Log in

Posts Tagged ‘privacy’

Another unfortunate coincidence for Telstra – Data breached again!

January 3rd, 2012

Heard of the same company becoming a victim of data breach twice within weeks? Well, it is certainly strange and unheard of but the recent breach at Telstra breaks the pattern! Telstra has experienced another data breach, it is yet to recover from the earlier one!

How did Telstra manage to become a victim for the second time?

The Australian reports that the breach took place Friday morning. Customer data was seen online via a spreadsheet that was deployed by one of the company’s consultants on Editgrid.com. As soon as Telstra learnt about it, the site that contained the sheet was taken down and access to Editgrid was disabled. The company admits that thousands of emails addresses, phone numbers and postal details were leaked but passwords, credit or financial information was not compromised. A total of 1500 customers were affected by this breach.

What did the spreadsheet contain?

The spreadsheet held records of BigPond clients who contacted the telco’s customer service department for technical assistance. In addition the spreadsheet contained ticket numbers and job descriptions of complaintss lodged by Telstra customers. The online file also had details of customer callbacks and information about faulty equipment. According to a Telstra spokeswoman “Our customers’ privacy is paramount and the site was disabled within an hour of Telstra being made aware of it”.

What is Telstra doing about the incident?

Telstra is reaching out to the customers and informing them about the incident. The customers will also be trained about data security.

Telstra back in news for another data breach

The earlier breach

The Privacy Commissioner is currently working on the earlier breach and now has been notified about the second one. No doubt, he is going to be a busy man. In the last breach around 80,000 customers were affected when private information was exposed through a website search tool. Passwords had gotten exposed and Telstra had to reset all of them. Mr Pilgrim, the commissioner, had to look into Sony PlayStation and Vodafone’s major breaches.

Customer data was seen online via a spreadsheet that was deployed by one of the company’s consultants. As soon as Telstra learnt about it, the site that contained the sheet was taken down. The company admits that thousands of emails addresses, phone numbers and postal details were leaked but passwords, credit or financial information was not compromised. A total of 1500 customers were affected by this breach.

As per the latest update, Telstra customers have not yet been contacted about this latest breach. No wonder they are angry and are waiting to hear from the company.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: AlertSec Xpress BigPond Customer Customer service data breach data security EditGrid laptop privacy Privacy Commissioner of Canada Spreadsheet Telstra

ICO wants to maintain location privacy so that data is not misused

December 13th, 2011

Most of our posts have been concentrating on data breach and laptop theft. This one talks in particular about strengthening data security laws which is the need of the hour, especially for private firms.

The recently held conference called ‘A fine balance 2011: location and cyber privacy in the digital age’ focused on maintaining data privacy just when smart phones, credit cards and other devices are tracking user locations.

Here is what Jonathan Bamford, the head of strategic liaison from the Information Commissioner’s Office (ICO), had to say”"We need to inspire public trust into the way information is issued. What do we do as a regulatory option?” “There is no doubt that human activities have a geographic component and some may be more sensitive than others. Your phone is with you all the time so anything that relates to a smartphone can be very powerful in terms of how I live my life.”

It si very important to manage location data carefully, especially those who develop operating systems and applications. Bamford further adds”"People who develop applications have a series of obligations as do those who create the operating systems. Everybody has a role to play.” “If location data is obtained how long do you retain it for? You can build up a picture of how I live my life if you retain it too long.”

Bamford also explained ICO’s role in data security, especially in terms of audit inspections of govt organizations. Currently the general public is under the impression that the information that they fill up on any website is completely secure. They need to carry this impression for long hence data security is of utmost importance. The people also need to know exactly what is being done about their data and where it is sent. This is where location based services come in. All advertisers want your zip code. A zip code allows a advertiser/provider to get more insight into your life. Companies are getting closer to you with technologies like iPhone.

It is time that the ICO keeps a tab over private sector as well. These private companies are using location based services and getting private data of customers. There is a very high chance of this data getting misused. Currently the ICO can only monitor govt bodies. Companies like Facebook, Google and Groupon are a potential threat to privacy. To add oil to the fire, the development of IPv6 networks could be even more threatening as it will be able to access more private data.

According to Richard Hollis, US group of Info systems audit and control association “As we match the physical world to the virtual world, by placing items such as fridges or even your car keys on the internet, firms could have even more access to your data, your location and your life”.

Use Alertsec

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Use Alertsec
Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption

ICO wants to inspect private firms for data security issues

.

No comments »

Posted in Computer security, Lawsuits and settlements, computer security software, data breach

Tags: Check Point Credit card data breach data security disk encryption ICO Information Commissioner Information Commissioners Office Information privacy IPhone Operating system privacy Richard Hollis security

Telstra closes down BigPond site after security breach

December 11th, 2011

Data breach in Australia – We are bringing you the latest report on Telstra breach, so read on.

Telstra’s customer self-service site, BigPond, was shut down after it disclosed private customer data to the public. Apparently a customer was easily able to bypass the front-page security of the BigPond self-help site and access data of other customers. The page that this user saw had Telstra bundled products. In addition, the user could access telephone numbers, users’ names, address broadband packages, technician visits and login-Password information.

The exact damage is not known as yet because Telstra immediately closed down its customer self-service site. To get into more technical details, the site is not directly hosted on a Telstra domain: it’s a cloud-based service on the custhelp.com domain operated by RightNow Technologies that is currently in the process of becoming a part of Oracle.

As of now Telstra’s BigPond POP and SMTP servers are offline. This is obviously a precautionary measure. Telstra is trying to get in touch with its customers to inform about the breach and maintain transparency. The case is under investigation and a complete report is expected by January. To be on the safer side, Telstra issued a blanket password reset against the addresses of around 60,000 customers whose passwords were compromised.

Details

The data that was exposed was in a search page, “Telstra Bundles request search”, that was only supposed to be accessed by Telstra customer service agents. Luckily or unluckily the user who was a member of the community broadband forum Whirlpool got on this page and realized he was accessing unauthorized data. Rumors is doing the rounds that credit check details have also been exposed but this piece of information has not been confirmed by Telstra as yet. According to a Telstra Spokesperson “We are unsure at this stage, it appears to be limited to bundled customers but we don’t know how man”.

According to Telstra’s 2011 annual report 659,000 new product bundles were sold in the year to June 30, 2011.

The Federal Privacy Commissioner is holding a complete investigation of the case and needless to say holds Telstra completely responsible for the breach. Mr Pilgrim, the Privacy commissioner, said “I have opened a formal investigation into the Telstra data breach.” ”I have asked that Telstra also provide me with a detailed written report on the incident, including how it occurred, what information, if any, was compromised and what steps they have taken to prevent a re occurrence.

Customers are obviously very angry because their businesses depend on this website. They are venting out their anger on Twitter as per the recent tweets. A few have threatened to leave the network if things don’t get back on track soon.

Leaks can be avoided by installing Alertsec encryption service

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops. Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Data breach at Telstra, customer data exposed

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Australia BigPond Customer E-commerce payment system Password privacy RightNow Technologies Telstra User (computing) Whirlpool

Facebook in trouble over privacy breach

November 3rd, 2011

Image representing Facebook as depicted in Cru...

Hamburg's Data Protection Authority (DPA) awaits explanation regarding privacy breach

In short

Facebook is in soup because of a new breach of German privacy laws. Apparently it has been using “cookies” to track account holders even after they’ve cancelled their accounts.

The news in detail

According to Johannes Caspar, head of Hamburg’s Data Protection Authority (DPA) has given a detailed report showing how Facebook uses cookies to record browsing behavior. The agency further added that Facebook had no need to leave those cookies some of which have been there for about two years. “Our investigation gave no reason for the setting of cookies,” he said. He further added that Facebook is yet to come up with a good reason for doing this.

This ‘cookies’ issue is not new really. Facebook has been interrogated regarding this before. The Electronic Privacy Information Center and nine more public interest groups sent a letter in late September to the Federal Trade Commission asking them to investigate Facebook’s alleged tracking activity.

The company’s stand has been that even though cookies remain on the computer, they do not store any personal identification. Facebook further adds that these cookies are maintained for security purposes like spamming. This practise also discourages minors from creating an account.

The Data Protection Authority wants to tackle one more problem

Facebook is yet to explain to the DPA about its facial-recognition feature. The feature automatically identifies a person’s friends and suggests their name. As per the users should be made aware and their permission taken before the systems store and study their faces to enable the feature. FB has a Monday deadline to respond to DPA’s query. European Union regulators will be looking into privacy violations in this facial-recognition feature.

Statement made by Facebook

“Facebook does not track users across the web,” it said in a statement. “Instead, we use cookies on social plugins to personalize content (e.g. Show you what your friends liked), to help maintain and improve what we do (e.g. Measure click-through rate), or for safety and security (e.g. Keeping underage kids from trying to signup with a different age).

“No information we receive when you see a social plugins is used to target ads, we delete or anonymise this information within 90 days, and we never sell your information.”

What does FB plan to do next?

Facebook has agreed to give the DPA a technical explanation about the cookies use. Facebook is of the opinion that unless and until the DPA hears out the explanation, conclusions should not be drawn.

Data Security is very important in today’s data vulnerable world. Use Alertsec encryption service

Every organization has to have a data security policy in place. This news emphasizes the need for protecting private data. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing mode.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Cookie Data Protection Authority DPA Electronic Privacy Information Center EuropeanUnion Facebook Federal Trade Commission Hamburg HTTP cookie Information privacy Johannes Caspar privacy

Personal details of Westfield Bondi Junction exposed in Data Breach

August 14th, 2010

The personal details of people that shop at Westfield Bondi Junction have been exposed on the Internet, following a direct marketing email mishap on Monday night, the 9^th of August.

Westfield has already notified the subscribers to its mailing list stating that customer details were visible on the web for eight hours. In a note sent to customers, Westfield said it experienced a “technical problem” with a link in an email newsletter sent to subscribers, asking them to update their contact details.

“As a consequence, the personal information of people who updated their details between 6.18pm on Monday 9 August 2010 and 2.30am on Tuesday 10 August 2010 may have been able to be viewed by other subscribers clicking on the link during that time,” the note stated.

The shopping giant also claimed that within three hours of the newsletter being sent, its staff was made aware of the problem and the issue was resolved by 2.30 am on Tuesday.

According to the company’s privacy policy, Westfield would usually collect only the names and email addresses of subscribers, and the owners of shopping centers it builds or leases. It also collects domain information and IP addresses, and logs user’s browsing behavior whilst on the Westfield site. Their privacy policy also mentions that its customer database “is protected by a firewall as well as host-based security.

Westfield remained unavailable for comment when it was approached to reveal how many customer records were exposed and the nature of personal information contained within them.

“The data is not transmitted over the Internet once it has been stored in the database. If Westfield ever has a requirement to transmit the data over the Internet (For example, to make an off-site backup) it will be in encrypted form. The electronic environments are real-time monitored by Westfield and a third party specialist security monitoring company”, the privacy policy states.

Westfield described this matter as a ”one off occurrence due to a technical problem which has now been remedied and will not occur again.

“However, you should be aware that any personal information you uploaded during this period may have been viewed during this time,” the shopping giant told customers. ”If you receive any unusual emails, telephone calls or other communications you should treat these with caution.”

Currently there is no formal data breach notification requirement in place under Australian law that would require Westfield to notify its customers, but the Australian Law Reform Commission expressed a desire for the Federal Government to introduce such a law in a report released two years ago. In its absence, Australia’s privacy commission has sought organizations to create a voluntary code to self-regulate.

Secure your organization with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

For security and technology observations, consider following us on Twitter.