Log in

Posts Tagged ‘Website’

Anonymous is back with a bang! This time they breach Stratfor Inc.

January 9th, 2012

Stratfor Inc hacked and credit card data stolen

Anonymous has always been in the news for data hacking and just when we were wondering what they were up to, they are here! This time they have been successful in breaching data of the security Think-Tank Strategic Forecating Inc, based out of Austin.

The details

The group managed to hack into Stratfor’s web site and get data about the company’s corporate subscribers. This resulted in the website being closed down temporarily. Anonymous was proud to announce that they stole passwords, credit card details, and home addresses of about 4,000 people on Stratfor’s private client list. Their plan was to use the credit card information to make fraudulent donations to charities. The hackers described the data on Pastebin, then provided several links to websites hosting the information. According to them some 50,000 of the e-mail addresses released end in “.mil” or “.gov.”

Strangely enough, some representatives of the Anonymous group denied complete responsibility of the attacks. According to an Anonymous spokesman “it does not attack media sources.” The organization has been known for its hacks on Sony’s PlayStation services, the Church of Scientology, as well as companies, banks, and organizations that supported WikiLeaks.

What business is Stratfor into?

The company offers its clients like the U.S. Air Force, the Miami Police Department, and Apple, high-quality economic, political, and even military analysis to clients, delivered daily via email, video, and the Web.

After the hack

Stratfor is offering a free one-year subscription to an identity protection service to those affected. Stratfor’s CEO, George Friedman confirmed on the company’s Facebook page on Monday that the hack disclosed the names of some corporate subscribers along with personal and credit card data.

Barrett Brown, spokesman for Anonymous said “This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade,”. “Many of those contacts work for major corporations within the intelligence and military contracting sectors, government agencies and other institutions.”

Stratfor’s chief George Friedman’s statement

“While addressing matters related to the breach of Stratfor’s data systems, the company has been made aware of false and misleading communications that have circulated within recent days,” said Friedman. “Specifically, there is a fraudulent email that appears to come from George.Friedman[@]Stratfor.com.”

High profile attacks are making the rounds and security agencies are scrambling to get the security policies of such companies in place. Stratfor’s website is under repair as of today and will take some time before it gets back in shape.

Alertsec equips firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: anonymous Austin Austin Texas Consultants Credit card data Facebook George Friedman Hack Miami Police Department Pastebin security Stratfor United States Air Force Website Wikileaks

Contractor to be blamed for Stanford Hospital’s data theft

October 9th, 2011

Stanford Hospitals blamed for data breach

Third parties have recently been in the news for data breaches. You give your data for security purpose to a third party contractor and Bam! The next thing you know is it is stolen!

The recent case detailed below talks about a breach that exposed the personal data of some 20,000 patients, thanks to the contractor’s negligence.

Stanford Hospital Clinics class action suit

20,000 patients’ personal information was made available on a public Web site for a year. That led to the class action suit against Stanford Hospitals.

Shana Springer, one of the patients whose information was compromised, filed the class-action lawsuit against Stanford Hospital & Clinics and Multi-Specialty Collection Services. Stanford Hospital & Clinics and Multi-Specialty Collection Services is an outside vendor that was allegedly responsible for the breach. The lawsuit asks for $1,000 per patient.

Here is what the hospital spokesperson had to say: The hospital intends to vigorously defend the lawsuit that has been filed as it acted appropriately and did not violate the law as claimed in the lawsuit,’”

Case details

A spreadsheet maintained by a third party billing contractor, Multi Specialties Collection Services (MSCS), was allegedly posted on Student of Fortune website that allows students solicit homework help for a fee.

The spreadsheet apparently included names, diagnosis codes, account numbers as well as admission and discharge dates of about 20,000 patients who visited the hospital’s Emergency Room in 2009.

According to Stanford Hospitals, this data was encrypted. But looks it MSCS decrypted the data and put it into a spreadsheet. A person who had probably no clue about what he was doing and posted it on the website further managed this spreadsheet. The identity of this individual has not been divulged by MSCS.

Statements released by the hospital:“This mishandling of private patient information was in complete contravention of the law and of the requirements of MSCS’s contract with SHC and is shockingly irresponsible,”

According to the MSCS contractor, Frank Corcino, he decrypted the details and put it into a spreadsheet. He later handed off the spreadsheet to a job applicant as parts of a skills test.

It appears that the applicant was unaware the spreadsheet data was private and posted it on the homework help site in Sept. 2010. The data remained on the site until August 22, 2011 and was later discovered by a patient.

What AlertSec has to say?

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way.

By using encryption software, you greatly enhance the laptop security, as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or senstive data. Our industry news provides a few examples of this.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software-licensing model.

1 comment »

Posted in Computer security, Data Protection, Lawsuits and settlements, Security Flaw, Uncategorized, computer security software, data breach, data encryption

Tags: alertsec data breach Emergency department Enter your zip code here MSCS Patient Stanford Hospital Stanford Hospital Clinics Student of Fortune Website

The Oregon Department of Transportation admits to data breach

September 12th, 2011

Data breach at ODOT exposes participants social security numbers

2011 has probably seen the most and the worst set of data breaches. In April 2011, Sony reported a data breach within their Playstation Network. Expedia’s Trip Advisor, email marketing provider Epsilon and professional engineering society Institute of Electrical and Electronics Engineers followed suit.

In the latest incident of data breach, data of 62 current and former employees remained exposed to the public online for nine long years. The breach was reported on Friday.

Details of the breach

Oregon Department of Transportation immediately removed the data from the site and apologized to its users who had participated in the environmental program. Fortunately, no one has had any problems with the exposed data.

Aug. 26 email gave details of this breach to all its users.

According to Theresa Masse, the state’s chief information security officer with the Department of Administrative Services ”Some were electronic — misdirected email, lost laptop, or a file exposed on a website,”. She further added “Others involved misdirected letters or a lost folder. The largest affected 500 people; the smallest, one individual.”

ODOT found out about the breach two weeks ago when it got a call from a citizen who brought to notice that a file in the agency’s file transfer protocol site contained encoded Social Security numbers. A file-transfer protocol site is used to transfer large files to internal and external users. The file contained names and encoded Social Security numbers of 62 people working with ODOT’s environmental programs. This information could have been online since 2002.

This is what ODOT spokesman Dave Thompson had to say when users found out about the breach ” “None of them were necessarily happy with us, or with the news this happened,” Thompson said. “But none of them has indicated they have noticed any sort of issue. It does not mean it hasn’t happened — and that’s why we spoke to them first before we announced it.”

Comparison with two private sector firm breaches

Health histories of 120,000 Oregon customers covered by Health Net were breached in March. Computer disks and backup tapes with details of 365,000 Oregon patients of Providence Health & Services went missing in Dec 2005

Another incident in early 2010

This incident was far more serious than the recent breach. A pen drive with payroll information of 550 Department of Corrections employees was found in Madras. The drive contained Social Security numbers of 300 employees at the Deer Ridge Correctional Institution near Madras and the Shutter Creek Correctional Institution in North Bend, and information of employees at the Warner Creek Correctional Facility in Lakeview.

How can Alertsec help protect data?

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Identity and Information loss, computer security software, data breach, identity theft

Tags: California computer encryption software data breach data encryption disk encryption Emergency department Enter your zip code here Health Net identity theft Oregon Oregon Department of Transportation Palo Alto California Personal computer PlayStation Network Providence Health & Services Social Security number Stanford Hospital and Clinics United States Department of Health and Human Services Website

“Small” Data Breach incidents hit the 9,100 mark in First Year

March 17th, 2011

As they say everybody knows all the big things that happen in your area. It is something that applies to breach incidents as well. If you talk about the large scale breach issues they are also very common. The HHS website i.e. the portal of Health and Human Services is maintaining a report of all the incidents that track the data breaches.

At the same time, HHS also receives queries and reports which involve breach incidents that are less than 500 people. While it is not a mandatory condition for the department to report this data publicly, the same was visible in the federal 2012 budget.

According to the reports by Office for Civil Rights reports there have been 9,109 breach reports received till September 30, 2010. These are reports which affected less than 500 individuals. If you actually do the calculation, it represents 365 days of reports amounting to 25 reports per day.

So how are the incidents reported?

Reporting for data breaches is also provisional for the HITECH Act. It modified HIPAA and requires that covered bodies report all breach incidents related to unsecured health information to HHS. Also any breaches that involve 500 or more people must be reported from within 60 days of their discovery.

In addition, there is directive from HITECH to HHS for publishing of these reports on its Website.

The critical thing is that the number of reports i.e. 9,109 actually exceeds the breach incidents that were estimated by OCR in its interim final rule in 2009. According to that rule, OCR had projected about 106 breach reports annually.

Secure your Data with Alertsec

Worried with the above incident and think you could also be a potential victim? In-order to avoid such incidents, following essential guidelines is very necessary for data security in any organization. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Twitter Finalizes FTC Security Settlement (informationweek.com)
York Uni exposes students’ private info (go.theregister.com)
Twitter settles with FTC over security breaches (arstechnica.com)

No comments »

Posted in Alertsec Express, Data Protection, data breach

Tags: data security Health Insurance Portability and Accountability Act Medical record OCR Office for Civil Rights Optical character recognition Protected health information security United States Department of Health and Human Services Website

Data Breach: Popular Recruitment Website “RecruitIreland.com” data Breach

February 11th, 2011

To compromise customer sensitive details in a breach is quite embarrassing for a well known, user driven website. Especially, it becomes very tough if there are bunch of users logging in day and night to your website. Something similar has happened to the popular Irish recruitment website RecruitIreland.com which has been hit with a potential data breach and was temporarily disabled. The site is a member of the Thomas Crosbie Media (TCM) group of companies. RecruitIreland.com could have escaped from this situation, if it had used the laptop encryption software from trusted companies like Alertsec Xpress.

The website RecruitIreland.com has been forced to close temporarily as overall the 400,000 registered users’ email addresses have been compromised. As we talk about this incident, the site is now back online although it was offline after the company had learnt of the breach through several spam emails similar to the one below.

External Security Consultants

To identify and solve this problem, company has hired the services of an external security consultant. Tom Crosbie, the website’s managing director said, “The gardaí are investigating and the Data Protection Commissioner has been made aware of the breach”.

Officials of Recruitireland.com said in a statement, the website was shut down immediately at 2pm on 8th February 2011 after the breach was identified. Post that the concerned authorities including Gardai and Data Protection Commissioner were notified.

The Reason of Data Breach was Spamming

According to the reports database of company may have been harvested for spamming purposes. Users were receiving spam emails and advised not to reply, or comply with any requests for information such as bank account details. No other data, including CVs, usernames or passwords had been compromised, according to the website.

The company’s spokesperson said, “We take this incident and any attempted breach of our database extremely seriously” He also added that investigation is being done both internally and externally.

How Alertsec Xpress Would Have Helped

Although organizations world over are waking up to security issues, there is still a lot of work that needs to be done. Our idea at Alertsec has always been to create awareness about the massive impact of breach issues. We can only hope that after such cases of data breach, data security will become the key agenda for companies. They will start securing their organizational data by bringing in policies, using new software and improving their current practices.

This news exemplifies the need for data protection applications like Data encryption software and Laptop encryption. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.