security breach

After 7 months Maricopa Colleges informs 2.4 million students of data breach

November 27th, 2013

It took The Maricopa County Community College District seven months to notify 2.4 million current and former students and employees that their academic or personal data were compromised in a security breach.

The district’s governing board has already approved several million dollars for repairs, and agreed to spend up to $7 million more to notify everyone who is potentially affected, said spokesman Tom Gariepy.

Gariepy said that letters will be sent to current and former students, employees and vendors of the district’s 10 colleges going back at least several years to alert them that their information could have been seen.

Among the vulnerable data were employees’ Social Security numbers, driver’s-license numbers and bank-account information, he said. Students’ academic information also may have been exposed, but not their personal information. However there is no evidence that any information actually was looked at or stolen.

Gariepy also told that the FBI notified the district that it found a website advertising personal data from the district’s information-technology system for sale. The district’s website was taken down that day and stayed down for several days before being restored in stages.

Gariepy said the district didn’t release information about the event at the time because it was investigating the extent of the exposure.

“There was a tremendous amount of data, and the forensics investigation around this was very complex. They had to look at a number of different systems and servers and databases. It would have been nice to say something earlier, but we couldn’t give anyone information until we could say it with certainty, even if it’s not conclusive” Gariepy said.

At the same time, the district was repairing its information-technology system and didn’t want to publicize that it could be vulnerable. The district has installed more firewalls and security procedures. He also said some employees in the information-technology department face disciplinary action.

“We started immediate steps to make the system secure, and it’s become progressively more secure as time has gone on,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Computer containing 3541 patients data stolen from UCSF employee’s car

September 16th, 2013

An unencrypted laptop containing the medical and personal data of more than 3,500 UC San Francisco patients was stolen from an employee’s car.

The theft, which could cost the university hundreds of thousands of dollars in fines, is just the latest in a series of IT security breaches in recent years that have cost the institution millions.

The computer belonged to a Medical Center employee who works in the Division of Transplantation, according to the school. The name of the employee was not released.

The 3,541 patients affected by the theft were notified via letter that some of their medical data was on the stolen laptop. The data include names, dates of birth, some health information and medical record numbers. In some cases, the information included Social Security numbers. Paper documents containing medical data of 31 patients also were taken.

The letter, which the university was required to file with the state Attorney General’s Office, also gave patients a number to a special hotline set up to assist them and a year of free credit monitoring. UCSF also reported the incident to the California Department of Public Health and federal authorities.

In addition to fines related to losing the data, UCSF may face fines for failing to report the security breach within five business days, according to the agency.

UCSF did not determine specifically what kind of information was on the computer according to the notification letter.

In the past few years, a handful of similar security breaches have occurred at UCSF.

Most recently, in 2010 another laptop was stolen from an employee. It contained data from 4,310 patients. In 2009, a phishing scam gave hackers access to the medical data of 600 patients. In 2008, another security breach occurred involving information for 2,625 patients. And in 2007, university IT teams caught a hacker in the act.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Hackers sentenced to time in prison

June 9th, 2013

LulzSec member Cody Kretsinger will spend one year in prison for his role in breaching the defenses of Sony Pictures Entertainment servers.

The hacker pleaded guilty in April 2012 to one count of conspiracy and one count of unauthorized impairment of a protected computer, according to Reuters.

Kretsinger — also known as “Recursion,” — is part of LulzSec, an offshoot group from hacktivist collective Anonymous. LulzSec first came to attention in 2011, after a number of pranks including hacking The Sun’s website to proclaim that Rupert Murdoch was dead entered the spotlight, as well as the group’s role in coming to the defense of whistleblower website WikiLeaks. However, these pranks later turned into Sony’s worst nightmare — as the group stole the credentials and information of over 70 million user accounts of both PlayStation Network and Sony Online members.

This security breach led to Sony closing down the network for a month. The Information Commissioner’s Office (ICO) in the U.K. later fined the firm £250,000 for what it considered a “serious breach of the Data Protection Act” for not keeping customer data adequately protected. Prosecutors say that the network breach cost Sony over $600,000 in damages.

The 25 year-old has been ordered by a U.S. district judge in Los Angeles to serve 12 months before performing 1,000 hours of community service upon release. Although prosecutors refused to say whether the hacker was co-operating with authorities in return for a softer sentence, a leading member of Anonymous, “Sabu,” in reality Hector Xavier Monsegur, has pleaded guilty to similar charges and offered the FBI information on other hackers.

Three other members of LulzSec — Ryan Ackroyd, Jake Davis, and Mustafa al-Bassam — all pleaded guilty to a computer hacking-related charge at Southwark Crown Court in London. Between them, the hackers admitted to trying to hack into various websites related to Nintendo and Sony, as well as plotting to take down law enforcement agency websites based in the U.S. and United Kingdom.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Suspect arrested for ‘biggest cyberattack in history’

June 7th, 2013

A Dutch national suspected as the mastermind behind the largest DDoS attack ever recorded has been arrested in Spain.

The Associated Press reports that 35 year-old Sven Kamphuis, identified by The New York Times, was arrested Thursday in a city 22 miles north of Barcelona.

Originally from the Dutch city of Alkmaar, the hacking suspect operated from a mobile bunker — a van “equipped with various antennas to scan frequencies” and able to break into networks anywhere in the country. An Interior Ministry statement said that Kamphuis was able to use his “mobile computing office” to coordinate cyberattacks and speak with media before being arrested by Spanish police on the basis of a European arrest warrant issued by the Dutch. German, Dutch, British and U.S. forces all took part in the investigation.

Kamphuis runs Internet service provider CB3ROB and web hosting firm CyberBunker, which has hosted websites including the Pirate Bay and WikiLeaks in the past. The Interior Ministry’s statement says that the accused called himself a spokesperson and diplomat belonging to the “Telecommunications and Foreign Affairs Ministry of the Republic of Cyberbunker.”

The alleged hacker is accused of launching an attack against anti-spam watchdog group Spamhaus. A 300Gbps distributed denial-of-service sent the non-profit into disarray, taking down the agency’s website and forcing Spamhaus to turn to Cloudflare for assistance. According to the cloud services provider, the majority of the attack was traffic sent using a technique called DNS (domain name system) reflection. Usually, DNS resolves wait for a user request, but if the source address is forged, then requests may be “bounced” off different servers, amplifying the amount of traffic a domain name has to cope with and exploiting vulnerabilities in the Internet’s DNS infrastructure. Most cyberattacks tend to peak at 100 billion bits a second, which a third of what Spamhaus and Cloudflare is had to cope with.

The attack on DNS infrastructure resulted in lower speeds for Internet users worldwide.

The attack against Spamhaus — which is known for blocking fake good advertising and preventing it from reaching our email addresses — was one in a list of major DDoS campaigns thought to be masterminded by the Dutch national.

Kamphuis has denied any role in the attack, calling himself simply a “spokesperson” for one of the loose groups established to take down Spamhaus. However, according to the NYT, the alleged hacker used his Facebook page to proactively look for supporters to attack the agency, saying “Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project ‘spamhaus.org,’ which thinks it can dictate its views on what should and should not be on the Internet.”

The hacking suspect is likely to be extradited from Spain to attend court in the Netherlands.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

The Cyberwar Will Not Be Streamed

May 5th, 2013

In early 2000 — ages ago in Internet time — some of the biggest names in e-commerce were brought to their knees by a brief but massive assault from a set of powerful computers hijacked by a glory-seeking young hacker. The assailant in that case, known online as Mafia boy, was a high school student from a middle-class suburban area of Canada who was quickly arrested after bragging about his role in the attacks.

It wasn’t long before the antics from novice hackers like Mafia boy were overshadowed by more discrete attacks from organized cyber criminal gangs, which began using these distributed denial-of-service (DDoS) assaults to extort money from targeted businesses. Fast-forward to today, and although vanity DDoS attacks persist, somehow elements in the news media have begun conflating them with the term “cyber war,” a vogue but still-squishy phrase that conjures notions of far more consequential, nation-state level conflicts.

If any readers have been living under a rock these last few weeks, we are referring to the activities of Anonymous, an anarchic and leaderless collection of individuals that has directed attacks against anyone who dares inhibit or besmirch the activities of Wikileaks, an organization dedicated to exposing secret government documents. To date, the Websites attacked by Anonymous include Amazon.com, EveryDNS.com, Mastercard.com, Paypal.com, and Visa.com, among others.

The websites may be attached, but you can prevent your workstation from being compromised with Alertsec Xpress.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Add Microsoft to list of hacked companies

February 15th, 2013

Updated to include Microsoft comment Security software companies must be smiling ear to ear as they read the news briefs coming off the transom. Microsoft said today that an undetermined number of computers in its Mac software business unit got infected with malware. The company said the number of infected PCs was small but that there was no indication customer data had been compromised.

In a blog post late Friday, Matt Thomlinson, who directs the company’s Trustworthy Computing Security program at Microsoft, wrote:

Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing. This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries (see our prior analysis of emerging threat trends). We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks.


Welcome to the new normal. The escalating number of reported attacks was underscored by a recent report on malware put together by McAfee which reported that the number of trojans created to steal passwords rose about 72 percent in the last quarter.

Last week Apple said that an unknown number of Macs had been compromised, but that “there was no evidence any data left Apple.” The malware was tied back to a site targeting iPhone developers. Employee computers for Facebook and most likely dozens of other companies were also breached.

The incidents occurred roughly around the same time that The New York Times, The Wall Street Journal, and The Washington Post disclosed that outsiders had also targeted their employees’ computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta