Information Technology

UC San Francisco suffers data breach due to stolen laptop

July 5th, 2015

UC San Francisco is alerting the individuals about the burglary which led to potential breach. Unencrypted laptop which belonged to a faculty member in the Cardiac Electrophysiology & Arrhythmia Service was stolen. UC San Francisco mentioned that it contained some sensitive information of about 435 patients.

After the theft, UCSF promptly began an extensive technical analysis to identify what information was on the laptop. The analysis revealed that the computers contained some personal, research and health information.

The affected information includes names, dates of birth, medical record numbers, and health insurance ID numbers. However, Social Security numbers were not included. The computer was taken from the employee’s office. UCSF police and UCSF officials were immediately notified after the incident.

“UCSF deeply regrets any inconvenience this incident may cause,” UCSF said in the statement. “The university is committed to maintaining the privacy of personal, research and health information, and has taken additional steps to secure that information, including strengthening administrative, technical and physical processes for information security.”

As per the UCSF statement, there is no evidence of attempted access or misuse of the information on the laptop. Individuals who are potentially affected are being notified and the California Department of Public Health has also been alerted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UCSF Medical Center and Sutro Tower behind it....

UC San Francisco suffers data breach due to stolen laptop 

Default IP Address, Outdated Firmware used by majority of SOHO Wireless Routers

February 28th, 2014

Tripwire has announced the results from its analysis of security vulnerabilities in small and home office wireless routers, finding that 80 per cent have exploitable flaws in their security.

Tripware conducted survey of 653 IT and security professionals and 1,009 employees who work remotely in the U.S. and U.K. Survey shows that 55 percent of IT professionals and 85 percent of employees haven’t changed the default IP address on their wireless routers.

It also came to notice that 52 percent of IT professionals and 59 percent of employees haven’t updated the firmware on their routers. Also admin password on their routers is also not changed by 30 percent of IT professionals and 46 percent of employees.

Tripware also found out that 80 percent of Amazon.com’s top 25 best-selling small office/home office (SOHO) wireless routers have security flaws.

Tripwire security researcher Craig Young said in a statement. “Unfortunately, users don’t change the default administrator passwords or the default IPs in these devices and this behavior, along with the prevalence of authentication bypass vulnerabilities, opens the door for widespread attacks through malicious Web sites, browser plugins, and smartphone applications.” And “[T]hreats to routers will continue to increase as malicious actors recognize how much information can be gained by attacking these devices,”

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Increasing number of Internet users fear Data Theft

November 5th, 2013

In today’s world, majority of consumers worry that their information will be stolen with over 88% of internet users admitting their qualms about internet use and information theft.

Despite their worries, many still conduct risky behaviors such as using the same passwords across multiple accounts and websites or writing down passwords so they can remember them.

Increased security threats are perceived as the biggest governance issue at 38%, followed by data privacy at 28%.

The findings sought to examine the risks and rewards of key trends, including the Internet of Things, which refers to machines, devices, sensors, cars, cameras and other items that are connected to the Internet and often to each other such as everyday gadgets including GPS systems and smart TV’s.

Internet has the ability to collect and transmit data through the use of embedded devices or sensors that connect with networks. These devices have the potential to reap numerous rewards, such as greater efficiency and customer satisfaction.

“However, the Internet of Things poses a number of risks as well, such as more entry points for hackers, espionage and theft of intellectual property,” said Vladimiro Comodini, President of ISACA Malta Chapter.

The report uncovered that less one in five surveyed consumers are aware of the term Internet of Things, yet many admitted to using these devices among which include GPS systems, smarty TVs and electronic toll devices on their cars.

IT professionals have said that half of institutions have plans to capitalise on the internet of things while 31% say that their enterprises have already benefited from the increase access to information such tools provide.

“The rapid increase in connectivity, via the Internet of Things, is fundamentally changing the way we live, work, play and behave. What this survey clearly shows is the shift in perception about risk and privacy as the world becomes increasingly connected,” said Comodini.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data Theft hits Vodafone customers

September 13th, 2013

Mobile phone and broadband provider Vodafone Deutschland was attacked by a large-scale data theft affecting the personal details of their two million German customers.

Spokesman Alexander Leinhos said that a computer specialist who worked at Vodafone was accused of this data theft incident.

Vodafone Germany said in a statement that the unnamed suspect launched a “criminal attack” on one of the company’s servers to steal the customers’ names, addresses; dates of birth, bank codes and account numbers.

Alexander said the company was advising its customers to take special care while providing their details to access its services, he claimed it was hardly possible for the attacker to access the bank accounts of affected customers.

The company referred to accused as a “hacker” who had knowledge of Vodafone Germany’s IT systems, a UK technology magazine has labeled the accused as a contract IT worker of Vodafone.

German media reports stated that the suspect worked at Vodafone as a system administrator for an external service provider, which employed him full-time.

In particular, added Die Welt, a Vodafone Germany spokesman – Alexander Leinhose cited security checks that all “external employees of service providers” must pass, which the accused reportedly did.

Vodafone stated on its website that there was a raid conducted at the house of accused, he was cooperating with the authority. They also asked him for the data theft to remain under wraps so their investigation would not be compromised.

The Mobile phone and broadband provider added: “The security of data has highest priority for Vodafone. We shall take all necessary steps to further improve the security of our systems and to protect against future criminal attacks”.

Vodafone has more than 32 million mobile phone customers and more than three million broadband subscribers in Germany. It is a wholly owned subsidiary of Vodafone Group.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

A Palestinian programmer Hacks Mark Zuckerberg’s Facebook Page

August 27th, 2013

Khalil Shreateh, an unemployed Palestinian programmer said he was attracted by the $500 bounty the social network giant, Mark Zuckerberg offers to those who voluntarily expose its glitches.

As Facebook ignored his first two reports, Shreateh took his message to the top and hacked into CEO Mark Zuckerberg’s personal page to prove his point.

Khalil wrote the Facebook CEO that he had no other choice after all the reports he sent to facebook were ignored and that he was not in Mark’s friend list and still he could post on his timeline. He was also sorry for breaking his privacy.

This successful attempt cost Khalil the bounty, but it earned him praise and many jobs offers coming his way for being able to hack Mark’s personal facebook page.

Khalil has been unable to find a job since he completed his graduation in Information Technology two years ago. He told Facebook found a way that allowed anyone to post on anyone else’s wall, just wanted to make a point to Mark Zuckerberg.

In a message posted to the Hacker News, a user-driven security news site, Facebook software engineer Matthew Jones said the initial report was poorly worded, although he acknowledged that the company should have pressed for more information.

“As a few other commenters have pointed out, we get hundreds of reports every day. Many of our best reports come from people whose English isn’t great — though this can be challenging, it’s something we work with just fine and we have paid out over $1 million to hundreds of reporters. However, many of the reports we get are nonsense or misguided, and even those … provide some modicum of reproduction instructions.” said Jones in his message.

Shreateh said he was initially disappointed by the Facebook response but as the job offers started pondering from all over the world he is happy with how things worked out.

“I am looking for a good job to start a normal life like everybody. I am so proud to be the Palestinian who discovered that exploit in Facebook” He said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Employee details leaked in a data breach

March 14th, 2013

Company officials at Allen County Information Technology Department detected on March 21 that personal details of employees has been accidentally made available to unauthorized users, including social security numbers and more than 1,100 employees has been affected in this data breach. During the weekly Allen County Commissioners’ meeting, Prosecutor Juergen Waldick of Allen County said, “The data breach was determined and blocked within minutes of the county becoming aware of it last Thursday.” The confidential information discovered of all the 1,152 county employees included social security numbers, said the Allen County Commissioners during a press conference. This has also led to impact some retired county employees too. Nobody is believed to have misused any single information till now. The fact about the exact manner of how the information was released and how long it was made available for others to see and/or access was not discussed and is still unknown.

“There’s nothing to hide,” said Jay Begg, Allen County commissioner. “It’s just that we want to be sure employees’ identities and information are protected before we tell everybody what happened.” The confidential information released did not include any financial, retirement or health care information, Waldick said. “While there is no indication that any individual’s information has been improperly used, the county has taken appropriate steps to protect its employees from the consequences of the data breach,” Waldick said.

“It wasn’t something that someone maliciously did,” Noonan said. “We learned a lot more about the Internet in the past couple days.” Becky Saine, Administrator at Allen County told that the company purchased one-year Lifelock security memberships at a price of $25,000 for all the affected employees. Lifelock is an identity data theft protection company that monitors data threats and send notifications to users when a suspicious activity occurs. Although the information on data breach is unavailable, also there are no signs of any personal information being misused, there could be a possibility of information being copied when it leaked out or during the time it was posted and the news about data theft developed. Most employees of the company have been informed of the issue occurrence through phone calls and mails. “Since this did involve some employees who recently retired, we have made every attempt to contact them, and in most cases, contacted all of them,” Waldick said.

The mails and letters which were sent to county employees contained instructions to obtain the free Lifelock membership. “We have no reason to believe that any information has been or will be used in an inappropriate way; however, out of an abundance of caution, we want to make you aware of the event,” the letter read. “The Allen County Commissioners have retained Lifelock(R) to provide one (1) year of complimentary identity theft protection.” Questions in order to investigate about the incident were referred to Waldick, who was found unavailable for any further comments. And the calls, made to the company’s IT Department were not returned.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta