User (computing)

CareFirst database breached by cyber attackers

May 27th, 2015

The database which is used for members and other individuals to access CareFirst’s websites and online services was breached when cyber attackers gained access to it. The attack was discovered by the CareFirst IT security team. The company mentioned that it is working with Mandiant for IT examinations. The attack likely led to “limited unauthorized access to a database.

The affected information includes member-created user names created by individuals to access CareFirst’s website, members’ names, dates of birth, email addresses and subscriber identification numbers. Social Security Numbers, medical claims information and financial information were not affected.

“Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords,” the statement read.

Affected individuals will receive notification with an activation code to safeguard their accounts from further damage.

“We deeply regret the concern this attack may cause”, CareFirst President and CEO Chet Burrell said in a statement. “We are making sure those affected understand the extent of the attack – and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UK estate agency Foxtons hacked

August 23rd, 2013

Famous UK estate agency Foxtons had to reset passwords of all its customers as a precaution, as it appeared hackers lifted thousands of clients’ usernames and passwords from the systems.

Hackers claimed to have leaked online user names, email addresses and passwords of nearly 10,000 Foxtons’ customers, resulting in a big data breach incident.

All the details were quickly leaked but assumptions were that the copies were made before this happened. The hackers failed to pull out credit card or bank details but they still gathered enough information of customers.

Writing to the affected customers, Foxtons said it was investigating the purported hack. In the meantime it had reset user passwords as a precaution.

Foxtons have been able to download the list of usernames and passwords that were posted and are currently running checks to determine its accuracy. They also assured all its customers that any sensitive information that they may have provided in relation to payments made through Foxtons is completely secure with the external payment providers.

However, immediate precautions had been taken to safeguard the accounts and an investigation was in progress. The affected customers will be contacted directly contacted by Foxtons’ team.

Foxton had also asked its customers to create new password once they login.

When Foxtons’ representative was asked whether the company salted stored passwords, a basic security practice, they declined to comment on any aspects of the incident and said that it may decide to issue a statement at some point.

“Tighter regulation might be needed to stem the growing list of data breaches. The recent spate of high-profile data breaches, such as this alleged attack on Foxtons, is evidence that organisations are either not taking cyber security seriously or are bewildered by the problem. Regulation in this case is a necessity to alter corporate behaviour.” said Ross Parsell, director of cyber security at Thales UK.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Ubisoft website hacked, account information compromised

June 25th, 2013

Data breaches have been penetrating at a rapid pace and when it comes to websites, they are not strangers to data breach incidents. The latest one to be affected by breach is Ubisoft.

The server of Ubisoft, the game developer behind the great success of “Assassin’s Creed” and “Far Cry” was hacked and a database containing log-in names, email addresses and passwords of the users was accessed illegally by the hackers.

Following the consequences, the firm had closed all the access to their server and started a thorough investigation. All the users were requested to change their passwords and email address.

Ubisoft officials stated “Out of an abundance of caution, we also recommend that you change your password on any other website or service where you use the same or a similar password,”Looking on the positive side, none of the personal payment data of the user was stored on the website, so there was no scope of debit or credit card information data breach. However, email addresses, user names and encrypted passwords were at danger.

Richard Henderson, a security researcher for Fortinet, a cyber security firm, said some major gaming companies are under the watch of hackers who intend to steal account details of users.

An Email by Richard said “All of this info is quite valuable in the ‘virtual gold’ and account markets.”

There may be a possibility that database information of users were not compromised, but still dealing with data breach of this nature proved to be a great challenge for users. In the case of data breach,it is easy for hackers to gain access of the passwords, as a result people using the same username and passwords for other websites would have to pay for this unintentional mistake. Users may end up with spam mails in their inbox associated with the stolen e-mail address.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Dropbox or Spambox

June 11th, 2013

Dropbox users are reporting spam emails for dedicated email accounts associated with the cloud storage service, in what appears to be leftover problems from last year’s data security breach.

But the cloud storage company has not seen anything to believe that this may be a new problem or a fresh data breach. The firm said in a public posting that it “remains vigilant given the recent wave of security incidents at other tech companies.”

One user explained the problem in a nutshell:

I have an internal to my company email address that I used for Dropbox only and I am getting the same fake PayPal scam emails. This has been happening since about Monday.

There was concern among forum members that following the hack of Zendesk, Dropbox users may have been at risk. “If Dropbox was affected, they should have already announced this like Twitter, Tumblr and Pinterest did,” said another user.

Last July, Dropbox suffered a data breach after it investigated suspicious incidents on its network. After bringing in outside experts to assist with the probe, the company found that usernames and passwords were stolen and some accounts were accessed. This was exacerbated by the successful intrusion of a Dropbox employee’s account containing a project document with user email addresses.

The file storage company then bolstered its accounts with two-factor authentication as well as automated back-end services to weed out suspicious activity.

Dropbox is not only used by small-medium sized businesses but also caters for enterprise clients. Dropbox for Teams added to the company’s freemium model by offering generous storage and a back-end dashboard to administrate Dropbox accounts, such as adding and deleting users.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.


Enhanced by Zemanta