Target Corporation

Washington’s attorney general and two lawmakers’ favors stronger data breach laws

April 22nd, 2015

Washington’s attorney general and two lawmakers are calling for stronger data breach laws after the recent incidents of Premera Blue Cross and Anthem, Inc. data breaches. Attorney General Bob Ferguson, Sen. John Braun, and Rep. Zack Hudgins wrote an opinion piece in The Olympian this week.

As per the statement, current state data breach law is a decade old and obsolete and more meaningful and timely notification laws are necessary. They are trying to close current loopholes. The proposed legislation would require that individuals and the attorney general be notified within 45 days of a data breach occurring.

“In the present statute, there are too many loopholes about when notification must be provided, leaving consumer’s vulnerable to financial fraud and identity theft,” the opinion piece said. “The current law is alarmingly vague on the timeline to notify consumers when data has been compromised. And unlike other states, our current statute does not require notification to the Attorney General when a data breach puts state residents at risk.”

The proposed legislation states that HIPAA covered entities are “deemed to have complied with the notice requirements” if they have “complied completely with section 13402(f) of the federal health information technology for economic and clinical health act, Public Law 111-5.”

Murray discussed the data breach notification process as he was upset with the Premera data breach. He said that it was troubling that it took Premera so long to notify individuals, the media, and lawmakers that an incident took place.

“These failures are particularly troubling given the scope of the attack,” Murray wrote. “It is my hope that Premera can move with great speed and efficiency to ensure that my constituents receive prompt notice and information about the services that are being made available to them.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Security Breach due to stolen device

January 30th, 2015

Premier Home Health (Premier) may likely suffer data breach due to stolen laptop and cell phone from a nurse’s apartment. The incident puts PHI at risks for 2,700 patients.  Premier is an Senior Health Partners (SHP) business associate. According to SHP, laptop was password protected and encrypted.

An SHP press release mentioned that a laptop bag that contained both the laptop and the cellular device was stolen. The cell phone was not password protected or encrypted and  the encryption key for laptop was stolen with the laptop bag

According to the forensic expert hired by SHP, it was unclear if the laptop was inappropriately accessed. Affected information includes names, addresses, Social Security numbers, Medicaid ID numbers, dates of birth, phone numbers, type of medical services provided, diagnoses and health insurance claim numbers.

According to the statement:

 Senior Health Partners sincerely regrets that this incident occurred.  It takes the privacy and security of members’ health information very seriously and expects its vendors to do the same. SHP values the trust its members have placed in it as their health plan, and it is SHP’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.

Although there is no report of any attempted or actual misuse of member information, SHP has retained AllClear ID to protect its members’ identities. SHP members who have been affected by this incident will receive access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist. SHP is reviewing and updating its policies and procedures, and those of its business associates, to prevent a similar incident from recurring. SHP has advised its members to contact the confidential assistance line or their Care Manager for more information.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

JPMorgan Chase attacked by the hackers

October 2nd, 2014

An overwhelming attack on JPMorgan Chase by the hackers has compromised the accounts of 76 million households and seven million small businesses. It’s one of the largest ever intrusion which has overcame the previous estimates of the bank.

Earlier Target, home depot and a number of other retailers has suffered major data breaches.  The recent incident is blow to already shaken confidence in the digital operations. Below are the details of last year breaches for above mentioned companies –

Target: 40 million cardholders and 70 million others were compromised

Home depot: 56 million cards

Breaches in largest banks like JPMorgan can lead to exposure of more sensitive data.

“We’ve migrated so much of our economy to computer networks because they are faster and more efficient, but there are side effects,” said Dan Kaminsky, a researcher who works as chief scientist at White Ops, a security company.

Bank believes that no money has moved out of the accounts and till today customers are safe. According to the reports, the hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders. It is believed that account information, including passwords or social security numbers are safe.

Jamie Dimon, JPMorgan’s chairman and chief executive, has recognized the growing digital threat. In his annual letter to shareholders, Mr Dimon said, “We’re making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe.”

Due to rising threat of online crime, JPMorgan has said it plans to spend $250 million on digital security annually.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Big banks and retailers lock horns over Data breach

February 3rd, 2014

 

Target customers personal information of about 110 million was exposed during the data breach. It was notified by the Justice Department after suspicious activity involving payment cards used at Target stores. Also Neiman Marcus computer was attacked by hackers. It was notified late to the customers as company required confirmation for the breach.

Target Executive Vice President John Mulligan started his testimony before the Senate Judiciary Committee with an apology before blame game started between big banks and retailers. He stated during first part of hearing, “We know this breach has shaken their confidence in Target, and we are determined to work very hard to earn it back.” According to Mulligan, company hired its own independent team of experts to conduct a forensic investigation after the breach.

Personal information like credit and debit card numbers, expiration dates, PIN numbers and codes on the cards’ magnetic strips was compromised after 40 million credit and debit card accounts of Target were breached late last year. Also non card information like names, phone numbers and email and mailing addresses of 70 million Target customers were also stolen.

Neiman Marcus computer was also affected by the breach. Michael Kingston, senior vice president of the Neiman Marcus Group said, “The malware was evidently able to capture payment card data in real time, right after a card was swiped, and had sophisticated features that made it particularly difficult to detect, including some that were specifically customized to evade our multilayered security architecture that provided strong protection of our customers’ data and our systems.”

FTC Commissioner Edith Ramierz and William Noonan, a top agent with the Secret Service’s cyber operations branch are expected to report the Senate Judiciary Committee following testimony from retailers.

With the seriousness involved in the breach data it is advised companies to put all security measures in place. Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Target: Credit Card Data Breach on Black Friday

December 13th, 2013

No organization or company would like to hear about data breach incident that may put consumer credit card information at stake. US retailer, Target is investigating a massive data breach that begin this Black Friday, the biggest shopping day in the US.

It was reported that the data breach incident occurred in the Target retail store and not online. It could potentially involve millions of consumer credit cards from all Target retail locations. The theft involves grabbing the data stored on the magnetic strip of cards.

The data stolen would allow thieves to create counterfeit credit cards by transferring the stolen data on to any card with a magnetic stripe. If the thieves were also able to capture debit card PIN data, they could create fake cards and use ATMs to remove cash from accounts.

Target consumers who shopped at their stores were asked to be alert about any suspicious activity on cards that they used at the retailer. A victim told that he and some of his friends became the target of a similar kind of breach last year at a very popular establishment in Virginia that has some outlets in US. Fortunately, security departments at banks were on the lookout and caught most illegal transactions using the fake cards. His wife was actually called by their bank while standing in line buying groceries with her debit card when a simultaneous purchase using a fake card with her information was going on in Texas.

During these situations consumer is usually protected but the process of canceling and reissuing of cards proves to be inconvenient sometimes. Lawsuits between banks, that business and insurance companies are still arguing as to who was ultimately at fault.

Most of the times companies and banks do not like to talk about these issues publicly, but if the result of breach incident proves to be accurate, it will be one of the largest consumer credit card data breaches in history.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta