JPMorgan Chase

A box of documents spilled off of a courier truck

February 13th, 2015

Kaiser Permanente suffered possible data breach when a box of documents spilled off of a courier truck. Incident took place during transit of box from Kaiser Permanente’s Kona Medical Office to storage. The company is notifying about 6,600 patients which includes – 4,000 patients who has their prescriptions electronically filled and the information may have been printed and included in the box of documents. The other 2,600 patients had their prescription paperwork in the box.

“Swift action by Kaiser Permanente employees allowed the retrieval of many of the documents, but unfortunately, not all were recovered,” the statement explained.

The documents were expired prescriptions. Affected information includes names, addresses, dates of birth, and medical record numbers. Moreover, the type and amount of specific medications were on the papers.

“You may get a letter and still not be affected,” Kaiser spokesperson Laura Lott told the news source. “But, we’re being very cautious because it’s the right thing to do.”

According to Kaiser Permanente statement:

Organization will offer credit monitoring to members whose Social Security numbers or driver’s license numbers was potentially exposed.

We are taking this matter very seriously and will inform each of the individuals whose information may have been involved in the incident,” Kaiser Permanente said. “As part of our outreach we are advising affected individuals to contact one of the national credit reporting agencies (Equifax, Experian, or TransUnion) to place a fraud alert on their file.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Security Breach in California

January 20th, 2015

California Pacific Medical Center (CPMC) mentioned in recent press release that one of its pharmacist employees possibly accessed patient records with no apparent business or treatment reason. There is possibility of data breach due to this incident. As per the policy, CMPC terminated its relationship with the pharmacist employee when the incident was discovered. CPMC audit of its electronic medical record (EMR) system revealed the probable data breach.

Affected information includes the last four digits of patient Social Security numbers, clinical information, and prescription information. CPMC notified affected 844 patients about the incident. According to the press release:

 The type of information varied for each patient. While the employee potentially viewed the last four digits of some social security numbers, the employee did not have access to full Social Security numbers, driver’s license numbers, California identification numbers, credit card numbers or financial account information. CPMC has no evidence of a malicious intent or any unauthorized sharing of patient information by the employee. CPMC believes that the employee accessed the information out of curiosity.

No action is required by the patients in response to CMPC’s notice.

CPMC takes patient privacy very seriously. CPMC has also reiterated to all staff that policy allows them to access patient information only when necessary to perform job duties and that violating this policy may result in loss of employment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

JPMorgan Chase attacked by the hackers

October 2nd, 2014

An overwhelming attack on JPMorgan Chase by the hackers has compromised the accounts of 76 million households and seven million small businesses. It’s one of the largest ever intrusion which has overcame the previous estimates of the bank.

Earlier Target, home depot and a number of other retailers has suffered major data breaches.  The recent incident is blow to already shaken confidence in the digital operations. Below are the details of last year breaches for above mentioned companies –

Target: 40 million cardholders and 70 million others were compromised

Home depot: 56 million cards

Breaches in largest banks like JPMorgan can lead to exposure of more sensitive data.

“We’ve migrated so much of our economy to computer networks because they are faster and more efficient, but there are side effects,” said Dan Kaminsky, a researcher who works as chief scientist at White Ops, a security company.

Bank believes that no money has moved out of the accounts and till today customers are safe. According to the reports, the hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders. It is believed that account information, including passwords or social security numbers are safe.

Jamie Dimon, JPMorgan’s chairman and chief executive, has recognized the growing digital threat. In his annual letter to shareholders, Mr Dimon said, “We’re making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe.”

Due to rising threat of online crime, JPMorgan has said it plans to spend $250 million on digital security annually.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Major US banks suffered data breach due to Russian hackers

August 20th, 2014

JPMorgan Chase and other bank were breached by Russian hackers who stole gigabytes of sensitive data which includes savings and checking account information as well as information on bank employees.

Highlights of the incident:

The FBI is investigating whether the attacks may have been launched in retaliation for U.S. government sanctions

“Russia has a policy of reactionary attacks in relation to political contexts,” iSight Partners manager John Hultquist told Bloomberg. “When it comes to countries outside their sphere of influence, those attacks would be more surreptitious.”

At least five banks were hit

“Companies of our size unfortunately experience cyber attacks nearly every day,” JPMorgan spokesperson Patricia Wexler told the Times. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”

Breach was accomplished either via a zero day exploit or via the exploitation of an unsecured employee to access

“At the end of the day, serious attackers, not just cyber punks who try to steal credit card information, will go to great lengths and spend immense amounts of money in order to reach their target, employing not only lessons learned from online criminals over the last 20 years but also decades worth of espionage and social engineering tactics,” Kujawa head of malware intelligence at Malwarebytes Labs said. “The best defense against these attackers is to fortify cyber defenses on every front, the education and access control of any users and finally an awareness and preparedness for any and all attacks that might be encountered.”

Very few enterprises are sufficiently equipped to defend themselves

“In fact, I would say that more than 90 percent of all organizations are completely vulnerable; they simply do not have the tools or the staff to deal with this kind of attack,” Triumfant CEO John Prisco said.

War-game’ on an ongoing basis to make sure new vulnerabilities aren’t missed

“The next stage in the arms race, for both attackers and defenders, is automation — not just searching for gaps, but figuring out the consequences of those gaps, in much the same way that generals study a battlefield before the battle starts,” RedSeal Networks CTO Mike Lloyd said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Data Theft at JPMorgan

December 10th, 2013

A warning has been sent across 465,000 holders of JPMorgan prepaid cash cards issued by the bank that their personal information may have been accessed by hackers who attacked its network.

The cards were issued for corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits.

JPMorgan reported the law enforcement as soon as it detected that its web servers used by its site www.ucard.chase.com had been breached.

Bank spokesman Michael Fusco said that since the breach was discovered the bank has been investigating to find out exactly which accounts were involved and what pieces of information could have been taken. He declined to discuss how the attackers breached the bank’s network.

Fusco said the bank is notifying the cardholders about the breach because it cannot rule out the possibility that their personal information was among the data removed from its servers. The cardholders account for about 2 percent of Fusco’s roughly 25 million UCard users.

The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the data breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity.

The bank believes “a small amount” of data was taken, but not critical personal information such as social security numbers, birth dates and email addresses.

Cyber criminals covet such data because it can be used to open bank accounts, obtain credit cards and engage in identity theft. Many states require banks to notify customers if they believe there is any chance that such information may have been taken in a breach.

The bank is also offering the cardholders a year of free credit-monitoring services.

The warning only affects the bank’s UCard users, not holders of debit cards, credit cards or prepaid Liquid cards.

Fusco said the bank has not found that any funds were stolen as a result of the breach and that it has no evidence that other crimes have been committed. As a result, it is not issuing replacement cards.

The bank said it does not know who was behind the attack, though the Secret Service and FBI are investigating the matter.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta