Log in

Posts Tagged ‘security breach’

Fine Gael website has been Hacked and Personal Data of 2,000 Supporters were Breached

January 18th, 2011

When you are talking about data in IT organizations hacking attacks will continue to thrive. Again in any professional organization, the tendency of such kinds of attacks happening in real-time is very common. Through the medium of this blog, we’ve been highlighting several breach incidents which present strong warnings for organizations to enhance their mechanisms for the protection against data loss incidents. One such way of ensuring the data security is through the use of data encryption software.

Today we are going to talk about Fine Gael, a political party portal and how it became the latest victim of data breach incident.

Fine Gael website Hacked by an “Anonymous” Group

Fine Gael party leader Enda Kenny

As we mentioned above, Fine Gael is the new website of an Irish political party. It has been hacked by “Anonymous”, an online hacking group. The website was launched last week and the reason of launching was to invite members of the public to share their views on policy and the future of Ireland.

Fine Gael has been formed in 1933 and considered as the moderate political party. On Tuesday Party replaced its old website finegael.ie with the new website finegael2011.com. This site has been hosted by the American internet firm ElectionMall Technologies which is a US firm.

Personal Data of Around 2000 Supporters were Revealed

So how does it feel to be among those whose data is revealed? Exactly this is what happened to the supporters of Fine Gael. The hacking incident had an impact on the personal data of around 2000 supporters. Irish Central reported that the number of affected is believed to increase to 4,000. This attack took place on Sunday and immediately after the attack website was forced offline. The hacker was forwarded the personal details file to media organizations. This file was containing the IP addresses, phone numbers and e-mail addresses of approximate 2000 people.

Why the New Hosted Website was Hacked

According to the attackers, the site was hacked because comments submitted to the site by users were being censored and forwarded around 2,000 members’ details with the claim that the party was censoring comments from the public. Hackers posted a message on the Fine Gael website after removing the message posted by them. The posted message was “Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. Wake up!”

A spokesperson for Fine Gael said the attack was “assumed to be by Anonymous”, but “the link is yet to be proven”.

This online “Anonymous” Group is best known for its attack on websites and has been also tried to bring down several payment sites including Mastercard.com and Visa recently to block the payments to Wikileaks.

Action Taken By the Party

As a follow-up activity, party has informed the people, whose data has been compromised by an email about the breach. Also warned them that the hacked data was included their personal details like names, email addresses, constituency details and phone numbers. Fine Gael contacted to the data protection commissioner “Billy Hawkes” who is investigating this case and also contacted the Garda Computer Crime Unit in relation to the attack. The FBI has also involved in this case after ElectionMall contacted the US police.

According to Hawkes, party suspects that the personal data of those who posted comments or registered their details has been compromised. In a statement party said the website will be offline “while we follow-up with the appropriate authorities to resolve the matter.”

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Fine Gael website targeted by Anonymous hackers (guardian.co.uk)
Irish site ‘hacked by activists’ (bbc.co.uk)
FG site hacked in seconds – default passwords unchanged. Hacked for not buying Irish. (politics.ie)
Fine Gael’s new website appears to have been hacked (politics.ie)
Fine Gael’s website hacked (sociable.co)

1 comment »

Posted in Hackers, Uncategorized, data breach

Tags: alertsec AlertSec Xpress data data breach Data Breaches data security finegael Information Loss Ireland Political party security security breach United States Wikileaks

Security Breach at Shell Reveals Personal Employee Information

February 27th, 2010

Security breaches can happen anytime, anywhere, and can affect practically anyone in an organization. In the past, we’ve covered several examples where breaches revealed customer’s passwords and social security numbers. Today, we explore a different type of breach- one which leaked the personal details of 170,000 employees and contractors of Royal Dutch Shell. This incident is important because it provides a perfect example of how storing unencrypted data on company computers can be dangerous and have serious consequences that can strike a company from the inside.

The situation is particularly difficult for the infamous oil corporation- the database of names and personal contact details has been e-mailed to several non-governmental organizations, including Greenpeace, Friends of Earth, and Shell Guilty. Shell has attempted to prevent the NGOs from publishing the information, explaining that in doing so, they would be breaking the law. Additionally, Shell is launching a full scale investigation in an effort to figure out how their employee information ended up accessible to third-parties. While it’s difficult to guess at the techniques used by the hackers involved, one thing is clear- Shell computers aren’t protected by full disc encryption services and, as a result, are much more vulnerable to online threats.

Shell’s Information is a Serious Problem

Understandably, Shell is trying to prevent the security breach from being seen as a serious problem. An article from TimesOnline included a statement from the company:

Yesterday Shell sought to play down the leak. A statement said: ‘Certain data concerning Shell employees and other individuals on our internal address list has been disclosed to some external parties. The data is mainly business-related.’

While there may be some truth in the statement’s claims about much of the information being publicly available and not damaging the company, it’s likely that Shell’s employees feel differently. According to a report by the BBC, some of Shell’s workers had their private home telephone numbers leaked. Even if no personal telephone numbers were leaked, the breach brings attention to the poor status of computer security at Shell. Employees can’t work well knowing that their personal details aren’t well-protected. This last complication is troublesome, at least for Shell, which will need to improve the way it does business in order to reassure its employees that their private information is safe. Dealing with the aftermath of a crisis, such as Shell’s security breach, can be extremely costly and in many cases, a damaged reputation can’t ever truly be recovered, regardless of how much money is spent.

Lessons to Learn

Ironically, Shell’s security breach came at a convenient time- had Shell discovered the breach in April, a new set of laws (covered here and here) would have allowed the company to be charged fines of up to £500,000. However, even without the monetary cost, Shell lost something extremely valuable: the trust of its employees. Shell workers are much less likely to remain loyal to a company which isn’t proactive about protecting its internal information.

In order to earn and maintain the trust of its workers, a company needs to employ solutions which are easy to use and keep data secure. Had Shell been using our Alsertsec Xpress computer security software, the company may have avoided the embarrassing security breach and kept its positive reputation among employees. Our software is specifically designed to keep all business parties happy and secure- it encrypts data, making it much more challenging for the others to access it.

Further Reading
Shell investigates posting of personal data [TimesOnline]
Shell security breach reveals employee details [BBC]

1 comment »

Posted in Data Protection, Encryption, Lawsuits and settlements

Tags: business Computer security Greenpeace Non-governmental organization Royal Dutch Shell security security breach Shell

Security Updates are Signs of Insecurity

February 21st, 2010

Mainstream software providers continually add security updates to their programs. While the practice is common and ensures that end users are protected from the latest threats and exploits, it highlights a scary truth: most computer software relied on every day by businesses and individuals isn’t secure. The fact that computer programmers constantly need to provide updates is yet another reminder of just how dangerous technology can be.

Unfortunately, it’s not just specialized software which requires security updates. Microsoft’s Windows operating system is infamous for having weekly, if not daily, security upgrades. Security vulnerabilities are just as common with computer programs like Firefox and Adobe. Organizations need to be aware of the risks created by technology and invest in additional computer protection solutions.

A Security Update’s Hidden Message

It’s not unusual to log into your computer and have a security update window pop up, prompting you to install the latest version of some software. These updates, which are created by software developers, patch any recent security holes that have been discovered and upgrade the the code to be more secure. At first glance, these events seem innocent- it makes sense for software to evolve in order to always beat new threats. However, the frequency of these updates reveals a scary truth- most computer applications can be exploited by hackers and aren’t as secure as you’d like them to be.

As anyone who uses Microsoft’s Windows OS can attest to, even well-protected and reputable technologies often have mandatory security updates. The sad reality is that, in many cases, the security patch is developed only after an exploit is discovered by a cyber intruder. For example, Google’s infamous security breach revealed fatal coding errors in Microsoft’s Internet Explorer browser. In response, Microsoft rushed to release an emergency patch which fixed the problem.

Unfortunately, security patches are rarely a final solution. Software developers have to continually look for ways by which outsiders could manipulate their code to infiltrate a computer’s defenses. Sadly, in most cases, third parties end up finding the security flaws first. This is shown perfectly with Microsoft’s “quick fix” to solve the vulnerabilities in IE: a few days after the patch’s release, a security company claimed that the browser was still an easy target for hackers and full of possible exploits. Microsoft’s only response, a generic PR statement:

Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer. We’re currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to responsible disclosure. Once we’re done investigating, we will take appropriate action to help protect customers.

Additional Protection is Required

Organization that seek to protect their digital assets, which include proprietary information and customer data, can’t rely on the software they use to be impenetrable. The flow and amount of security updates show that companies need to invest in additional measures to protect their computers. Encryption software, such the Alertsec Xpress full disc encryption service we offer, adds that extra layer of security and helps defend your machine when the software you use fails.

Further Reading
Microsoft releases emergency Internet Explorer patch [The Telegraph]
Internet Explorer ‘hit with new set of security flaws’ [The Telegraph]
Image [Hall Media Blog]

No comments »

Posted in Data Protection, Encryption

Tags: Encryption Internet Explorer microsoft Patch security security breach security update security warning Vulnerability

Antivirus + Encryption = Total Security

January 17th, 2010

It’s important to understand that encryption software is very different from antivirus software. Many companies consider the two security solutions to be the same and fail to realize that they complement one another. While antivirus software is a perfect way to ensure that your computer is safe from the trojans, viruses, and rootkits, it only goes so far. Antivirus software doesn’t add an extra level of data security by encoding your hard drive. If an outsider gets their hands on a company notebook, antivirus won’t be able to prevent them from directly accessing the information stored.

A recent post from ComputerWeekly brings up a great point:

“…for as little money as it costs to install anti-virus software on your laptop, you can install encryption software, and protect your organisation not only from a data breach but also against any backlash…”‘

Companies need to understand the differences between antivirus and encryption and accept both as standards in their company’s defense. Most, if not all, data breaches or hacking attempts can be prevented and avoided by the right combination of security software.

Protecting your business is in your best interests and that’s where we step in- we provide a powerful and effective encryption method which works alongside all antivirus protection to ensure that your computer is secure. Using industry standard encryption, our software prevents unauthorized users from accessing private company information. Best of all, our software is affordable and manageable for pretty much any business. To learn more about our encryption solution, click here.

If you have any questions about how antivirus and encryption work together or would like to share an experience, leave a comment.

Further Reading
Data encryption is simple safeguard against data breaches [ComputerWeekly]

2 comments »

Posted in Data Protection, Encryption

Tags: alertsec data encryption desktop encryption software laptop security software security security breach

Losses from high-tech security breaches nearly double in 2009

October 5th, 2009

canadian-data-breach A new Canadian study from the Rotman School of Management reveals a major increase in annual losses related to Information Technology (IT) security breaches. According to this study, which surveyed more than 600 IT security professionals across the country, the costs associated with security breaches include:

IT security breaches cost the average Canadian organization an estimated $834,000 in 2009 – a 97 per cent increase from the $423,000 reported by the study last year.
Similarly, the average number of reported IT security breaches also increased 276 per cent to 11.3 per organization in 2009 – compared with an average of three in 2008.

While every type of organization incurred an increase in breach costs during 2009, the increases were different across sectors:

Government organizations more than tripled their average annual cost of breaches to $1,000,000 in 2009, up from $321,000 in 2008.
Private companies more than doubled their cost of breaches to $807,000 up from $294,000 in 2008.
Publicly traded companies reported a moderate increase of only six per cent year-over-year.

These alarming numbers bring with them a silver lining, as the increase in the number of reported cases could be attributed in part to higher detection levels due to compliance regulations. At the same time, it is a shame that IT departments are not adopting data encryption software like they should be. Even with increased reporting, proper use of tools like Alertsec could have led to a decrease is losses due to security breaches.

The study highlighted the value of IT investments in security as the top-performing respondents (those without breaches) spent at least 10 per cent of their IT expenditures on security, with the average security budget was seven per cent of the total IT spending. The study reports that Canadian organizations are finding it difficult to improve their security posture within the current economic climate – but the cost of ownership for hosted encryption services is a drop in the bucket for the millions that are spent on security.

stolen-laptop With a 56-per-cent jump in occurrences of laptop or mobile hardware devices being stolen in Canada alone, encrypting files on laptops should be so obvious a solution! File encryption is not a new technology – it’s an established technology. However, too many organization weigh security and convenience and land on the convenience side – not realizing how simple hosted encryption can be!