Log in

Posts Tagged ‘Massachusetts’

Data of one out of every three people in the state of MA has been compromised in the past 20 months

September 25th, 2011

State of Massachusetts has seen the maximum number of data breaches in the past twenty months. Personal information of about two million Massachusetts residents i.e. one in every three people who are residents of Massachusetts, has been breached through electronic data breaches.

According to the 2007 state laws all companies doing business in Massachusetts must inform consumers and state regulators about security breaches that might result in identity theft. The list includes leaks of individual names along with sensitive data like Social Security numbers, bank account, credit card and debit card numbers. The law came into being in 2007 as a result of a 45 million hack of credit card numbers from Framingham-based retailer TJX Cos.

Martha Coakley, Attorney General, said that nearly 1,200 data breaches have been reported. Quarter of these were the result of intentional hacking.

The largest breach in the time period was the hacking of information of about 800,000 people that was lost by a vendor hired to destroy it. In addition, information on 210,000 residents entrusted to a state agency was put at risk.

These data breaches contained information from names and addresses to medical histories.

What MA residents had to say?

Daniel Paul, a courier, gets the jitters when he thinks about it. He made online purchases with his credit card but started getting charged for things he didn’t buy: his credit card had been hacked. It was a nightmare to get things back on track.

Here is what he had to say ”Just going through getting everything changed back, changed over, getting charges off your account, your credit– it was awful,” said Paul. ”I hope I never have to go through it again.”

Mike Paquette, Chief Strategy Officer for Corero Network Security in Hudson, MA said ”In today’s internet world there are so many opportunities where information can be disclosed, as an individual, unfortunately there is very little that you can do,”said.

Consumers do have the option of suing, but it really doesn’t get them anywhere as it is very difficult to prove data theft.

Consumers must carefully keep a track of their online transactions. It is always advisable to deal with well-known companies and do your homework about the company’s info.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

.

No comments »

Posted in Data Protection, Encryption, Uncategorized, computer security software, data breach, data encryption

Tags: Attorney general Computer security data breach Desktop computer Enter your zip code here identity theft iTunes Martha Coakley Massachusetts Massachusetts Attorney General Personal computer Personally identifiable information security Social Security number United States

Potential Data Breach at Massachusetts Secretary of State’s office

July 9th, 2010

: CD – ROM

Recently over 1,39,000 letters were issued by the Massachusetts Secretary of State’s office to investment advisers. Do you know the reason why?

Perhaps many of you have guessed it right. Another day, another victim this time the Secretary of State’s office became the latest data breach victim due to an accidental release of confidential information by an employee. Once again this incident raises question marks over the use of Computer Security Software. The result – Full exposure of critical and confidential information of over 1,39,000 investment advisers to a business publication.

The security unit of the office securities unit unknowingly mailed an electronic list of the investment advisors, along with their names, social security numbers, and other information.The personal information was present inside a CD-ROM and was sent to IA Week which is an investment industry publication. On the contrary, IA Week had issued an information request of the office’s Securities Division for a list of registered investment companies. On discovery of the error, the CD-ROM was sent back. It is believed that the data has not been copied by IA Week.

The experts at the Masachussets Security division are still not sure whether this incident qualifies as a data breach as no information loss has been reported and the CD-ROM was returned back.

Some of the security experts hold a similar view which is encouraging for the potential users whose information has been risked.

According to David Berman, director of product marketing for Voltage Security, “The users should treat this as if their personal information is now at risk”. “If gotten into the wrong hands, the exposed data could be used to obtain a fake ID, which can subsequently be used by hackers to infiltrate or open personal accounts using the victim’s personal information”.

Berman added, “In this basic case, any encryption at all would have prevented sensitive data being leaked outside the institution”. “In this case, it’s probably more than an unfortunate mistake. There are security best practices, operation processes and some technology requirements that this particular office doesn’t have.”

Brian McNiff, spokesman for Secretary of State William F. Galvin, said that there was no reason to believe any of the data was misused.

According to Massachusetts law the organizations who’re suspect of data breach incidents are required to notify the individuals affected, the state attorney general, and the director of consumer affairs whenever there is exposure of personal information.

At Alertsec, we would agree with the thoughts of Berman. A use of basic encryption software would have been enough to protect the sensitive data from being leaked outside. Perhaps, this incident will make government institutions in the United States better aware of the dangers of potential data breaches.

Data Security with Alertsec Xpress

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Protect Yourself Against Data Loss. Join Our Free Webinar Thursday (palisadesystems.com)
ID Thefts Go Unreported Despite Notification Laws (informationweek.com)

No comments »

Posted in AlertSec Xpress, Data Protection, computer security software, data breach

Tags: Confidentiality Consultants data breach data security Massachusetts security Social Security number United States

Massachusetts Enforces New Security Laws for Consumer Protection

February 26th, 2010

As we predicted earlier this month, more legislation is being passed by governments to hold companies accountable for data breaches and increase overall security of businesses. Massachusetts is the latest to join this trend- starting March 1st, businesses in the Commonwealth will be held to a much higher standard when dealing with protecting their customer’s personal data. Organizations which fail to comply with the new law before the start of next month can face fines and be liable for civil lawsuits.

The new legislation is extremely important because, even though it only applies to companies in a specific state, it have many global implications. The main one is that governments are taking note of security breaches and considering them a serious threat. The new laws demonstrate that businesses which fail to protect their internal data will face punishment. Data encryption needs to be a part of every corporation’s security strategy- the law specifically mentions that personal customer information has to be encrypted!

A Look at the New Laws

Massachusetts Privacy Law – 201 CMR 17 Compliance [PDF] was created to protect customers from identity theft and other troubles that result from a company revealing personal information to outside parties. The law outline the measures businesses need to take to keep customer data secure. An article from Bank Info Security summarizes the new rules:

The new law, Massachusetts identity theft regulations, 201 Code of Massachusetts Regulations 17.00, applies to any individual, company or organization that handles personal information in connection with employment or the sale of goods or services. Under the law, Massachusetts will require any entity that stores or transmits residents’ personal information to encrypt the data when it’s stored on portable devices or transmitted via the Internet. The personal information is a combination of customers’ or employees’ names and their Social Security, bank account or credit card numbers. The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) says it is trying to create a culture of security around personal information.

The articles points out that the law may be difficult to enforce- in fact, the original deadline for compliance was pushed back from August 2009. However, Massachusetts businesses shouldn’t rest easy- those found in violation of the law can face severe penalties under Regulation of Trade, chapter 93A, section 4, including:

Civil penalty of $5,000 per violation
Payment of the costs of investigation and litigation of such violation (including attorney’s fees)
Payment to victims of security breach

How to Respond

Businesses, particularly those in Massachusetts, need to develop comprehensive longterm security plans for protecting their company’s customers. The new laws aren’t meant to penalize companies for experiencing data breaches; rather, they’re supposed to encourage companies to practice smart security protocol. Organizations worldwide can follow the laws voluntary and enjoy a higher level of security and, ultimately, better relations with customers.

In order to avoid unnecessary costs associated with data breaches, companies need the right technology. Our Alertsec Xpress full disk encryption service helps businesses comply with new laws by securing customer data. We offer encryption software that’s extremely easy to use and a must-have for any company which wants to be protected from online threats.

Further Reading
Mass. Data Privacy Law: Are You Compliant? [Bank Info Security]
Massachusetts raises the bar for personal data protection, globally [Ovum]