Log in

Posts Tagged ‘Social Security number’

Student data online for 8 months at University of Tampa

March 25th, 2012

University of Tampa faces trouble due to data theft

The report in detail

While conducting an in-class project on advanced search techniques, news of major data breach came into light. This data breach happened at University of Tampa (UT) in Florida. Number of students who had enrolled last fall and who got affected due to this breach are more than 6,800. The data, that was on web for around eight months included date of births and social security numbers of the students. Notably, this breach occurred due to server management error, in which a text file was publicly accessible for around eight months.

More two database files containing UT identification number, name, social security number and photos of 22,722 faculty, staff and students were on the web. The files were on web from July 2011 to March 13, 2012 and were discovered during in-class search exercise. It so happened when two UT students viewed the files on March 13, 2012 and reported to the IT staff. The IT Staff with the help of University representatives has deleted all the files that were made publicly accessible on web.

Statement given by the University

The two databases were not indexed by Google and so there is a possibility that they might not have been viewed by others. However, there was no clarification from the University on why only one file was been indexed by Google.

How did the data theft take place?

The new server was made operational in July 2011 and the text file and two databases were created to solve the problem of UT identification cards. This information was supposed to reside on UT’s internal servers. But unfortunately, the text file got inadvertently indexed by Google. However, the two databases were not indexed by Google or any other search engine.

How to prevent data theft?

News of data exposure on web is common. But protecting data is not impossible. There are a variety of things that IT admin can do to prevent data theft. According to Privacy Rights Clearinghouse, 16 schools in United States suffered from data breaches this year. Even though there has not been any maliciously viewing of the above data breach, it is not the case always. But an individual with malicious intent can use the information as an identity theft and then for credit fraud. The University is taking efforts to minimise the possibility of such data thefts in future. Reviewing of security procedures and policies is being done by the University. The university is planning to appoint a third-party, qualified security assessor (QSA) for reviewing of information on security procedures. It is making continuous and constant efforts to avoid breaches to ensure maximum protection of data, information and networks.

Time to plan your cyber-security with Alertsec

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. There are no short cuts to Data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: data breach Data theft Google Information Technology Privacy Rights Clearinghouse Social Security number Theft University of Tampa

NASA employee’s laptop stolen, sensitive data at stake

March 21st, 2012

Kennedy Space Center experiences laptop theft

Where and how was the laptop stolen?

The laptop theft of NASA’s employee took place outside the home of the employee’s car where he had left his laptop. This theft has caused 2300 employees of Kennedy space centre to suffer. The laptop contained personal information like employee names, race, and national origin, and gender, date of birth, contact information, college affiliation and grade-point average. It also included their Social Security numbers which obviously are at stake. A human resources office reported on March 5 and the theft took place at Orange County where the employee is residing. Officials said that there is low probability of exploitation of personal information of Kennedy space centre employees.

NASA is providing affected employees with one year’s worth of free cyber, identity, and credit monitoring and recovery services whose personal information was in the stolen laptop. Kennedy Space Centre spokesman Allard Beutel said initially the numbers of affected employees was predicted much lower than in real. Even though lots of data was stored on the agency servers, the employee’s laptop also contained more sensitive information and security numbers.

This theft has definitely opened eyes of all IT security systems and they are taking additional efforts towards data protection, encryption of devices. Officials said that they will be reviewing all IT security policies and practices to avoid such incidents in future. All the laptops including sensitive and general data at KSC will be encrypted by September 2012. However, this was planned and was going to be implemented before the theft took place.

NASA officials had a hard time ‘cleaning their act’. Any data has the possibility of being hacked if not encrypted properly. Lost laptops or loss of any electronic system that contains sensitive information could prove as the huge loss for any business. There are many methods to protect data on laptops such as alarms, locks or visual deterrents. It is always advisable to have a backup of data on servers, and to delete the sensitive information on laptops when the work is over.

We all are aware about the benefits of encrypting devices. Encryption can be done to a specific file or a whole disk. It ensures us peace of mind. We feel relaxed as our sensitive information is secured. Encryption also provides unauthorised access protection to our data. Encryption may be useless if authentication is not there. Some corporations need to pay huge fines if the laptops stolen are not encrypted. If the data stolen is very sensitive and related to business, it will cost you a lot for your business. Encryption will ensure that even if your laptop gets stolen, the data cannot be hacked by the best hackers also. After all, confidentiality is what we all need.

Try Alertsec

Alertsec, a reliable name in the world of data security is guiding organizations in their data protection policy. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For years, Check Point has been protecting more PCs, laptops, PDAs, smart phones and removable storage devices than anyone else in the world.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Identity and Information loss, Security Flaw, computer security software, data breach, data encryption, full disk encryption, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Check Point Computer security disk encryption Encryption Information sensitivity Kennedy Space Center laptop theft NASA Social Security number

Data breach affects University of Tampa

March 19th, 2012

Students data compromised at the University of Tampa

Every University has a data security policy in place and tries its best to secure confidential information of its students, alumni, staff and faculty. In spite of this, student data is getting compromised and private data getting misused. The recent data breaches at Missouri State University, University of South Carolina and Midland Tech shows that educational and student data is vulnerable and susceptible to compromise.

The University of Tampa breach

Private data of about 30,000 students and staff at the University of Tampa remained open on the Interne for anyone to see. The information was seen in the form of an file indexed by Google and displayed name and long string of numbers — social security number, student ID number and date of birth.

On Mar 13 some students were practicing advanced search techniques and that’s when they bumped on to this data. They immediately informed about this accident to the information technology department. This happened because the file got created as a back-up a new server was installed in July 2011 and in turn the file accidentally got indexed by the search engine.

Post-incident, Google has taken down this file and removed it from the cache.

What is UT doing post-breach?

The University plans to send a letter to students and staff regarding the breach. At the same time the students may contact the IT department to find out if they were on the list of those affected.

According to the University officials there is no evidence of the information being misused till date. Nevertheless, the University has offered to pay for fraud alert services for anyone who requires them.

Data breach history at the University of Tampa

Two other breaches were reported in January 2000 and July 2011 that had affected about 30,000 records related to faculty, students and staff.

As this is the third data breach in the University’s history, it is needless to say students at the downtown university are concerned about their data and authorities are having a hard time convincing students about data security policies.

Statements

According to Cpl. Bruce Crumpler, economic crimes division of the Hillsborough County Sheriff’s Office, “I’m not sure I can find words to express how worried they should be,”. “I think they should be very concerned.”

Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse in San Diego, adds further “This would be categorized as a major and critical breach because of the nature of the information,” he said. “Anytime Social Security numbers are involved, particularly in connection with dates of birth, those are the keys to the kingdom for an identity theft.”

Donna Alexander’s, vice president of information technology, take on the matter

“We took immediate action to take the files down so they would not be accessible any longer,” Alexander said. “We know the exposure is somewhat limited, but we are certainly concerned about any exposure whatsoever.” In this case there was a situation where the protective measures for that particular directory were not as tight as they should have been,” Alexander said.

Encrypt your data with Alertsec’s help and stay safe

Universities and educational institutes are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Bkis, Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Check Point Confidentiality data breach data security disk encryption Google Information privacy Missouri State University Personal computer Social Security number South Carolina University of South Carolina University of Tampa

Canadian businesses vulnerable to data breaches: Security needs tightening

February 29th, 2012

The cloud-computing stack: Cloud computing is the answer to data security

It is a myth that only giant corporations become a victim of data breach as they deal in large amount of data. The reality is small and medium-sized businesses are not exception when it comes to getting hacked. Their data is equally insecure and unless they strengthen their security policies, they are looking for trouble with a capital T.

Today’s story throws light on the vulnerability of small and medium sized businesses. The focus today is on Canadian companies.

What the survey says?

According to the survey conducted by Primus Business Services 60 per cent of the small and medium business owners admitted that they invest less than 10 per cent of their budgets in data. It is true that they are aware of the risks they are taking but are unable to act on it.

Half of the company-owners said that they were concerned with cloud computing security, 40 per cent of them were of the opinion that they would feel more secure if cloud services had full unified threat management/firewall protection or if the cloud was a single-tenant environment. Around 48 per cent agreed that having proper company security polices will solve the data breach problems.

Cloud-computing is a relatively new phenomenon and hence companies are wary of switching to this technology. As of now only 14 per cent companies are taking advantage of this technology. Somehow it is still felt that cloud-computing is insecure as compared to having your own servers.

According to AJ Byers, Executive Vice President of Primus Business Services “Our public and private cloud computing platforms have been designed with enterprise grade security, failover, and disaster recovery technologies that are far more advanced than the standard firewall and server protection that most small and mid-market companies are investing in to protect both their own, and customer, data.”

What does cloud-computing exactly do?

A cloud firewall protects cloud servers and offers a fully unified threat management approach to securing the

customer’s environment.

Cloud computing key features:

Network security: A configurable firewall combined with an Intrusion Protection system, Denial of Service protection, traffic forwarding, VPN support and other

security tools.

Application security: includes email and web security – Protects users from receiving malicious spyware and spam emails.

What does cloud-computing exactly do?

A cloud firewall protects cloud servers and offers a fully unified threat management approach to securing thecustomer’s environment.

Cloud computing key features:

Network security: A configurable firewall combined with an Intrusion Protection system, Denial of Service protection, traffic forwarding, VPN support and othersecurity tools. Application security: includes email and web security – Protects users from receiving malicious spyware and spam emails.

The above makes it all the more clear why data security is important. Data encryption via cloud computing is the way to keep data breaches at bay. Companies like Alertsec take care of security needs for big as well as medium-sized and small companies.

Let us peek into the key features of Alertsec:

256-bit Full Disk Encryption

Web-based management

Comprehensive 24/7 support

Logging & Reporting

HIPAA, PCI and SOX compliant

Alertsec’s cloud-based, hard disk encryption service provides an easy and convenient way to protect all information stored on your organisation’s laptops and PCs.

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, Security Flaw, computer security software

Tags: alertsec business Check Point Cloud computing Cryptography data breach Data Protection Act 1998 data security disk encryption Information privacy security Social Security number Theft

ICO issues Midlothian Council record fine of £140,000 for disclosing sensitive personal data

February 4th, 2012

Midlothian Council pays hefty fine for data breach

ICO is leaving no stone un-turned to punish data breach culprits. It is levying fines to those who compromised private data, especially children’s sensitive data.

Recently the council fined the Midlothian Council a record fine of £140,000 for disclosing sensitive child data. And we are not talking here about just one breach. There were 5 breaches between Jan and June 2011.

The case in detail

Breach 1 – This happened when documents related to the status of a foster carer were sent to seven healthcare professionals, who had no reason to see this data.

This particular incident took place in January 2011 and details came to light only in March when the council started to investigate. In spite of the investigation similar incidents took place in May and June.

Breach 2 – Minutes of a child protection conference were sent by mistake to the former address of the mother’s partner, where they were opened and read by an unauthorized individual. The documents contained personal data about the mother, who made a complaint to her social worker about this case.

Assistant Commissioner for Scotland Ken Macdonald said “the serious upset that these breaches would have caused to the children’s families is obvious and it is extremely concerning that this happened five times in as many months.’

“I hope this penalty acts as a reminder to all organizations across Scotland and the rest of the UK to ensure that the personal information they handle is kept secure.”

He further added that information about children’s care, details about their health and wellbeing, is the most sensitive information that is held by local authorities. It goes without saying that this information has to be protected and that strict policies are to be chalked out and followed.

The ICO’s investigation

According to the ICO all five breaches could have been avoided if the council had been strict about protection policies, training and had put checks in place. It has further ordered the council to take action to keep the personal data secure.

Since the incidents the council has recovered all of the information that was sent to the wrong recipients and is updating its security policies.

What the the ICO chiefly wants is that the government should give itstronger powers to audit local councils’ data protection compliance, if necessary without consent.

NHS bodies across the UK want the same kind of powers in light of the recent data protection breaches.

Midlothian Council comments:

Colin Anderson, chief social work officer for Midlothian Council, commented: “As soon as the council discovered the problem, it investigated and found eight letters or documents had been sent to the wrong recipients, for which the council is sincerely sorry.

“The council immediately took steps to retrieve the information, or have it destroyed, and voluntarily reported ourselves to the information commissioner. I must emphasise that there is no evidence that anyone was put at risk.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides: