Log in

Posts Tagged ‘Information Loss’

Major Data Breach at Britain’s Identity and Passport Services

March 3rd, 2011

Bretain's Identity and Passport Service in data breach

It has been an ongoing problem for organizations to keep secure their sensitive data. Hacking of such information is an emerging issue and became common nowadays. Security threats are increasingly becoming focused on where the organization keeps its data and how to break data security. This time Britain’s Identity and Passport Services (IPS) is in a major data breach. 21 passport renewal applications went missing from the Britain’s Identity and Passport Office and it is still not confirm how the documents were lost. No one is there to confirm how the documents went missing neither the commissioner nor the IPS.

Information Commissioners Office

Identity and Passport Services has breached the country’s Data Protection Act and reprimanded by the Information Commissioners Office (ICO) for losing the applications. ICO informed that the documents were lost in May 2010 and all affected individuals were informed. The lost documents included personal data of both the applicants and the counter-signatories.

Mick Gorrill, head of enforcement at the ICO said, “A passport is an important identification document and it is clearly of concern that information relating to renewal applications has been lost”.

To be levied with a fine, the breach must either have been deliberate or the data controller must have known that there was a risk that a contravention would occur and failed to take reasonable steps to prevent it. The ICO has got the additional powers of levying in April 2010. Since that ICO has fined a total of four organizations and have authority to fine up to £500,000 for the most serious breaches.

Identity and Passport Service Response

There was no evidence to suggest that the applications have fallen into the wrong hands but Identity and Passport Service taking steps to stop this happening again and has signed an undertaking to improve its data storage procedures and policies.

UK Passport

According to a spokesman for the Identity and Passport Service, “IPS takes the security of its customer data extremely seriously. Following the loss of details relating to 21 passport applications in May 2010, IPS took immediate action to cancel the application information. We are confident that customers were not subject to any risk of identity fraud”.

IPS agreed to regular audits and inspections of its procedures and an internal security review has been carried out since the lapse in data security. During the past five years IPS has safely handled more than 25 million passport applications but have significantly tightened its processes to prevent such an incident happening again.

A simple mistake or carelessness can cost substantial amounts of money and data loss. There is a need for organizations to use data encryption software or other data protection measures for the security of sensitive information.

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

UK.gov shreds last ID scheme hard drives (go.theregister.com)
tech news (artofphones.wordpress.com)
Passport office loses applications (go.theregister.com)
Passport department escapes ICO fine for data loss (v3.co.uk)
Where do security breaches occur? What type of data is stolen and who makes the discovery? (brianpennington.co.uk)

No comments »

Posted in Alertsec Express, identity theft

Tags: British passport data breach data encryption Data loss data protection act Data Protection Act 1998 data security data theft prevention Identity and Passport Service Information Loss IPS security

Fine Gael website has been Hacked and Personal Data of 2,000 Supporters were Breached

January 18th, 2011

When you are talking about data in IT organizations hacking attacks will continue to thrive. Again in any professional organization, the tendency of such kinds of attacks happening in real-time is very common. Through the medium of this blog, we’ve been highlighting several breach incidents which present strong warnings for organizations to enhance their mechanisms for the protection against data loss incidents. One such way of ensuring the data security is through the use of data encryption software.

Today we are going to talk about Fine Gael, a political party portal and how it became the latest victim of data breach incident.

Fine Gael website Hacked by an “Anonymous” Group

Fine Gael party leader Enda Kenny

As we mentioned above, Fine Gael is the new website of an Irish political party. It has been hacked by “Anonymous”, an online hacking group. The website was launched last week and the reason of launching was to invite members of the public to share their views on policy and the future of Ireland.

Fine Gael has been formed in 1933 and considered as the moderate political party. On Tuesday Party replaced its old website finegael.ie with the new website finegael2011.com. This site has been hosted by the American internet firm ElectionMall Technologies which is a US firm.

Personal Data of Around 2000 Supporters were Revealed

So how does it feel to be among those whose data is revealed? Exactly this is what happened to the supporters of Fine Gael. The hacking incident had an impact on the personal data of around 2000 supporters. Irish Central reported that the number of affected is believed to increase to 4,000. This attack took place on Sunday and immediately after the attack website was forced offline. The hacker was forwarded the personal details file to media organizations. This file was containing the IP addresses, phone numbers and e-mail addresses of approximate 2000 people.

Why the New Hosted Website was Hacked

According to the attackers, the site was hacked because comments submitted to the site by users were being censored and forwarded around 2,000 members’ details with the claim that the party was censoring comments from the public. Hackers posted a message on the Fine Gael website after removing the message posted by them. The posted message was “Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. Wake up!”

A spokesperson for Fine Gael said the attack was “assumed to be by Anonymous”, but “the link is yet to be proven”.

This online “Anonymous” Group is best known for its attack on websites and has been also tried to bring down several payment sites including Mastercard.com and Visa recently to block the payments to Wikileaks.

Action Taken By the Party

As a follow-up activity, party has informed the people, whose data has been compromised by an email about the breach. Also warned them that the hacked data was included their personal details like names, email addresses, constituency details and phone numbers. Fine Gael contacted to the data protection commissioner “Billy Hawkes” who is investigating this case and also contacted the Garda Computer Crime Unit in relation to the attack. The FBI has also involved in this case after ElectionMall contacted the US police.

According to Hawkes, party suspects that the personal data of those who posted comments or registered their details has been compromised. In a statement party said the website will be offline “while we follow-up with the appropriate authorities to resolve the matter.”

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Fine Gael website targeted by Anonymous hackers (guardian.co.uk)
Irish site ‘hacked by activists’ (bbc.co.uk)
FG site hacked in seconds – default passwords unchanged. Hacked for not buying Irish. (politics.ie)
Fine Gael’s new website appears to have been hacked (politics.ie)
Fine Gael’s website hacked (sociable.co)

1 comment »

Posted in Hackers, Uncategorized, data breach

Tags: alertsec AlertSec Xpress data data breach Data Breaches data security finegael Information Loss Ireland Political party security security breach United States Wikileaks

Better Business: How Data Breaches can lead to Identity Theft

January 12th, 2011

: Image by Rosie O’Beirne via Flickr

Data breaches continue to plague businesses and there are likely thousands of data breaches that go undetected or unreported. People have been victimized by security breaches multiple times, for example, by their schools, local, state or federal government, financial institution or many other organizations. Sometimes organizations have had multiple breaches. Maximum reported breaches by organizations could not clearly state that how much data was accessed or stolen.

What Counts as a Data Breach?

A data breach is the release of secure information to untrusted environment weather intentionally or unintentionally. It is a security incident in which confidential or protected data is stolen, transmitted or used by an individual who is unauthorized to do so. An incident of data breach may involve financial information like personally identifiable information (PII), personal health information (PHI), credit card details or bank details. It may also include trade secrets of corporations or intellectual property.

Reported Data Breaches Every Year

Approximately 10 million people are the victims of identity theft every year. The Identity Theft Resource Center in 2010 recorded 662 data breaches in the United States, which was nearly 33 percent increase from 2009 and at least 498 data breaches reported in 2009, which was actually an improvement from 657 the year before. According to the lists maintained by private groups that track reports of breaches, from January 2005 through December 2006 more than 570 cases of data breach were reported.

Big Companies are also not Safe

Well established popular hospitals, government agencies and other organizations have also been the victims of data breaches. Recently some big companies like fast food giant McDonald’s and Japanese Automaker Honda also get affected by the data breach. So it’s not the case of how big a company is but how much it is aware about the data security software and encryption software. There are only 46 states and three territories, which have enacted data breach laws, since 2005.

Companies must be Proactive in Notifying Consumer

According to the state and federal laws, companies must be proactive in notifying consumers in the case of data breach. If you are a business owner or executive, you have a responsibility to minimize the damage from a data breach. As soon as you become aware of a potential data breach, seek assistance from an attorney or risk-consulting company. They can help identify what state or federal laws require you to do, including alerting consumers or government agencies. Most companies will set up a hotline for the consumers to address their concerns and questions.

Consumers can File a Fraud Alert

If consumers receive a notification about a breach that they don’t thoroughly understand, they can call the company. They can also call their financial institution and get their advice on what to do. Check their statements as soon as they receive them and notify the financial institution immediately if there are fraudulent charges. They can file a fraud alert with all three credit reporting agencies (Equifax, Experian and TransUnion). These financial institutions are required to flag their credit report for 90 days and notify them if someone tries to open a new account using their information.

It is a very big responsibility for the organizations to secure sensitive consumer information. Organizations need to do a much better job in the case of handling and storing the sensitive digital data. They will have to increase their awareness and reaction towards the data and security breaches. Securing personal data is a very difficult task and is must for the organizations to use encryption programs. This is the only secure way to safeguard the data.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Hackers, Insiders Behind Most Identity Theft (informationweek.com)
First fines for data act breaches (bbc.co.uk)
How to Avoid Credit Card Fraud and Identity Theft (applyforacreditcard.com)
How Much Hacking Is Going On? (brighthub.com)

No comments »

Posted in Identity and Information loss, data breach

Tags: alertsec AlertSec Xpress breach notification laws Computer security Crime data data breach Data Breaches data encryption data security Encryption identity theft Information Loss laptop security Social Security number Theft United States

Japanese Automaker Honda Data Breach Affects 4.9 Million Customers

January 6th, 2011

: Honda Headquarters Building in Japan

Japanese automaker Honda Motor Company has put an estimated 2.2 million customers in the United States on a security breach alert after an email database containing personal information on the owners and their cars was hacked, according to reports.
Another 2.7 million Acura owners were also affected by this breach. Acura is the company’s luxury vehicle brand. The database also contained the email addresses of around 2.7 million My Acura account users but Honda said the list contained only e-mail addresses.

List Was Managed By a Vendor

According to Honda’s notification mail to affected customers, the list was managed by an unnamed vendor. Reports indicate that the vendor was Silverpop Systems, which is an Atlanta-based email service provider and has been reportedly involved in the recent hacking incidents including that of fast-food giant McDonald’s.

Victim’s Identity is Difficult to Steal from the Leaked Information

The email database contained names, login names, e-mail addresses, 17-character Vehicle Identification Number, which was used to send welcome e-mail messages to customers that had registered for an Owner Link account and also the email addresses of affected Acura owners.

The car maker said that “law enforcement authorities have been contacted and an investigation is in process. Further, American Honda Motor Co., Inc. is taking steps to minimize this type of exposure in the future.”

In a Web notice to customers, Honda said it would be difficult for personal information to be stolen based on the information that had been leaked. However, it has warned that customers ought to be wary of unsolicited e-mail messages requesting for personal information such as social security or credit card numbers.

According to Officers it’s Not Tough for Hackers to Fool Customer

Senior technology consultant at Sophos, Graham Cluley, pointed out that cybercriminals who possess the list might e-mail the car owners to fool them into handing over personal information or tricked them into clicking on malicious attachments or links.

He explained in a blog post “If the hackers were able to present themselves as Honda and reassured you that they were genuine by quoting your Vehicle Identification Number, then as a Honda customer you might very likely click on a link or open an attachment”. He added, Acura customers, could also be on the receiving end of spam campaigns.

Reminder for Companies Which Doesn’t Use Adequate Measures to Protect Customer Data

This incident might serve as a reminder for the other companies that they not only need to have adequate measures to protect customer data in their hands but also need their partners and third-party vendors to follow equally effective best practices.

According to Graham, “It may not be your company that is directly hacked, but it can still be your customers’ data that ends up exposed and your brand name that is tarnished”.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Honda’s Customer Database breached – millions of email addresses and VIN numbers leaked (gansec.com)
Honda warns customers about database hack (cbc.ca)
Honda hack: Millions of customers’ email addresses stolen (nakedsecurity.sophos.com)
Honda and Acura Owner Database Hacked (walletpop.com)
Honda Warns 4.9 Honda and Acura Owners That Their Emails Were Compromised (spectrum.ieee.org)

2 comments »

Posted in data breach

Tags: alertsec AlertSec Xpress data data breach data security Information Loss security Social Security Social Security number Theft

Privacy Breach: Stolen Laptops in Alberta Contained Health Data

December 21st, 2010

: Privacy Breach in Alberta

In Alberta seven laptops or digital devices were stolen in the past month which contained unencrypted health, employee and financial information, prompting disbelief on Thursday from Alberta Privacy Commissioner Frank Work.

Work said, “It just makes me crazy, I think that’s just utterly irresponsible now in this day and age”.

What Type of Data was in Stolen or Lost Laptops?

One of the stolen laptops contained medical charts belonging to 2,700 pediatric gastroenterology patients participating in a study, which belonged to a researcher at the University of Alberta.

A missing digital recorder contained statements related to wildlife investigations, this device was stolen from Alberta Sustainable Resources. Another laptop stolen from the same department contained an employee evaluation as well as contact information of junior forest rangers.

A loss that worried Work the most was laptop stolen from an unnamed trust company had emails containing mortgage application information, credit bureau reports, social insurance numbers and other personal financial information of 135 people.

“In this case, that is the information that can really be used for an identity theft” Work said.

Two laptops were stolen from a speech pathology office, contained information about patients, all under six years old. Another laptop from a marketing firm left in a European airport that contained information of 27 Alberta employees. And the last missing laptop containing employee information that included social insurance numbers was belonged to a genetic research company.

Encryption Programs are Easily Available:

People should not put personal information on laptops if they do not have to, Work said. Data breach is very common nowadays but it is not difficult to protect data. Many internet security companies such as Norton and Symantec offer encryption programs like data encryption software and laptop encryption that make it easy for people to protect data.

Work said, “It is not like we are asking people to do anything incredibly difficult here, especially if you weigh that against telling 35 employees that you lost their RSP information, their employment files and so on”.

Police Statement on This Privacy Breach:

Police told Work that most laptop thefts involved criminals who tried to resell them quickly for $50 or $70 to someone who simply overwrote the files and did little with the personal information.

Work said, “You have a responsibility to your patients, clients and employees to encrypt their information when you are carrying it around with you and the law says you have to do that”. “However the information is out there, which is still troubling”, Work added.

Work said further, “People who have been the victim of privacy breaches by private sector businesses can sue for damages under Alberta law”. Alberta law does not have any provisions for Work to penalize individuals, organizations or government agencies for privacy breaches. He can only work with offenders on remedial measures.

How Alertsec Xpress Would Have Helped:

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.