Log in

Posts Tagged ‘Oregon’

The Oregon Department of Transportation admits to data breach

September 12th, 2011

Data breach at ODOT exposes participants social security numbers

2011 has probably seen the most and the worst set of data breaches. In April 2011, Sony reported a data breach within their Playstation Network. Expedia’s Trip Advisor, email marketing provider Epsilon and professional engineering society Institute of Electrical and Electronics Engineers followed suit.

In the latest incident of data breach, data of 62 current and former employees remained exposed to the public online for nine long years. The breach was reported on Friday.

Details of the breach

Oregon Department of Transportation immediately removed the data from the site and apologized to its users who had participated in the environmental program. Fortunately, no one has had any problems with the exposed data.

Aug. 26 email gave details of this breach to all its users.

According to Theresa Masse, the state’s chief information security officer with the Department of Administrative Services ”Some were electronic — misdirected email, lost laptop, or a file exposed on a website,”. She further added “Others involved misdirected letters or a lost folder. The largest affected 500 people; the smallest, one individual.”

ODOT found out about the breach two weeks ago when it got a call from a citizen who brought to notice that a file in the agency’s file transfer protocol site contained encoded Social Security numbers. A file-transfer protocol site is used to transfer large files to internal and external users. The file contained names and encoded Social Security numbers of 62 people working with ODOT’s environmental programs. This information could have been online since 2002.

This is what ODOT spokesman Dave Thompson had to say when users found out about the breach ” “None of them were necessarily happy with us, or with the news this happened,” Thompson said. “But none of them has indicated they have noticed any sort of issue. It does not mean it hasn’t happened — and that’s why we spoke to them first before we announced it.”

Comparison with two private sector firm breaches

Health histories of 120,000 Oregon customers covered by Health Net were breached in March. Computer disks and backup tapes with details of 365,000 Oregon patients of Providence Health & Services went missing in Dec 2005

Another incident in early 2010

This incident was far more serious than the recent breach. A pen drive with payroll information of 550 Department of Corrections employees was found in Madras. The drive contained Social Security numbers of 300 employees at the Deer Ridge Correctional Institution near Madras and the Shutter Creek Correctional Institution in North Bend, and information of employees at the Warner Creek Correctional Facility in Lakeview.

How can Alertsec help protect data?

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Identity and Information loss, computer security software, data breach, identity theft

Tags: California computer encryption software data breach data encryption disk encryption Emergency department Enter your zip code here Health Net identity theft Oregon Oregon Department of Transportation Palo Alto California Personal computer PlayStation Network Providence Health & Services Social Security number Stanford Hospital and Clinics United States Department of Health and Human Services Website

Personal data of psychology patients and unemployed Oregon residents stolen in multiple car robberies

August 19th, 2010

: Data Breach at Oregon

Personal data of thousands of Portland, Oregon psychology students and unemployed residents was stolen in two car burglaries last week. About 4,000 Portland, Ore. psychology patients and 2,900 unemployed state residents will be affected by this data breach.

A laptop containing patient names, Social Security numbers and diagnoses was stolen from the car of Oregon psychologist David Gostnell during the weekend of Aug. 6. The stolen laptop did not have any data security or encryption software installed.

In another incident, a data storage device containing the names and Social Security numbers of unemployed residents of Multnomah County in Oregon was stolen from the car of a Portland Community College (PCC) employee on Aug. 5.

Gostnell runs a private practice in northeast Portland and works at Oregon Health & Science University. Only the records from patients he privately treated were stolen. Though his laptop was password protected, but a disc left in the CD drive contained a partial backup of the hard drive, including sensitive patient information. His briefcase, which contained patient evaluation records, was also stolen. All of those records were recovered in a nearby trash bin shortly after the theft.

Individuals who were privately treated by Gostnell can call (877) 461-7657, if they have questions about the matter.

Meanwhile, in the PCC related incident, a flash drive was stolen that contained the personal information of participants in the Oregon Food Stamp Employment Transition Program, which is operated at PCC and provides support and job-hunting skills for unemployed Oregon residents. A PCC employee who worked at multiple sites was transferring the data from one site to another when the theft occurred. The flash drive was in a bag that was stolen from the car.

Dana, the spokesman for PCC said, “There is no evidence that any name or Social Security number has been used so far”. He also added that PCC has sent letters to affected individuals and has offered them a one-year subscription for credit-protection services.

The college also has posted credit protection information online.

How to prevent data breach?

In cases of laptop theft, the insurance company may cover the hardware loss, but the data might be lost forever, or in worst cases might land in the wrong hands. Thus, data security software is required which will reduce the theft to merely that of hardware. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Source: http://www.oregonlive.com/, The Oregonian, “Car thieves get personal data on Portland psychology patients, unemployed Oregonians,” Aug. 12, 2010.

Security Briefing: August 13th (liquidmatrix.org)
GadgetTrak 3 Released – Making it Easier to Track Stolen Laptops (themactrack.com)

No comments »

Posted in Uncategorized

Tags: Multnomah County Oregon Oregon Oregonians Portland Portland Oregon security Social Security number United States

Laptop Ghost strikes at Oregon National Guard

June 22nd, 2010

A laptop which belonged to the Oregon National Guard member was stolen earlier this week forcing the military to contact all the members who might be impacted by this incident.

As per the details by the Oregon National Guard, the laptop was stolen a couple of days ago on 21st of June from a vehicle. Apparently, the laptop was being used by the guard member to do work from home.

Captain Stephen Bomar, Chief of Public Affairs for the Oregon National Guard, said in a news release, “Although this laptop is password protected, with potential exposure of individual personal information, we are doing everything possible to notify individuals about the theft” .

The Oregon National Guard and The National Guard Bureau are individually contacting service members whose sensitive information may be compromised. Legal services are also available in the event a service member needs it through the Oregon National Guard Office of the Staff Judge Advocate.

Once again the incident raises serious eyebrows about the methods adopted by large organizations to secure data, store data and encrypt sensitive and critical information.

The laptop theft incident is not new as earlier in April this year, burglars had attacked the home of Jerome Avery stealing a laptop from his house.

Visit Source story

Get Laptop Encryption now !!

While huge sums are spent on protecting internal networks from hackers, employees are walking out the front door with laptops that not only have vast quantities of data stored on them, but also have applications connecting to internal networks and protected websites.

80% of information theft results from lost or stolen equipment. 50% of network intrusions take place using credentials from lost or stolen equipment. With laptop encryption installed, none of the information or credentials would have been lost.