Internet

Online application glitch may lead to data breach

March 7th, 2015

A nonprofit organization, Painted Turtle based in California which runs a camp for children with life-threatening diseases and their families free of charge suffered data breach when some personal information may have been exposed because of online application glitch.

The affected information includes names, addresses, Social Security numbers, driver’s license numbers, personal medical information, and employment information.An error in the database of the painted Turtle’s online application server for campers and volunteers caused the data breach. Bank account and credit card information were not present on the server.

“We immediately brought the database offline to prevent anyone from being able to access your records,” Maher wrote. “Also, in an effort to prevent similar data breaches in the future, before bringing the system back online we updated our database’s code to prevent the issue from occurring again.”

According to the statement on the website:

Your information would not have been viewable unless a specific chain of events occurred.

Specifically: (1) you would have had to identify someone as a Reference in your application in 2013–2014, and (2) that person would have had to begin filling out an application as well, and (3) while that person’s application (and your application) was still pending, (4) they would have had to access their pending application and click “show related profiles” and your name. Again, your information would not have been accessible to anyone outside of the persons you listed as References in your application.

We became aware of this issue on January 12, 2015. As soon as this error was brought to our attention, we began taking steps to address and mitigate the risk to you. We immediately brought the database offline to prevent anyone from being able to access your records.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

File Sharing and Security

February 28th, 2015

In recent times, file sharing is done frequently on the internal servers, websites or through Instant Messaging service. Due to availability of various services on personal devices like smart phones it has become challenging for the organization to secure the sensitive information. Even unprotected Windows networking shares can be exploited by intruders in an automated way. Companies can follow below guidelines to protect themselves from data breach:

  • Protecting your computer against malicious file sharing tools and websites
  • Domain checking of the website for authenticity and then allowing permission to transfer data
  • Downloading data from trusted sites
  • Save downloads instead of running them from pop up window
  • Checking license agreement and privacy statement before installing any software
  • Avoiding illegal downloads
  • Don’t open mail from unknown sources
  • Don’t share your computer access
  • Regularly update your security software with the patches
  • Check your security on regular basis
  • Don’t open your IM on public list
  • Never send sensitive information or files like credit card numbers, SSN’s etc on IM
  • Secure your IM by contacting security admin regularly
  • Highly social nature of IM helps imposters to get information
  • Beware of sharing your personal as well as company information with strangers

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hackers potentially compromise data of 80 million individuals

February 2nd, 2015

Anthem, Inc.’s database was attacked by hackers potentially compromising the personal information of approximately 80 million former and current customers, as well as employees. The affected information includes  names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

According to a statement from Anthem president and CEO Joseph Swedish posted on the company website:

“Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” Swedish said. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”

Swedish added that the personal information of Anthem employees, including himself, were also compromised in this data breach using “very sophisticated external cyber attack”.

“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” he said.

Anthem will notify the affected individuals.

“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Swedish said. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.”

The HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) has been collaborating with Anthem since it discovered the breach.

“As additional information becomes available, Anthem has committed to continue to work with the HITRUST C3 to disseminate any findings and lessons learned that can help other organizations better prepare and respond to these type of cyber incidents.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.