Log in

Posts Tagged ‘Social Security number’

ICO issues Midlothian Council record fine of £140,000 for disclosing sensitive personal data

February 4th, 2012

Midlothian Council pays hefty fine for data breach

ICO is leaving no stone un-turned to punish data breach culprits. It is levying fines to those who compromised private data, especially children’s sensitive data.

Recently the council fined the Midlothian Council a record fine of £140,000 for disclosing sensitive child data. And we are not talking here about just one breach. There were 5 breaches between Jan and June 2011.

The case in detail

Breach 1 – This happened when documents related to the status of a foster carer were sent to seven healthcare professionals, who had no reason to see this data.

This particular incident took place in January 2011 and details came to light only in March when the council started to investigate. In spite of the investigation similar incidents took place in May and June.

Breach 2 – Minutes of a child protection conference were sent by mistake to the former address of the mother’s partner, where they were opened and read by an unauthorized individual. The documents contained personal data about the mother, who made a complaint to her social worker about this case.

Assistant Commissioner for Scotland Ken Macdonald said “the serious upset that these breaches would have caused to the children’s families is obvious and it is extremely concerning that this happened five times in as many months.’

“I hope this penalty acts as a reminder to all organizations across Scotland and the rest of the UK to ensure that the personal information they handle is kept secure.”

He further added that information about children’s care, details about their health and wellbeing, is the most sensitive information that is held by local authorities. It goes without saying that this information has to be protected and that strict policies are to be chalked out and followed.

The ICO’s investigation

According to the ICO all five breaches could have been avoided if the council had been strict about protection policies, training and had put checks in place. It has further ordered the council to take action to keep the personal data secure.

Since the incidents the council has recovered all of the information that was sent to the wrong recipients and is updating its security policies.

What the the ICO chiefly wants is that the government should give itstronger powers to audit local councils’ data protection compliance, if necessary without consent.

NHS bodies across the UK want the same kind of powers in light of the recent data protection breaches.

Midlothian Council comments:

Colin Anderson, chief social work officer for Midlothian Council, commented: “As soon as the council discovered the problem, it investigated and found eight letters or documents had been sent to the wrong recipients, for which the council is sincerely sorry.

“The council immediately took steps to retrieve the information, or have it destroyed, and voluntarily reported ourselves to the information commissioner. I must emphasise that there is no evidence that anyone was put at risk.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: AlertSec Xpress BigPond business Check Point data breach data security ICO Information privacy Ken Macdonald Midlothian Council Personally identifiable information Social Security number Telstra Theft

Around 1000 patients of Lexington Clinic lose data because of Laptop theft

January 31st, 2012

Seal of the United States Federal Trade Commis...

The Federal State Commission issues data protection guidelines. Lexington Clinic suffers data breach

We have mentioned this before and are reiterating – Medical data is very very vulnerable. Most data breach and laptop stealing cases are related to Medical data. We have covered so many posts related to medical data breach that they have almost become a routine now! It is as if Medical data simply cannot be secured. Is the data security world listening? It is so very important to protect data, especially patient data.

Breaking news: Today’s post highlights the vulnerability of medical data breach and laptop thefts.

Lexington Clinic Laptop Theft

According to the Lexington clinic the laptop was atolen last month from the neurology department in the Saint Joseph office park on Harrodsburg Road.

The clinic further adds that the laptop contained patients’ names and some medical information. Fortunately it did not contain Social Security, credit card, or bank account numbers. A total of 1,018 patients lost their private data.

Letters are being sent to the affected parties.

The moment Lexington Clinic found out about the theft, it informed the police and all door locks to the neurology department were urgently changed. Lexington Clinic is currently working with the St. Joseph security officials to ascertain the security of offices located in the St. Joseph Office Park.

Note for Lexington Clinic patients – In case you have been or currently are a patient of the Lexington Clinic Neurology Department, and if you have not received a letter about this theft then it is safe to assume that your data was not on the stolen laptop. So far there is no proof that any of the stolen data has been misused.

The Federal Trade Commission is requesting everyone to take steps to protect information:

Beware of signs of identity theft, such as:

• Bank Accounts you didn’t open and debts on your accounts that you are not aware of

• Wrong information on your credit reports, including accounts and personal information, such as your Social Security number, address(es), name or initials and employers.

• In case you do not receive your bills on time, follow-up with your creditors.

• Receiving credit cards that you didn’t apply for.

• Being denied credit or being offered less favorable credit terms. If it is too good, then it is not true

• Receiving calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.

About Lexington Clinic – It is Central Kentucky’s oldest and largest group practice, with more than 200 providers offering primary and specialty care services. Founded in 1920, Lexington Clinic offers more than 30 specialties and operates offices in more than 25 locations throughout Central and Eastern Kentucky.

Source: LexingtonClinic.com

Alertsec secures your Laptops

3 easy steps to encrypt your data with Alertsec

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption, laptop theft

Tags: Central Kentucky data breach data security Federal Trade Commission Information Commissioners Office Information privacy laptop Medicine Personally identifiable information Saint Joseph Social Security number Theft

Univ. of Hawaii settles data breach lawsuit

January 29th, 2012

Companies cannot just get away with data breaches. They are answerable to customers and have to compensate. Customers generally file lawsuits when their demands are not met and where private data is stolen.

The following news report is making headlines

The University of Hawaii has agreed to provide two years of credit protection services to settle a class-action lawsuit that involved data breaches that took place between 2009 and 2011

Seal of the University of Hawai i System

UOH settles data breach lawsuit

wherein 100,000 students, faculty, alumni and staff between 2009 and 2011, officials and attorneys were involved. This was announced last Thursday.

Apparently the university has denied liability for the breaches. Its spokesperson said it will settle the case by providing two years of credit monitoring and credit restoration services to members who request it. According to the university spokesperson it will continue to “work diligently so that the chance of future data breaches is significantly reduced.”

Data breach details

There were five data breaches in all. It also included the one that took place in 2009 where Social Security numbers, grades and other personal data were posted online for almost a year before being removed from the website. According to University officials a faculty member uploaded files containing the information to an unprotected server, exposing the names, academic performance, disabilities and other information of more than 40,000 students who attended the flagship Manoa campus from 1990 to 1998 and in 2001, by mistake.

Breaches also took place at the West Oahu campus, Kapiolani Community College and Honolulu Community College.

The University’s statement ”We are pleased to settle this case by providing two years of credit monitoring and credit restoration services to those class members who request it. The University continues to work diligently so that the chance of future data breaches is significantly reduced. Given the uncertainties and expense of litigation, the University believes this settlement is in the best interests of the University and its entire ‘ohana.”

The attorneys, Bruce Sherman and Thomas Grande who are representing the class, said

“We have researched more than forty (40) data breaches at colleges and universities across the country. In almost every instance, two years of credit monitoring and fraud restoration were offered to data breach victims,” said Bruce Sherman, one of the attorneys representing the class. “Offering two years of credit monitoring and fraud restoration services to breach victims should be the standard response by any breaching entity in Hawai’i, including government agencies,” Sherman noted.

“The settlement is significant for several reasons,” said Thomas Grande, who also represents the class. “This settlement is the first data breach settlement in Hawai’i and affects almost 100,000 persons,” Grande noted.

“Credit monitoring provides for continuous checking by a credit agency of a class member’s credit file. If there is suspicious activity, the class member is notified immediately and is given assistance to resolve the problem,” Sherman said.

“Credit monitoring services may cost as much as $5 to $15 per month if purchased individually. We are extremely pleased that the University has negotiated a settlement package that provides these services to every class member who wants them,” Grande said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Credit report monitoring data breach Honolulu Community College Information privacy Kapiolani Community College Manoa Personally identifiable information Social Security number University of Hawaii

Data breach at Kansas Department on Aging

January 21st, 2012

Laptop stolen from vehicle belonging to the Kansas Dept. of Aging

Stealing valuables, especially laptops and pen-drives, are in vogue. Thieves have gotten very smart and have realized the value of laptops and mobile devices. It is very difficult to track such thefts and data thieves are getting away easily.

The above will be more clear after reading the following news story.

A laptop computer, flash drive and paper files were stolen from a locked vehicle that belonged to an employee of the Dept.on Aging, Wichita. The Kansas Department on Aging is informing clients tabout this information breach.

The theft took place on Jan. 12 at the Best Western Airport Inn, 6815 W. Kellogg. The suspects broke a rear window on a state-owned car that contained the laptop and paper files. Apparently the employee had covered the items with a blanket before getting into the hotel for safety sake.

Emerging details

The laptop contained data about department clients in Sedgwick, Harvey and Butler counties. So far the police have not been able to recover any of the items. At the same time there is no proof that the stolen information has been misused.

According to the Department on Aging no banking or driver’s license information was involved. But there is a possibility that the stolen information could have full names, addresses, Social Security and Medicaid information and other personal or protected health information. The stolen data also contained social security numbers of 100 people that were a part of the Senior Care Act program. The Department of Aging is trying to reach these people over phone to inform about the theft.

Comments by Secretary Shawn Sullivan of the Department on Aging: ”To date, the laptop, the flash drive, and the paper files that were stolen, has not been recovered. There’s also no evidence to date that shows the information has been accessed or been misused,”. ”Our staff immediately began notifying and calling the families and the customers that was affected with those 100 files. For the most part, they’ve all been very understanding, very appreciative that we notified them immediately,”

The affected parties have been requested to check all bills and check on credit reports.

“You want to know what’s on your credit report. You want to see and recognize any changes or things that you don’t understand. You can see what changes are happening in your credit report and make sure they’re all accurate and up-to-date,” said Clifton O’Neal, communications director for TransUnion.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in Computer security, computer security software, data breach, data encryption, laptop theft

Tags: AlertSec Xpress data breach data security Desktop computer Kansas laptop Medicaid Mobile device Personal computer Social Security Social Security number Theft TransUnion

2011 a bad year for Medical data breaches – Millions of patient data compromised

December 21st, 2011

Beth Givens at Privacy Revolution session

PRC Director Beth Givens gives an insight into Medical data breaches

The San Diego-based Privacy Rights Clearinghouse has come up with a list of 2011’s six most significant data breaches.

An overview

2011 has been a bad year for Medical data breaches. According to the PRC there were a total of 535 breaches that involved 30.4 million sensitive records. When we talk about sensitive information we mean Social Security numbers, drivers license numbers, financial account information and medical data.

Top breaches

The worst hit was Health Net as nine of its data servers went missing from a Northern California data center in January. The servers had records of almost two million current and former policy holders.

Sutter Health experienced data breach when its company-issued computer was stolen from Sutter’s Medication Foundation offices. Health Data of more than 4 million patients was compromised.

Tricare Management Activity and Science Applications International Corporation – Backup tapes containing data ofto 4.9 million patients were stolen from an employee’s car.

What do regulators have to say?

Regulators feel industry and legislative mandates to protect sensitive information need a revamp. National data privacy laws are gaining importance on both the national and local levels. Regulators are looking at industries where personal information is of utmost importance. Institutes such as HIPAA in healthcare and the Gramm-Leach-Bliley Act (GLBA) in financial services. It is not only the lawmakers who are imposing mandates for data security. There are a few indutries like Payment Card Industry Data Security Standard (PCI DSS) that have come up with security regulations when it comes to storing credit card information.

The other important aspect eyed by IT professionals is cloud computing. A recent EMA survey shows that organisations that had adopted or planning to adopt cloud computing were making sure that the use of data security and privacy controls was an important aspect of Service Level Agreements (SLAs) with Cloud providers.

According to Paul Hogan, CEO of T3 “This recent legislation proposal shows the absolute crisis that the US and the world’s largest corporations and government are facing regarding data breaches and the subsequent leakage of extremely sensitive consumer and government information. Cyber attacks have been around for a long time, however due to their sensitive nature, large corporations have tried their best to keep them from being reported to the media, which would no longer be possible if this legislation passes which we believe is simply a matter of time.”

Here is Beth Givens, PRC director’s statement “This is a conservative number,” said Givens. “We generally learn about breaches that garner media attention. Unfortunately, many do not. And, because many states do not require companies to report data breaches to a central clearinghouse, data breaches occur that we never hear about. Our chronology is only a sampling.”

Hospitals can secure themselves with Alertsec

Organisations and hospitals, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.