Zappos center in Kentucky

You love shopping online, don’t you? It is easy, less time consuming and you can do it in your Pajamas ! No need to drive in the middle of the night to shop and waste a gallon of gas! Just a click of a button and your gift is at your door-step.

Hang on! The ‘easy’ shopping just got ‘difficult’ because you entered your credit card details online and now they are vulnerable. You thought they were secure but think again.

The recent hacking case of Zappos, Amazon’s shoe retailer, puts doubts in your mind about online shopping.

The news in detail

Stratfor Inc hacked and credit card data stolen

Anonymous has always been in the news for data hacking and just when we were wondering what they were up to, they are here! This time they have been successful in breaching data of the security Think-Tank Strategic Forecating  Inc, based out of Austin.

The details

The group managed to hack into  Stratfor’s web site and get data  about the company’s corporate subscribers. This resulted in the website being closed down temporarily. Anonymous was proud to announce that they stole passwords, credit card details, and home addresses of about 4,000 people on Stratfor’s private client list. Their plan was to use the credit card information to make fraudulent donations to charities. The hackers described the data on Pastebin, then provided several links to websites hosting the information. According to them some 50,000 of the e-mail addresses released end in “.mil” or “.gov.”

Strangely enough, some representatives of the Anonymous group denied complete responsibility of the attacks.  According to an Anonymous spokesman  “it does not attack media sources.” The organization has been known for its hacks on Sony’s PlayStation services, the Church of Scientology, as well as companies, banks, and organizations  that supported WikiLeaks.

What business is  Stratfor into?

The company offers its clients like the U.S. Air Force, the Miami Police Department, and Apple, high-quality economic, political, and even military analysis to clients, delivered daily via email, video, and the Web.

After the hack

Stratfor is offering a free one-year subscription to an identity protection service to those affected. Stratfor’s CEO, George Friedman confirmed on the company’s Facebook page on Monday that the hack disclosed the names of some corporate subscribers along with personal and credit card data.

Barrett Brown, spokesman for Anonymous said “This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade,”. “Many of those contacts work for major corporations within the intelligence and military contracting sectors, government agencies and other institutions.”

Stratfor’s chief George Friedman’s statement

High profile attacks are making the rounds and security agencies are scrambling to get the security policies of such companies in place. Stratfor’s website is under repair as of today and will take some time before it gets back in shape.

Alertsec equips firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

The recently held conference called ‘A fine balance 2011: location and cyber privacy in the digital age’ focused on maintaining data privacy just when smart phones, credit cards and other devices are tracking user locations.

Here is what Jonathan Bamford, the head of strategic liaison from the Information Commissioner’s Office (ICO), had to say”"We need to inspire public trust into the way information is issued. What do we do as a regulatory option?” “There is no doubt that human activities have a geographic component and some may be more sensitive than others. Your phone is with you all the time so anything that relates to a smartphone can be very powerful in terms of how I live my life.”

It si very important to manage location data carefully, especially those who develop operating systems and applications. Bamford further adds”"People who develop applications have a series of obligations as do those who create the operating systems. Everybody has a role to play.” “If location data is obtained how long do you retain it for? You can build up a picture of how I live my life if you retain it too long.”

Bamford also explained ICO’s role in data security, especially in terms of audit inspections of govt organizations. Currently the general public is under the impression that the information that they fill up on any website is completely secure. They need to carry this impression for long hence data security is of utmost importance. The people also need to know exactly what is being done about their data and where it is sent. This is where location based services come in. All advertisers want your zip code. A zip code allows a advertiser/provider to get more insight into your life. Companies are getting closer to you with technologies like iPhone.

It is time that the ICO keeps a tab over private sector as well. These private companies are using location based services and getting private data of customers. There is a very high chance of this data getting misused. Currently the ICO can only monitor govt bodies. Companies like Facebook, Google and Groupon are a potential threat to privacy. To add oil to the fire, the development of IPv6 networks could be even more threatening as it will be able to access more private data.

According to Richard Hollis, US group of Info systems audit and control association “As we match the physical world to the virtual world, by placing items such as fridges or even your car keys on the internet, firms could have even more access to your data, your location and your life”.

Use Alertsec
Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption

ICO wants to inspect private firms for data security issues

.

According to the Middletown police Larry A. Osborne Jr., 29,has been charged with third-degree felony theft on Nov. 9 in Middletown Municipal Court. He is accused of stealing computers since 2008. Osborne, a computer technician, was a former contractor of the Butler County Educational Service Center. The approximate value of the 400 laptops is $123,000. Osborne used to sell these computers on ebay.  He sold around 350 computers to a man in PA who had no clue that these computers were stolen property. The PA man has not been charged. The machines were either used ones or non-working.

Former school contractor stole 400 laptops

The first theft was reported on Nov. 8 where eight Apple laptop computers were stolen from the district’s warehouse, 110 Baltimore St.

The case of the missing laptops and their recovery

The York County Sheriff’s Department has succeeded in recovering 50 Apple laptop computers that were stolen from Massabesic High School this week. Where exactly were they found is not revealed as yet, only that it was a good distance away from the school.

According to Sheriff Maurice Ouellette the laptops are in good condition and had been placed inside two, large plastic tubs with covers on them at the time of recovery.

“This was stuff that kids used to study with … That’s something I take personally,” Ouellette said.

How did the thieves manage to steal these computers?

It appears that the thief or thieves pried open a window to gain entrance to the school. The thieves entered the East Building of the school and did away with the computers and a projector.

“I’ve been working for this school district for a number of years and this is certainly the largest theft of any equipment that i’ve ever experienced or that i know of”, said RSU 57 Technology Director Bob Stackpole

School staff and students were interviewed in detail by the police in hope of getting clues about the theft.

A TV viewer caught this piece of news item on TV and got in touch with the authorities. The total value of the computers was around $60,000.

Alertsec equips firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Al

Stolen Laptops from Massabesic School recovered

Aertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

According to Japanese Defense Ministry hackers have most probably accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems.

The news in detail

Mitsubishi Heavy–Japan’s largest defense contractor is best known in America for manufacturing the surface-to-air Patriot missile.–In August it found out that multiple computers were infected with a Trojan application. Further investigation showed that the information had been sent outside the company’s computer network, clearly indicating an outsider’s involvement.

The computers were located in 11 different places. Some were placed in sensitive areas like the Kobe and Nagasaki shipyards that are into submarines and destroyers constructions. A few others were located at the Nagoya facility that manufactures guided missile systems. The nuclear data that was stolen included anti-quake measures.

Mitsubishi Heavy Industries was reluctant to share this info at first. It kept the Japanese authorities in dark stating that its military information was safe and that all security measures were followed. Initially the company said that the attackers were caught early on but later contradicted their own statement saying that data had been compromised.

Statement issued by the company

“The company recently confirmed unintended transferring of some information on the company’s products and technologies between servers within the company,” said Mitsubishi Heavy in a statement. “Based on the finding, the company investigated the incident further and recognized the possibility of some data leakage from the server in question.”

Other recent military data breaches

Lockheed Martin, which manufactures the F-22 Raptor and F-35 Lightning II fighter aircraft, was a victim of military data theft recently. The Lockheed hack was done by using information stolen earlier from RSA Security. RSA is the branch of EMC that produces the SecurID two-factor authentication token used by thousands of contractors and corporations to secure their networks.

What are the Tokyo Police doing about it?

Mitsubishi Heavy has given a complaint to the Tokyo Metropolitan Police Department with details about damage done to its computer system in late September. The police are looking into computer records to find out the source of the data.

Protect your confidential data with Alertsec

Alertsec Xpress offers a customizable data encryption software solution from Checkpoint, the industry leader in encryption software (former Pointsec). Alertsec has come up with a web based encryption service that helps in deployment and management of PC encryption.

The need of a Data encryption software and recovery software is felt by big and small companies in today’s vulnerable data world. The threat could have simply been reduced to an insurance matter by a mere investment of $13/month. Certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

Another security breach at Sony's

Sony again !

After a very shocking and massive security breach, Sony locked down almost 93,000 user accounts on its online gaming and entertainment networks. A large number of unauthorized attempts were made to access these accounts.

According to Sony, a brief access to 60,000 accounts on the PlayStation Network was gained by the intruders using very large sets of sign-in Ids and passwords, similarly another 33,000 accounts on Sony Online Entertainment’s servers were also accessed by the intruders.

Sony reported through a statement that these intrusions took place from Friday to Monday and affected “less than one-tenth of 1 percent” of PSN, SEN, and SOE consumers. Even though the hackers got success in verifying the sign-in IDs and passwords, the credit card information remained safe and untouched as per the Sony report. The accounts are locked by Sony once it was confirmed that the attacks were unauthorized.

“In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks,” Sony Chief Information Security Officer Philip Reitinger said on the PlayStation blog.

The attacked accounts also “showed additional activity prior to being locked,” but that information has not been declared. “We are continuing to investigate the extent of unauthorized activity on any of these accounts,” Sony said.

Reitinger indicating about the “additional activity” said, “We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.”

The affected consumers are receiving e-mails from Sony to inform about the locked status of the account and requesting to reset the password securely.

Sony has been issuing apologies and promising secure network to all the users. Sony, one of the rulers of entertainment industry is trying hard to regain the trust of the customers.

The company is aiming to link all its gadgets to an online cloud-based network of games, movies and music that would integrate all the verticals as well as the customers’ confidence in the company. However, industry experts find such incidents of security breach threatening for Sony’s brand image that may lead to permanent brand damage.

This security attack proves a major setback to the company plans and credibility too and the industry experts are not sure about the aftermath it may cause to the company.

Alertsec protects firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users

Laptop theft causes huge data loss for Fairview and North Memorial

Travelers complained about camera thefts 10 years ago; that was replaced by camcorder thefts 5 years ago. And now it is the laptops that go missing ! A good laptop is worth a lot of money.  It is a lucrative stealing business, if you think about it.

The latest laptop incident

The theft took place on July 25 in the parking lot of a Minneapolis restaurant. The laptop belonged to an employee of Accretive Health, a firm that does work for Fairview and North Memorial hospitals.

The laptop contained sensitive data such as names, addresses and social security numbers belonging to 14,000 patients of Fairview Health Services and 2,800 patients of North Memorial Medical Center.

Fairview officials had a strict policy of laptop encryption but in this case, it was not followed or somehow missed the eye. ”The assumption was that the information was safe,” said Lois Dahl, Fairview’s information privacy director.

Other similar incidents

This is the second data theft in the Twin Cities this year in which medical data has been compromised exposing personal data of thousands of patients.

According to Harley Geiger, a lawyer for Center for Democracy and Technology in Washington, D.C. ”Events like these weaken public faith in care providers’ ability to keep digital health information confidential”. “It’s hard to argue that the issue is taken seriously enough when they keep losing unencrypted mobile devices containing the intimate medical details of thousands of people.”

What are Fairview and North Memorial doing about it?

Both the healthcare providers are sending letters informing all the affected patients about the data loss and offering free services to protect them against identity theft.

Dr. Mark Werner, one of the senior physician leaders at Fairview, said ”Obviously, we take this event seriously,” . “It’s deeply regrettable.”

Why was Accretive Health hired in the first place?

Accretive Health was hired to analyze and maintain a database of patients who may need extra care coordination. That means combing through data on thousands of patients.

Controversy about sharing patient data

Jeff Neuberger, the chief executive officer of Mid Dakota Clinic in Fargo, said he absolutely could not think of allowing an outside agency to access patient data. ”Someone might need to be fired for this one,” was what he said.

Alertsec equips firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus, laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

State of Massachusetts has seen the maximum number of data breaches in the past twenty months. Personal information of about two million Massachusetts residents i.e. one in every three people who are residents of Massachusetts, has been breached through electronic data breaches.

According to the 2007 state laws all companies doing business in Massachusetts must inform consumers and state regulators about security breaches that might result in identity theft. The list includes leaks of individual names along with sensitive data like Social Security numbers, bank account, credit card and debit card numbers. The law came into being in 2007 as a result of a 45 million hack of credit card numbers from Framingham-based retailer TJX Cos.

Martha Coakley, Attorney General, said that nearly 1,200 data breaches have been reported. Quarter of these were the result of intentional hacking.

The largest breach in the time period was the hacking of information of about 800,000 people that was lost by a vendor hired to destroy it. In addition, information on 210,000 residents entrusted to a state agency was put at risk.

These data breaches contained information from names and addresses to medical histories.

What MA residents had to say?

Daniel Paul, a courier, gets the jitters when he thinks about it. He made online purchases with his credit card but started getting charged for things he didn’t buy: his credit card had been hacked. It was a nightmare to get things back on track.

Here is what he had to say ”Just going through getting everything changed back, changed over, getting charges off your account, your credit– it was awful,” said Paul.  ”I hope I never have to go through it again.”

Mike Paquette, Chief Strategy Officer for Corero Network Security in Hudson, MA said ”In today’s internet world there are so many opportunities where information can be disclosed, as an individual, unfortunately there is very little that you can do,”said.

Consumers do have the option of suing, but it really doesn’t get them anywhere as it is very difficult to prove data theft.

Consumers must carefully keep a track of their online transactions. It is always advisable to deal with well-known companies and do your homework about the company’s info.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

.

Sensitive info papers lost from filing cabinet

Data breaches are online as well as physical

Data breaches are not restricted to online or soft copy data loss. They also include theft or loss of physical documents.

Here’s a look at a recent case of physical and digital data theft.

Scottish Children’s Reporter Administration (SCRA) breaches Data Protection Act for the second time

The Scottish Children’s Reporter Administration (SCRA) is in breach of data security related to children’s data twice in the last 6 months. The SCRA is an organization dedicated to protect children in the judicial system. The body investigates the care of Scotland’s most vulnerable children.

Details of the two breaches

In January 2011 the Scottish body sent documents containing a child’s personal data to the wrong email address. The documents carried sensitive information like child abuse related to the legal case which had the contact information of the child’s mother and witnesses.

Later, in September 2010, the body somehow lost 9 case files which contained personal data such as birth dates, names and social report. Apparently the files got lost when the filing cabinet which contained these files was moved and later sold to a second-hand furniture shop.

Mishandling of sensitive information

Ken Macdonald, assistant information commissioner for Scotland, is concerned that data had been breached twice by the same organization.

“On both occasions the personal data which was compromised related to young children and was caused by human errors that could easily have been avoided,” said Macdonald. He further added “I am pleased that the Scottish Children’s Reporter Administration has taken action to make sure that the personal information they handle is kept secure and would urge other organizations, particularly those handling sensitive information relating to young people, to follow suit,”. Fortunately both times the information was not circulated.

Information handling post breach

Neil Hunter, chief executive of the SCRA, is renewing the organization’s data protection policy and training employees about data security.

The ICO (Information Commissioner’s Office) is holding workshops related to raising awareness of data protection obligations among staff.

About ICO

The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

Security guaranteed with Alertsec Xpress

This incident highlights the need of a data security and data encryption software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Alertsec has offices in the US, UK, Sweden and operates in many other countries around the world through partners.

Its mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market