United States Secret Service

New Data Breach bill forces companies to disclose consumer personal information

June 25th, 2012
Pat Toomey

Sen. Pat Toomey introduces Data Breach Bill

Data breaches are increasing but so are proposals to combat them. The picture is not all that sad on the data security front although everyday we are reading news about data thefts and laptop thefts. It is like in any typical happy ending movie where good people fight the bad people, where the brave won over the evil! Similarly, the more laptop thieves and data hackers we have, the more senators and data security experts there are to stop data from getting breached.

This time Senator Toomey plays the part of the Hero and let us hope he wins at the end.

Sen. Toomey introduces the Data Security and Breach Notification Act (S. 3333). This bill will preempt 46 state data breach laws and replace them with a national standard. Let us hope this bill gets passed.

This bill will set national standards on how companies should inform consumers about data breaches when it relates to personal information.

The bill states:

The act directs corporations, trusts, cooperatives and similar entities that retain personal information to inform the owners of that information of a breach as quickly as possible. The breached entities have to inform the owners of the breached information on the date it was accessed, the information that was stolen and how to contact the breached entity for more information. The notification can be by telephone, email or on paper.

The bill further states that the organization will be required to notify the FBI or the US Secret Service. Law enforcement agencies can request, in writing, that the organization delay notification if doing so might compromise a criminal investigation or have an impact on national security.

More about the bill – People will be notified by telephone, email or on paper. They would have to be told when the breach occurred and what information was compromised. The legislation cites specific examples of such personal data, including Social Security numbers, driver’s license numbers, and bank and credit card account numbers.

The downside of the bill:

There is no specific period for actually sending out these notifications. That is what the consumers are worried about, they feel that companies learn about breaches but do not inform consumers immediately. The states do have notification laws but not sans loopholes.

There are strict data breach laws already in place like in the State of Connecticut. This bill appears weak in comparison. Connecticut–a state that is “in the forefront in protecting the personal information of its residents”–now requires a data breach notification to be made whenever there is a “breach of security.” The state’s data breach notification law defines such a breach as the “unauthorized access to or unauthorized acquisition of electronic files, media, databases, or computerized data containing personal information when access to the personal information has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable.”

Let the Bills do their work, Let Alertsec do its own – that of data encryption

Alertsec’s mission is to continuously improve its products and services in order to deliver the easiest-to-use and most cost-effective managed encryption service on the market.

Enhanced by Zemanta

Data Breach and Hacktivism- A major threat faced by today’s organizations

March 28th, 2012
Verizon Communications (TBV)

Verizon divulges deep into the Hacktivism world

A very shocking news but real fact came to light today when Verizon reported that hacktivism was responsible for the majority of stolen records in their annual data breach report. However, hacktivism is accounted for only 3 percent of the total 855 recorded attacks among several countries.

Emerging details

Hactivism has increased worldwide since last year. According to Verizon, last year 58 percent data theft was due to hactivism. Hactivists attribute a very small percentage of group of people but they are proving a major threat than criminals. Criminals usually target small thefts that cannot be detected fast and easily. According to the annual data breach report it was found that from a total of 174 million records that comprised of individual database entries and documents compromised in the 855 incidents, hacktivists had a share of 100 million records.

Professional criminals target smaller companies at large as they are yet to invest in security whereas large companies have already done so. Also it was found that hacking incidents were aimed at social and political objectives rather than aiming at financial gain.

The report stated that breaches were also noticed in India, US and 34 more countries and nearly 70 percent of those originated in Eastern Europe.

The statement given by Verizon

The latest trend distinguishes the past several years trend, when majority of the attacks were carried out with the aim of financial gain. It was also observed that seventy-nine percent of breaches that took place were opportunistic and ninety seven percent of them could have certainly been avoided. Data breaches were mainly caused due to external attacks while target being the outsiders. It included organised crime, activist groups, former employees, lone hackers and even organisations sponsored by foreign governments.

How to avoid data theft

In earlier times, data theft was related to website defacement or denial of service. Now the reports state otherwise. The problem always has been the detection of data thefts. Many of them go unnoticed. Some are not detected in the first attempt. Majority of data breach attacks are not recorded.

Verizon has verified its data breaches from various sources like the US Secret Service (USSS), the UK’s Police Central e-Crime Unit (PCeU), the Dutch National High Tech Crime Unit (NHTCU), the Irish Reporting & Information Security Service (IRISSCERT), the Australian Federal Police (AFP), the Irish Reporting & Information Security Service (IRISSCERT).

The EU plans to appoint a Data Breach Directive in the near future which will be active 24  x 7  for the reporting of consumer data as a legal requirement across the 27-nation economic area.

The organisations also need to speed up in protecting the vulnerable security system that cause data breach frequently.

Encryption software offered by Alertsec!

There are no short cuts to data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

Enhanced by Zemanta

Tesco Bank Data Breach & Verizon’s Security Report

July 30th, 2010
Verizon logo
Image via Wikipedia

Tesco Bank Incident

The personal and financial details of dozens of Tesco Bank customers have been leaked resulting in possible fraud. The cause of the incident has been attributed to the action of staff who sent the unprotected personal data in the post.

The data was being sent over post from Manchester to Glasgow and was lost somewhere between that. Customers of the bank were already fuming over a dispute with Tesco Bank as they were levied charges for controversial payment protection insurance on Tesco credit cards.

From their side, Tesco is blaming a ‘service provider’ for the data loss. Also the employee who is responsible for sending the details is a a staff member from taxpayer-owned Royal Bank of Scotland (RBS) an was working as a contractor for Tesco Bank. The Royal Bank of Scotland has taken full responsibility of the incident but has refused to divulge further details and answer questions about the incident.

The loss was discovered by Tesco Bank last month. On incident discovery, Tesco bank started contacting customers about the problem in July and as a gesture for the loss offered two years of free insurance against potential losses arising from the breach.

Apparently, the impact of the incident is small due to less customers but having said that the incident opens the slack procedures adopted by financial service companies to secure confidential customer information.

A spokesman of Tesco Bank said: ‘Tesco Bank and the service provider have robust rules and procedures for handling customer information. ‘There is no record of the correspondence being sent by courier or recorded delivery. That leaves the possibility that it was sent by standard mail, contrary to ours and our suppliers data handling procedures. ‘Therefore, we have taken the precaution to inform our customers and take steps to safeguard their accounts.

Verizon Data Breach Report

In another news, Verizon has published a thorough report detailing out the number of data breach incidents resulting in theft of electronic records. As an encouraging statistic, it is nice to see the total number of compromised data breaches going down to 143 in (2009) compared with 285 (in 2008).

The report which is slightly contrasting to the study conducted by Ponemon institute, attributes the dip to law enforcement success, including the arrest of Alberto Gonzales in 2008.

Some statistics from Verizon’s report:

  1. 96% of breaches could have been avoided through simple or intermediate controls.
  2. 141 breaches from 2009 investigated by U.S. Secret Service (84) or Verizon (57) involved a patchable vulnerability
  3. More than half of the breaches were discovered by outsiders after a long period of time (60% of breach incidents).
  4. The organized criminal groups were behind 85% of the data stolen in 2009

The full report can be downloaded from Verizon Business Web site.

The biggest gap indicated by Verizon’s report is inadequate expenditure on security processes, systems and software. While organizations have started investing on data security software and laptop encryption software, there is still a long way to go in terms of adoption among most enterprises.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta