones themselves. Customers were at their wits end when they heard this and there was chaos in the mobile industry. As if that was not enough, just last month, phone-monitoring software maker Carrier IQ admitted that its data-tracking program was already installed on all its phones across the country!.

Comment by O2

O2 issued a statement last Wednesday and explained that the issue has been fixed.

“In between the 10th of January and 1400 Wednesday 25th of January…there has been the potential for disclosure of customers’ mobile phone numbers to further website owners,” O2′s statement read. “It was fixed as of 1400 on Wednesday 25th January 2012.”

The office of the Information Commissioner (The ICO is a public U.K. body that enforces and oversees activity pertaining to the Data Protection Act of 1998) is looking into this matter presently.

“When people visit a website via their mobile phone they would not expect their number to be made available to that website,” the ICO said in a statement issued Wednesday. “We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed.”

Update from O2

According to O2, it regularly gives subscriber’s phone numbers to web-sites that offer age-restricted information and premium-rate billing without the user’s knowledge.

Apparently the company has been providing user phone numbers to web-sites that are browsed by millions of users from their phones using the 3G network. This has been happening since Jan 10. Obviously the site owners are having a ball with this piece of information.

What should a common man do to avoid such a pitfall?

Always read the terms and conditions of any mobile service that you choose to use. Better to be safe than sorry!

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress

O2, the mobile phone service provider, suffers data breach

is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Uncategorized, computer security software, data breach, data encryption

Tags: AlertSec Xpress Business and Economy Carrier IQ Cellular network data breach Data Protection Act 1998 data security disk encryption ICO Information Commissioner Information Commissioners Office Information privacy IPhone Personal computer Ponemon Institute Telecommunications Telephone number Wednesday

ICO wants to maintain location privacy so that data is not misused

December 13th, 2011

Most of our posts have been concentrating on data breach and laptop theft. This one talks in particular about strengthening data security laws which is the need of the hour, especially for private firms.

The recently held conference called ‘A fine balance 2011: location and cyber privacy in the digital age’ focused on maintaining data privacy just when smart phones, credit cards and other devices are tracking user locations.

Here is what Jonathan Bamford, the head of strategic liaison from the Information Commissioner’s Office (ICO), had to say”"We need to inspire public trust into the way information is issued. What do we do as a regulatory option?” “There is no doubt that human activities have a geographic component and some may be more sensitive than others. Your phone is with you all the time so anything that relates to a smartphone can be very powerful in terms of how I live my life.”

It si very important to manage location data carefully, especially those who develop operating systems and applications. Bamford further adds”"People who develop applications have a series of obligations as do those who create the operating systems. Everybody has a role to play.” “If location data is obtained how long do you retain it for? You can build up a picture of how I live my life if you retain it too long.”

Bamford also explained ICO’s role in data security, especially in terms of audit inspections of govt organizations. Currently the general public is under the impression that the information that they fill up on any website is completely secure. They need to carry this impression for long hence data security is of utmost importance. The people also need to know exactly what is being done about their data and where it is sent. This is where location based services come in. All advertisers want your zip code. A zip code allows a advertiser/provider to get more insight into your life. Companies are getting closer to you with technologies like iPhone.

It is time that the ICO keeps a tab over private sector as well. These private companies are using location based services and getting private data of customers. There is a very high chance of this data getting misused. Currently the ICO can only monitor govt bodies. Companies like Facebook, Google and Groupon are a potential threat to privacy. To add oil to the fire, the development of IPv6 networks could be even more threatening as it will be able to access more private data.

According to Richard Hollis, US group of Info systems audit and control association “As we match the physical world to the virtual world, by placing items such as fridges or even your car keys on the internet, firms could have even more access to your data, your location and your life”.

Use Alertsec

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Use Alertsec
Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption

ICO wants to inspect private firms for data security issues

.

No comments »

Posted in Computer security, Lawsuits and settlements, computer security software, data breach

Tags: Check Point Credit card data breach data security disk encryption ICO Information Commissioner Information Commissioners Office Information privacy IPhone Operating system privacy Richard Hollis security

Powys County Council to pay £130,000 fine to ICO for data breach

December 9th, 2011

Powys County Council in deep waters over data breach

Last few posts mentioned about fines being imposed on councils who have breached the data protection act. But this post breaks all records. It talks about how Powys County council was asked to pay a fine of £130,000 to ICO for data breach. This is the biggest fine ever!

The ICO’s office was conferred powers to impose fine on data breaching organizations on April 2010. Assistant Commissioner for Wales Anne Jones says”There is clearly an underlying problem with data protection in social services departments and we will be meeting with stakeholders from across the UK’s local government sector to discuss how we can support them in addressing these problems,”.

The strange part is that Powys County Council had earlier breached this act twice but had not gotten caught. But this time luck was against the organization and it is expected to pay a hefty fine. Here is the ICO’s statement regarding the earlier data breaches “Two separate reports about child protection cases were sent to the same shared printer. It is thought that two pages from one report were then mistakenly collected with the papers from another case and were sent out without being checked. The recipient mistakenly received the two pages of the report and knew the identities of the parent and child whose personal details were included in the papers. The recipient made a complaint to the council and a further complaint was also submitted by the recipient’s mother via her MP.”

The first incident was written off as an ‘once in a blue moon’ error but then a second one occured where a social worker sent data about another child to the same member of the public who was also familiar with the child.

Ann Jones further added”This is the third UK council in as many weeks to receive a monetary penalty for disclosing sensitive information about vulnerable people. It’s the most serious case yet and it has attracted a record fine. The distress that this incident would have caused to the individuals involved is obvious and made worse by the fact that the breach could have been prevented if Powys County Council had acted on our original recommendations.”

The ICO had given an warning to the council to revamp its security policies or be ready to face consequences. Not much has changed in terms of security, the latest breach makes that all too clear. Now the ICO has threatened to take the council to court if it does not get back on its feet and beef up its security measures. The ICO has further made it compulsory for the counil to train its staff on how to follow the council’s guidance on the handling of personal data by 31 March 2012, along with refresher training provided every three years.

Alertsec to the rescue

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Lawsuits and settlements, computer security software, data breach, data encryption, identity theft

Tags: Assistant Commissioner Check Point Child protection data breach Data Protection Act 1998 ICO Information Commissioners Office Information privacy Member of parliament Personal computer Powys Powys County Council

Former Middletown School contractor accused of Laptop theft

December 5th, 2011

Not one or two but 400 laptops missing! A recent case of laptop theft saw 400 laptops being stolen from Middletown schools by a former contractor. A Butler County grand jury is currently reviewing the charges. If convicted, he faces 5 years prison time.

According to the Middletown police Larry A. Osborne Jr., 29,has been charged with third-degree felony theft on Nov. 9 in Middletown Municipal Court. He is accused of stealing computers since 2008. Osborne, a computer technician, was a former contractor of the Butler County Educational Service Center. The approximate value of the 400 laptops is $123,000. Osborne used to sell these computers on ebay. He sold around 350 computers to a man in PA who had no clue that these computers were stolen property. The PA man has not been charged. The machines were either used ones or non-working.

Former school contractor stole 400 laptops

The first theft was reported on Nov. 8 where eight Apple laptop computers were stolen from the district’s warehouse, 110 Baltimore St.

So far the department has recovered 46 of the 400 laptops. According to Lt. Scott Reeve. “The investigation is pretty much done. We’ve recovered all we’re going to recover,”. He further added that the thefts were discovered when the owner of 1 Stop Shipping Shop on Vail Avenue became suspicious about the no of computers Osborne was shipping. 18 laptops were recovered from 1 Stop Shipping Shop and 28 from Hallstead, PA. Lt. Reeve added “He wasn’t just taking them from one location,”. “He was taking them from multiple locations. I think that is part of the reason he got away with it for so long. He is an information technology guy and it’s not unusual to see him walking around with a computers in his hands, and they weren’t all being stolen from one location. He was spreading out the thefts at various schools throughout the district.”

Apparently Osborne was a full time IT worker with the district and lost his job a month ago when the theft came to light.

The modus operandi was that Osborne stole laptops that were left unattended while making service calls. Inspite of the fact that the district conducts general audits of its systems on an annual basis, the laptops were stole. The reason being Osborne was the employee in charge of this district.The district is revamping its security policy to make sure such thefts do not take place in the future.

Alertsec and data encryption go hand in hand

Information has become highly mobile. There are netbooks, laptops, iphones and blackberries. You leave any of these unattended and the next thing you know is that they are stolen!

To lose any of the above device means losing valuable information! Especially when this information includes not only your personal data but that of hundreds and thousands of people.

Encryption is the best security solution to data breaches and laptop thefts. Alertsec helps you keep your info secure.

No comments »

Posted in Computer security, Identity and Information loss, Lawsuits and settlements, computer security software, identity theft, laptop encryption, laptop theft

Tags: Apple Baltimore Counties Hardware Information Commissioners Office insurance laptop laptop theft LoJack Notebooks and Laptops security Theft United States