Log in

Posts Tagged ‘Law’

Laptop Theft at Oklahoma State Department of Health

April 17th, 2011

Laptop Theft - Yet Again

There is no denying the fact that the laptop theft is an extremely significant threat to businesses or individuals irrespective of the nature of the threat. The theft becomes all the more significant when government bodies or institutions become victims.

Being in the business of computer protection software we have been constantly voicing concerns about our practices and ways to secure data as well as protect laptop thefts. Today we are going to look at another case which is clear demonstrates what can happen if you are not using laptop encryption software.

OSDH i.e. the Oklahoma State Department of Health (OSDH) has sent notification letters to almost 133,000 individuals that they could be potentially at risk due to the loss of the agency’s laptop which contained their personal information. The laptop was stolen from the car of OSDH’s employee in broad daylight.

The computer contained a database related to the Oklahoma Birth Defects Registry. The Oklahoma Birth Defects Registry is the provider of statewide surveillance of birth defects which reduce the birth defects through prevention education, monitoring trends and analysis of data. The laptop was used to record data from hospital medical records. An additional 50 paper files containing abstracted medical information were also taken in the theft.

The State Health Commissioner Dr. Terry Cline has offered apologies over the incident, “We are mindful that Oklahoma’s citizens trust the OSDH to do all it can to protect the personal data we acquire as part of our disease prevention services,”. “We offer our apologies to those who may be affected.”

Dr. Cline added “We are reviewing our administrative policies to strengthen safeguards to better protect the confidentiality of the data we collect. We recognize our obligation to make any changes that will ensure a similar incident cannot happen again,”.

OSDH has taken immediate steps towards protection of personal information. They have filed a police report and have also launched an internal investigation apart from coordinating with the cops at Yukon police department for their own investigation process. In addition, the staff is also reviewing its administrative policies to safeguard and assure that future occurrence of such incidents can be avoided.

If you have questions or any specific concerns about the incident you can call the toll free number 1-866-278-7134 between 8 am to 5 pm from Monday through Friday. You can also email the OSDH at contactosdh@health.ok.gov or visit their website http://www.health.ok.gov for more information.

The address of OSDH is as follows:

Oklahoma State Department of Health
1000 NE 10th St.
Oklahoma City, Ok 73117
Attn: Privacy Officer

If you are interested, you can also register for a free fraud alert with the three credit bureaus listed here:

Experian (888)397-3742, www.experian.com, P.O. Box 9532, Allen, TX 75013

TransUnion: (800)680-7289, www.transunion.com, Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834

Equifax: (800)685-1111, www.equifax.com, P.O. Box 740241, Atlanta, GA 30374

About Alertsec

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide!

Related articles

Credit Repair After Identity Theft (creditrepair.org)
Oklahoma Department of Health Says 133,000 Medical Records Taken in Laptop Theft (spectrum.ieee.org)

No comments »

Posted in laptop encryption, laptop theft

Tags: Law Law Enforcement Oklahoma Oklahoma State Department of Health Police Terry Cline Theft TransUnion

‘Long-term’ Employee Responsible for Massive Mesa Data Breach’

December 4th, 2010

: Courthouse in Mesa County

In what can be termed as one of the biggest disasters, a data breach incident happened in Mesa County. The authorities are still trying to figure out the extent of a security breach that has put secured law enforcement files and people’s personal information out on the internet for anybody to view.

How did the incident happen?

The incident happened during the stage of software transition and was primarily caused by the mistake of a Mesa County IT employee. It resulted in thousands of internal sheriff’s department records being available for public viewing on the Internet.

The Sentinel also describes how the data breach happened. The employee had been working in Mesa County’s Information Technology group on a project integrating computer databases between Grand Valley law-enforcement agencies, Mesa County Sheriff “Stan Hilkey” said. In April, authorities said the man had “parked” files from the sheriff’s records-management system on a county-run server that the man believed was secure: a “file transfer protocol site.” Hilkey said the files were kept at that location, which has its own Mesa County URL address, awaiting conversion to be compatible with the new law-enforcement database.

Impact of Data Loss

The kicker is that records were accessible for seven months before the sheriff’s office caught wind of the situation and took them down. The information included names of confidential informants who worked with a drug task force, e-mails between officers about crime victims and home addresses for sheriff’s department employees. Hundreds of thousands of pieces of personal information have been leaked onto an un-secure file-transfer website or FTP.

The Mesa County Sheriff’s Department says its files include information on up to 200,000 people

What the Authorities are Saying?

Interim Mesa county administrator Stefani Conley said, “This employee thought this was a password-protected, encrypted website.”

While there was no official confirmation to the number of The sheriff declined to say how many times the data was accessed, only describing it as multiple hits from local, national and international computers.

Sheriff Stan Hilkey said, “It’s the county’s fault that it was there, on purpose or not, Mesa County is dealing with a pretty big problem”. Stefani added, “This was a situation that again, should not have happened.” “It was an error by an IT employee and that employee is no longer with the county”. The county wouldn’t divulge any information about the employee, other than saying in a statement that “this person was a long-term county employee.”

Even though all signs point to this being just an honest mistake, it is off-course something that hadn’t happened overnight. The data was moved to the un-secure website about seven months ago in April. Although, the first security breach only happened at the end of October. “There was no criminal activity during the first breach,” Hilkey said. But, it still took county I.T. engineers almost a month to notice and shut down the problem. County attorneys are trying to figure out if they could face any legal ramifications if somebody’s identity is stolen.

If you are reading this article and are victim of one of these breach incidents you can call these three creditors: Equifax Credit Bureau Fraud Department – 800) 525-6285, Experian Information Solutions Fraud Department – (888) 397-3742, and the TransUnion Credit Bureau Fraud Department – (800) 680-7289.

How Alertsec Xpress Would Have Helped

Whether it is done with intention or out of ignorance, the sheer fact is “Data Breach” hurts the processes and functioning of organizations badly.

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Mesa calendar (eventkeeper.com)
Mesa County Accidentally Posts 20 Years Of Confidential Data Online (huffingtonpost.com)

No comments »

Posted in Uncategorized

Tags: Barack Obama Colorado data breach Employment Grand Junction Colorado Information Technology Law Law Enforcement Mesa County Mesa County Colorado Sheriff

Laptop Theft Incidents on The Rise

November 6th, 2010

: Use Laptop Encryption Laptop Thefts

Since the early days of this blog, we have been strongly emphasizing how “Laptop” theft incidents can create a severe impact on the well-being and functioning of modern enterprises. Today, it is a well known fact that all of the secure data is contained in these laptops and if these laptops are stolen, it can cause tremendous damage in terms of processes, operations and off-course FINANCES.

The worries of laptop theft are applicable not just for organizations but they are going beyond the companies to residents of various states in the U.S. A fresh incident in the Brookings county has led to a warning from the Sheriff.

The Sheriff has warned the residents that they should keep their vehicles, homes and garages locked. The staff is also advising the residents not to make the basic mistakes like leaving their valuables in vehicles. According the County Assistant Sheriff Scott Sebring, two vehicle burglaries were reported in Elkton on Tuesday, Nov. 2.

The first incident happened in Elkton residence, the vehicle was unlocked and someone utilized the opportunity to steal a Dell laptop computer. Similar burglary incidents in other parts also lead to cash thefts.

In another incident in Accomack County, a laptop which contained the person information of county residents was stolen from a Las Vegas Hotel room. Apparently, after the loss the county has started receiving reports of fraud activities on the existing credit accounts of the residents.

Overall, there have been more than 600 theft related calls from the residents. However, the Country Administrator Steve Miner believes that it is not necessary for the two reports to be linked to each other. It could be that the stolen computer incident is different from the county data being used for fraudulent purposes.

The county could be under severe trouble if the residents start filing for lawsuits.

County Attorney Mark Taylor “has contacted the Las Vegas police to make sure that they are aware that this isn’t just a simple laptop theft worth $700,” Miner said, adding that the last contact between Taylor and the police department occurred a week to ten days ago.

The stolen laptop contained personal information which includes Social Security numbers, names and driver’s license of over 35,000 county residents. It has since been revealed that the files, which were related to personal property tax rolls, also contained information about some residents of Northampton and other localities.

This information has come from the Virginia Department of Motor Vehicles and other agencies, which include the Department of Game and Inland Fisheries.

Miner said, “We have talked with the DMV and they strongly feel that their staff do not commonly make the mistake of entering the wrong locality when registering vehicles”.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software.The threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

News of Record: Police Log (bendbulletin.com)
Millburn Police look for a third suspect in rash of car burglaries (nj.com)
Data Breach and Cyber Risk Veteran Expert Briefs Insurance Professionals in CPCU Online Seminar (prweb.com)

No comments »

Posted in laptop encryption, laptop theft

Tags: Allstate Hardware identity theft insurance laptop laptop theft Law Scottsdale Arizona security Social Security number Theft United States Virginia Department of Motor Vehicles

Wellpoint Sued by Indiana AG Over Health Data Breach

November 4th, 2010

The Monetary Value: $300,000

The Fault: Delay in notification to customers about online exposure of medical records, credit card numbers and other sensitive information.

Health insurer Wellpoint is facing allegations in a law suit as apparently critical consumer health data was at risk for over 137 days on the website of Wellpoint. Apparently, the Consumer health data was at risk for 137 days through an unsecured Wellpoint website.

The attorney in the region of Indiana has filed suit against health insurer Wellpoint for causing un-necessary delay in notifying customers about the data breach. According to the law in Indiana, businesses are required to notify individuals who are affected by data breaches. In addition, the businesses are also required to notify the attorney general’s office about the breach.

As per the information that has been conveyed by the attorney general’s office, the exposed data includes social security numbers, health records, financial information. This is data of over 32,000 customers across Indiana. The data was available during the months of October 2009 and March 2010 and as stated above it was for a period of 137 days. The data was submitted to Wellpoint from applicants seeking insurance coverage.

As per the Attorney General Zoeller, WellPoint learned of the breach, which had affected more than 32,000 Indiana citizens, on Feb. 22 itself but it did not begin notifying customers until almost four months later. In response the state is seeking over $300,000 in civil penalties.

“The Attorney General’s Identity Theft Unit continues to investigate the WellPoint data breach and encourages those who may have been affected to perform a credit check and a security freeze to guard against identity theft. By law, security freezes are available for free to residents of Indiana.”

From their side, the AG office had informed Wellpoint on separate dates in the months of February 22 and March 8 of this year. But apparently, Wellpoint only began notifying the customers on June 18, 2010.

AG office issued a statement in which they said, “While most inadvertent security breaches do not result in fraud, notifying those affected in a timely manner significantly reduces the risk of identity theft,”. “Situations involving the theft of personal information for the purposes of identity theft most often result in some form of fraud occurring within seven to 10 days”.

For detailed information please visit the informationweek link.

How Alertsec Xpress Would Have Helped

Feel worried after reading the above news story? Have potentially un-secure data in your enterprise? This could be you!! Don’t wait to take the right-decision and invest in computer security software on the right occassion.

In an incident which highlights the need of a data security and recovery software.The threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Indiana AG Sues Wellpoint Over Health Data Breach (informationweek.com)
Indiana AG sues WellPoint over data breach (thetechherald.com)
Indiana AG Sues WellPoint Over Data Breach (palisadesystems.com)

No comments »

Posted in Computer security, computer security software

Tags: Attorney general data breach Health insurance identity theft Indiana information week Law Social Security number WellPoint

Laptop theft by a Gadsden man at courthouse

October 9th, 2010

A man who was reporting for his drug test at the Court Referral Office in Etowah County has been reprimanded and charged with laptop theft from the office on Wednesday. This has been in-response to a statement which was issued from the Etowah County at Sheriff Todd Entrekin.

The 30 year old man whose name is Jeffery Shane Deerman was arrested and charged with the act of second degree theft of property as per the press release.

Deerman had taken a laptop computer from the court office and had carried it down the hallway. After carrying it down the hallway, he had hid it in the restroom dustbin. The man is on probation and is reporting to the Court Referral office for a schedule drug test.

The office personal was alerted of the theft by the Witnesses who had then contacted Courthouse Security, according to the press release.

Currently, Deerman is being held captive in the Etowah County Detention Center and has been captured on $2,500 bond.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software.The threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Dion Sims of Michigan State Spartans pleads guilty to role in laptop thefts, has deal to cooperate in probe (sports.espn.go.com)
Moneyed man allegedly stole junk food (upi.com)