Log in

Posts Tagged ‘Personally identifiable information’

The Eircom Group admits to a major data breach – records of 7000 customers stolen

February 12th, 2012

In one of the recent posts we talked about the lurking dangers behind using laptops. This post is another example of how vulnerable mobile devices like laptops, smart phones are. There’s always a chance of them getting stolen especially when you are traveling or leave them unattended.

The Eircom Group Laptop Theft Story

The company admitted on Friday that 3 of its laptops were stolen. 2 from Eircom’s offices at Parkwest in Dublin between December 28, 2011 to January 2, 2012. The third was stolen from an employee’s residence on December 19. It goes without saying that data on all these machines was not encrypted.

More than 6,845 eMobile and Meteor customers, as well as 686 employees have lost their data.

EIRCOM’s statement

“The data at risk for the vast majority of customers is personal data including names, addresses and telephone numbers. There is a small group of approximately 146 customers where financial data including bank account details may be at risk.

“Separately, there is also a risk to data held within 404 Meteor customers. The data specifically concerns post-pay customers who applied online between January and July 2011.

“The personal data at risk includes details such as an applicant’s name, address, and telephone numbers as well as a range of documentation used to support a customer application such as passport and drivers licence details, various photo ids or utility bills which all may have been used to establish proof of identity.

“In some cases financial data such as bank account, laser or credit card details is also at risk.”

Due to this theft, the company’s policy is under the scanner. As of now it is not known if the stolen data has been misused in any way. According to Data Commissioner Billy Hawkes this is one of the most serious breaches so far. The other concern expressed by the commissioner is that Eircom was late in informing its customers about the breach. “Encryption of laptops where you do permit personal data to be stored on them is bog-standard security so it’s extremely surprising that in two separate incidents Eircom laptops were not encrypted,” Mr Hawkes said.

Precautionary steps being taken by Eircom

“More than 20 customer care agents and account managers have initiated a contact programme to telephone all 550 customers whose financial data may be at risk.

“The agents will notify the customers of the risk and inform them of the specific data involved. They will also answer any questions or concerns they may have. In addition, all impacted customers will be notified by letter.

“As a precautionary step, we have contacted the Irish Banking Federation, who has notified their members of the potential risk to data for affected eMobile and Meteor customers.”

The number 1 laptop encryption service – Alertsec

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now Powered by Check Point Full Disk Encryption

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Check Point Customer data breach disk encryption Dublin Eircom Encryption Friday Irish Banking Federation laptop Personally identifiable information Theft

ICO issues Midlothian Council record fine of £140,000 for disclosing sensitive personal data

February 4th, 2012

Midlothian Council pays hefty fine for data breach

ICO is leaving no stone un-turned to punish data breach culprits. It is levying fines to those who compromised private data, especially children’s sensitive data.

Recently the council fined the Midlothian Council a record fine of £140,000 for disclosing sensitive child data. And we are not talking here about just one breach. There were 5 breaches between Jan and June 2011.

The case in detail

Breach 1 – This happened when documents related to the status of a foster carer were sent to seven healthcare professionals, who had no reason to see this data.

This particular incident took place in January 2011 and details came to light only in March when the council started to investigate. In spite of the investigation similar incidents took place in May and June.

Breach 2 – Minutes of a child protection conference were sent by mistake to the former address of the mother’s partner, where they were opened and read by an unauthorized individual. The documents contained personal data about the mother, who made a complaint to her social worker about this case.

Assistant Commissioner for Scotland Ken Macdonald said “the serious upset that these breaches would have caused to the children’s families is obvious and it is extremely concerning that this happened five times in as many months.’

“I hope this penalty acts as a reminder to all organizations across Scotland and the rest of the UK to ensure that the personal information they handle is kept secure.”

He further added that information about children’s care, details about their health and wellbeing, is the most sensitive information that is held by local authorities. It goes without saying that this information has to be protected and that strict policies are to be chalked out and followed.

The ICO’s investigation

According to the ICO all five breaches could have been avoided if the council had been strict about protection policies, training and had put checks in place. It has further ordered the council to take action to keep the personal data secure.

Since the incidents the council has recovered all of the information that was sent to the wrong recipients and is updating its security policies.

What the the ICO chiefly wants is that the government should give itstronger powers to audit local councils’ data protection compliance, if necessary without consent.

NHS bodies across the UK want the same kind of powers in light of the recent data protection breaches.

Midlothian Council comments:

Colin Anderson, chief social work officer for Midlothian Council, commented: “As soon as the council discovered the problem, it investigated and found eight letters or documents had been sent to the wrong recipients, for which the council is sincerely sorry.

“The council immediately took steps to retrieve the information, or have it destroyed, and voluntarily reported ourselves to the information commissioner. I must emphasise that there is no evidence that anyone was put at risk.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: AlertSec Xpress BigPond business Check Point data breach data security ICO Information privacy Ken Macdonald Midlothian Council Personally identifiable information Social Security number Telstra Theft

Around 1000 patients of Lexington Clinic lose data because of Laptop theft

January 31st, 2012

Seal of the United States Federal Trade Commis...

The Federal State Commission issues data protection guidelines. Lexington Clinic suffers data breach

We have mentioned this before and are reiterating – Medical data is very very vulnerable. Most data breach and laptop stealing cases are related to Medical data. We have covered so many posts related to medical data breach that they have almost become a routine now! It is as if Medical data simply cannot be secured. Is the data security world listening? It is so very important to protect data, especially patient data.

Breaking news: Today’s post highlights the vulnerability of medical data breach and laptop thefts.

Lexington Clinic Laptop Theft

According to the Lexington clinic the laptop was atolen last month from the neurology department in the Saint Joseph office park on Harrodsburg Road.

The clinic further adds that the laptop contained patients’ names and some medical information. Fortunately it did not contain Social Security, credit card, or bank account numbers. A total of 1,018 patients lost their private data.

Letters are being sent to the affected parties.

The moment Lexington Clinic found out about the theft, it informed the police and all door locks to the neurology department were urgently changed. Lexington Clinic is currently working with the St. Joseph security officials to ascertain the security of offices located in the St. Joseph Office Park.

Note for Lexington Clinic patients – In case you have been or currently are a patient of the Lexington Clinic Neurology Department, and if you have not received a letter about this theft then it is safe to assume that your data was not on the stolen laptop. So far there is no proof that any of the stolen data has been misused.

The Federal Trade Commission is requesting everyone to take steps to protect information:

Beware of signs of identity theft, such as:

• Bank Accounts you didn’t open and debts on your accounts that you are not aware of

• Wrong information on your credit reports, including accounts and personal information, such as your Social Security number, address(es), name or initials and employers.

• In case you do not receive your bills on time, follow-up with your creditors.

• Receiving credit cards that you didn’t apply for.

• Being denied credit or being offered less favorable credit terms. If it is too good, then it is not true

• Receiving calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.

About Lexington Clinic – It is Central Kentucky’s oldest and largest group practice, with more than 200 providers offering primary and specialty care services. Founded in 1920, Lexington Clinic offers more than 30 specialties and operates offices in more than 25 locations throughout Central and Eastern Kentucky.

Source: LexingtonClinic.com

Alertsec secures your Laptops

3 easy steps to encrypt your data with Alertsec

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption, laptop theft

Tags: Central Kentucky data breach data security Federal Trade Commission Information Commissioners Office Information privacy laptop Medicine Personally identifiable information Saint Joseph Social Security number Theft

Univ. of Hawaii settles data breach lawsuit

January 29th, 2012

Companies cannot just get away with data breaches. They are answerable to customers and have to compensate. Customers generally file lawsuits when their demands are not met and where private data is stolen.

The following news report is making headlines

The University of Hawaii has agreed to provide two years of credit protection services to settle a class-action lawsuit that involved data breaches that took place between 2009 and 2011

Seal of the University of Hawai i System

UOH settles data breach lawsuit

wherein 100,000 students, faculty, alumni and staff between 2009 and 2011, officials and attorneys were involved. This was announced last Thursday.

Apparently the university has denied liability for the breaches. Its spokesperson said it will settle the case by providing two years of credit monitoring and credit restoration services to members who request it. According to the university spokesperson it will continue to “work diligently so that the chance of future data breaches is significantly reduced.”

Data breach details

There were five data breaches in all. It also included the one that took place in 2009 where Social Security numbers, grades and other personal data were posted online for almost a year before being removed from the website. According to University officials a faculty member uploaded files containing the information to an unprotected server, exposing the names, academic performance, disabilities and other information of more than 40,000 students who attended the flagship Manoa campus from 1990 to 1998 and in 2001, by mistake.

Breaches also took place at the West Oahu campus, Kapiolani Community College and Honolulu Community College.

The University’s statement ”We are pleased to settle this case by providing two years of credit monitoring and credit restoration services to those class members who request it. The University continues to work diligently so that the chance of future data breaches is significantly reduced. Given the uncertainties and expense of litigation, the University believes this settlement is in the best interests of the University and its entire ‘ohana.”

The attorneys, Bruce Sherman and Thomas Grande who are representing the class, said

“We have researched more than forty (40) data breaches at colleges and universities across the country. In almost every instance, two years of credit monitoring and fraud restoration were offered to data breach victims,” said Bruce Sherman, one of the attorneys representing the class. “Offering two years of credit monitoring and fraud restoration services to breach victims should be the standard response by any breaching entity in Hawai’i, including government agencies,” Sherman noted.

“The settlement is significant for several reasons,” said Thomas Grande, who also represents the class. “This settlement is the first data breach settlement in Hawai’i and affects almost 100,000 persons,” Grande noted.

“Credit monitoring provides for continuous checking by a credit agency of a class member’s credit file. If there is suspicious activity, the class member is notified immediately and is given assistance to resolve the problem,” Sherman said.

“Credit monitoring services may cost as much as $5 to $15 per month if purchased individually. We are extremely pleased that the University has negotiated a settlement package that provides these services to every class member who wants them,” Grande said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Credit report monitoring data breach Honolulu Community College Information privacy Kapiolani Community College Manoa Personally identifiable information Social Security number University of Hawaii

The European Union to revamp data-protection rules that will control information flow

January 24th, 2012

Europe has been struggling for stricter data breach laws for a long time. The recent data thefts have pushed the EU to make tough rules as regards data breaches and data security. This certainly is the need of the hour, not only in Europe but all over the world as data breaches are on the rise and hackers are taking advantage of the loopholes in the system.

EU Justice Commissioner Viviane Reding talks about introducing new data protection regulations

The European Union is in the process of proposing new regulations regarding how companies use the personal information of Internet users this week. The new regulations are going to have a major impact on companies like Google and Facebook. This is going to put stricter limits on how they use the information of the people that use their services. According to Viciane Reading, vice president of the European Commission, a branch of the EU, these new regulations are absolutely required to protect personal data of the users and rebuild a sense of confidence in them.

The current state of security laws in Europe:

At present there are conflicting laws from various countries that form the Union. These laws force the companies to collect data on consumers from the Internet. Companies who do not follow any regulations are becoming a victiom of data breach and are always at loggerheads with the governments. For e.g. Facebook, has been in the limelight as it was targeted by both U.S. and European regulators for the wayt they use user data. The company underwent 20 years of independent audits after the U.S. Federal Trade Commission proved that the company’s use of customer information was illegal.

What data privacy means for consumers?

Privacy is a major concern for today’s insurance industry. The more transactions we carry out online, the more we stand to risk of becoming a target of cyber crime. Data Breaches puts information of millions of consumers at risk and that means monetary losses for companies and insurance groups.

What will the new rules exactly do?

The new rules will make it compulsory for financial services firms and credit card processors to report incidents of lost or stolen data within 24 hours of a breach. These rules are set to come into effect today. The companies must, as per new rules, appoint a data protection officer to preside over the protection of personal data stored and processed by individual businesses.

EU Justice Commissioner Viviane Reding’s comment

“I want to explicitly clarify that people shall have the right – and not only the ‘possibility’ – to withdraw their consent to the processing of the personal data they have given out themselves,” says Reding. “If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.” ”Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay,” adds Reding. “As a general rule, without undue delay means for me ‘within 24 hours’.”

Data security with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security. There are no short cuts to Data security in any organization. Alertsec offers ervice that includes more than the traditional software licensing model.