Log in

Posts Tagged ‘Website’

Data Breach: Popular Recruitment Website “RecruitIreland.com” data Breach

February 11th, 2011

To compromise customer sensitive details in a breach is quite embarrassing for a well known, user driven website. Especially, it becomes very tough if there are bunch of users logging in day and night to your website. Something similar has happened to the popular Irish recruitment website RecruitIreland.com which has been hit with a potential data breach and was temporarily disabled. The site is a member of the Thomas Crosbie Media (TCM) group of companies. RecruitIreland.com could have escaped from this situation, if it had used the laptop encryption software from trusted companies like Alertsec Xpress.

The website RecruitIreland.com has been forced to close temporarily as overall the 400,000 registered users’ email addresses have been compromised. As we talk about this incident, the site is now back online although it was offline after the company had learnt of the breach through several spam emails similar to the one below.

External Security Consultants

To identify and solve this problem, company has hired the services of an external security consultant. Tom Crosbie, the website’s managing director said, “The gardaí are investigating and the Data Protection Commissioner has been made aware of the breach”.

Officials of Recruitireland.com said in a statement, the website was shut down immediately at 2pm on 8th February 2011 after the breach was identified. Post that the concerned authorities including Gardai and Data Protection Commissioner were notified.

The Reason of Data Breach was Spamming

According to the reports database of company may have been harvested for spamming purposes. Users were receiving spam emails and advised not to reply, or comply with any requests for information such as bank account details. No other data, including CVs, usernames or passwords had been compromised, according to the website.

The company’s spokesperson said, “We take this incident and any attempted breach of our database extremely seriously” He also added that investigation is being done both internally and externally.

How Alertsec Xpress Would Have Helped

Although organizations world over are waking up to security issues, there is still a lot of work that needs to be done. Our idea at Alertsec has always been to create awareness about the massive impact of breach issues. We can only hope that after such cases of data breach, data security will become the key agenda for companies. They will start securing their organizational data by bringing in policies, using new software and improving their current practices.

This news exemplifies the need for data protection applications like Data encryption software and Laptop encryption. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

400,000 email addresses exposed by Irish recruitment website hack (nakedsecurity.sophos.com)
Recruitireland Website compromised .. (politics.ie)
Self-encrypted drives set to become standard fare (macworld.com)
Self-encrypting discs will lock down your data (newscientist.com)

No comments »

Posted in data breach

Tags: Cryptography Data Protection Commissioner Encryption file encryption security Spam TrueCrypt Website

Anthem Blue Cross Data Breach Incident

June 27th, 2010

If you had filed an insurance application at Anthem Blue Cross and your application was pending, there is every bit of chance that your sensitive information including Credit Card details and Social Security number were exposed.

As per the information published in a latest article on Orange county website, over 200,000 Anthem Blue Cross customers received letters in 3rd week of June which informed them about possible breach of their personal information due to a suspected attack on the company’s website.

The company is contacting customers whose application status was pending since the information was viewed through an on-line tool that allows users to track the status of their application.

According to the officials at Anthem Blue Cross:

“The ability to manipulate the web address (URL) was available for a relatively short period of time following an upgrade to the system. After the upgrade was completed, a third party vendor validated that all security measures were in place, when in fact they were not. As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again.”

Obviously the victims are angered by the incident,

47 year old, Hal Ziegler of Mission Viejo said, “There’s not one place that has more information on you than your health insurer,”. “It’s the absolutely most personal level of information all the way down to Social Security numbers. That would be about the last place I would want someone to gain access.”

57 year old Luckett who bought an individual policy in February said, “I’m thinking this is the 21st century”. “I expect this company, Anthem Blue Cross, to protect my information.”

In return the Anthem officials have apologized and have offered to provide a free one year of identity protection service to potential affected customers.

Data Security with Alertsec Xpress

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or senstive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Anthem Blue Cross Illegal Access (mytotalmoneymakeover.com)
230,000 Californians Warned In Anthem Blue Cross Data Breach (palisadesystems.com)
Anthem Blue Cross Website Security Breach Exposes 200,000+ Customers’ Personal Information (spectrum.ieee.org)
Anthem Blue Cross glitch exposed personal data (seattletimes.nwsource.com)

No comments »

Posted in Data Protection, data breach

Tags: Anthem Blue Cross Credit card data insurance security Social Security Social Security number Website WellPoint

March 2010: Security News Round-Up

March 30th, 2010

As we come to the end of yet another interesting month in 2010, we look back at some of the major developments in the field of IT & Computer Security in March.

So here is a quick wind-up of all the events that kept the security analysts busy:

Hackers bypass Captcha: In a shocking incident, the highly secure captcha system was broken by US based miscreants. The impact of the attack was huge, with the fraud value of the event being estimated at $25 million.
Review of our Laptop Encryption Protection: Next, we talked about our full disk encryption which is superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.
Hack attack on St. Louis Police: Next in line was another shocking incident, a malicious attack on police department came to light. The name, address and social security number of about 24 victims was revealed.
UK Tops Cyber Security: This is a piece of news which would made have our friends in UK certainly very proud. A report released by House of Lords committee analyzed and encouraged how the United Kingdom has geared up towards the defence mechanism in the Cyber space.
Some of Our Happy Customers: We showcased the words of praise from some of our happy customers.
Alertsec Xpress is a very easy and convenient service which enables us to secure valuable information on our laptops. Through the Alertsec Xpress service our laptops are secured in just a few minutes.
New ICO Penalties from April: The Information Commissioners Office (ICO) will be rolling out new penalties starting first week of April, the level of financial penalty is set to rise to a maximum of £500 000 (from £5 000), for those companies who do not comply with the Act.
Brazil, India & Korea top the Spam Sending Chart: In terms of percentage spam, Brazil topped with 13.76% of spam, while India came in second with 10.98% and Korea was at third position with 6.32% of spam expressed as percentile of total messages analysed.

No comments »

Posted in Alertsec Express, Hackers

Tags: Abuse CAPTCHA Computer security microsoft security Ticketmaster United States Website

Preventing Twitter Outage

February 3rd, 2010

If you are a twitter user, how many times have you seen the above image? Well if you do use twitter regularly, chances are that you would have noticed it in several cases.

In an age, where we are talking about high quality computer security software & encryption software, hack attacks on twitter are major cause of worry for its 45 millions users.

Let us look at some of the reasons that led to Twitter’s breakdown !

The Cause

The hijackers defaced twitter by temporarily compromising twitter’s DNS records. Following screen grab shows the DNS hijacking as recorded via the PassiveDNS systems. The host www . mowjcamp . org was hosting the defacement.

While on one side, we can blame twitter for not being awake to the situation at the same time, part of the crisis can also be attributed to volumes of noise being contributed by the users.

There have been hacker attacks on the domain name system (DNS) servers that enable access to Twitter’s website disrupted service for many users, which directed them instead to a web page declaring “This site has been hacked by Iranian Cyber Army.” In the wake of the attack, which was fended off within hours, many fingers are being pointed at Twitter’s DNS provider, Manchester, NH-based Dyn Inc

Twitter will need to try and find the root cause of the denial-of-service attack, or more importantly build a more robust infrastructure with controls in place to withstand future DoS attacks.

Today’s article on Mashable highlights Twitter’s explanation on recent phishing attacks. Twitter blamed the outage on changes made to the company’s DNS (Domain Name System) records, which had matched the domain name with the IP addresses of its servers.

On its status page, Twitter said, “Twitter’s DNS records were temporarily compromised but have now been fixed. We are looking into the underlying cause and will update with more information soon”.

Stopping the problem

It is not that folks at twitter are not doing anything to stop this issue:

Recently, twitter has a security upgrade – which disables links to hacker websites.
As a user, be careful about what you are posting, it could be a small family picture even. If there is a slightest of doubt in your mind, simply remove the information rather than exposing it to the public world.
A larger chunk of security experts say that you cannot stop a DDos attack as it is certainly difficult to respond in real-time to massive server requests from large ranges of IP addresses. However, there are select tools/services which can be utilized for reducing the resolution time. A nice list for the same is available at – http://staff.washington.edu/dittrich/misc/ddos/
If you want to block or stop a DDoS attack, a commonly used tactic is through a network sniffer device which allows observation of offending IP addresses before they it hits your web servers.
Again as a user, never use same passwords on all social networks.
Like we talked about in Joomla’s case in the last article, be careful while installing 3rd-party twitter applications.