Data breach exposes records of 1.8 million New York utilities customers

January 26th, 2012 by Agent Smith (0) Data Theft & Loss,endpoint security,Identity Theft

A data breach affecting 1.8 million customers of two New York utilities companies has recently been made public by the New York State Public Service Commission. The investigation into this data breach was initiated after an employee from a third party IT company contracted by New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) was given unauthorized access to the company’s databases.

It is not clear if accessing the customer databases had any malicious intent, both affected companies claiming there was no proof of any data having been misused as a consequence of the breach. But, to stay on the safe side, they have decided to send out notifications regarding the data access, as it exposed Social Security Numbers, dates of birth and financial account information, as shown in the official press release sent out by the NY Commission. Read more

EasyLock 2 – Cross-platform portable data encryption solution from CoSoSys

January 26th, 2012 by Agent Smith (0) Data Encryption,Security Voyeurism,Sneak Peeks

The biggest challenge of securing modern IT infrastructures is to protect networks that mix different platforms and operating systems. CoSoSys has always considered this challenge when releasing a new version of their endpoint security and data loss prevention solutions, making them available for Windows, Mac and Linux. The same holds true for the freshly released EasyLock version 2, the software developer’s portable data protection solution.

This enhanced new version offers full support for cross-platform data encryption between Windows, Mac OS X and Linux openSUSE and Ubuntu. EasyLock 2 comes with military-grade protection for data stored on USB flash drives and other portable storage devices through its 256bit AES encryption. It also allows cross platform mobility by enabling users to protect their files when in transit and to easily access them on different operating systems. Read more

Zappos and Amazon face consequences of data breach

January 24th, 2012 by Agent Smith (0) Data Theft & Loss,Identity Theft,In the News

When you are the lead artist of a security mishaps that ended up in a data breach affecting some 24 million people, consequences are bound to catch up with you. And they just have caught up with shoe retailer Zappos.com and the bigger online fish behind them, Amazon.com. The two companies are being sued by the customers affected by the data breach, being accused of negligence.

A woman from Texas seems to be the main promoter in this Kentucky lawsuit. She claims that she and millions of other customers were harmed by the exposure of their personal account information. Zappos and Amazon have not commented on the lawsuit as of earlier today. Read more

New report says cyber-attack risk to global stability is great and very real

January 13th, 2012 by Agent Smith (0) In The Spotlight,Research and Studies,security breach

Security professionals fear cyber-attacks and warn ab0ut them every chance they get. Countries all over the world are trying to put up the best cyber defenses technology advancements can buy, but it does take a well established institution in the field of global economy to actually make us all tremble and finally believe cyber attacks pose a great threat to global stability.

The World Economic Forum’s (WEF) Global Risks for 2012 report places cyber-attacks against governments and businesses among the top five risks in the world to global stability, in terms of likelihood. Cyber-attacks come right after income disparity, fiscal imbalances, and the rising greenhouse gas emissions, shows the report released in WEF’s annual conference held in Davos, Switzerland. Read more

Ramnit worm steals 45000 Facebook users’ credentials

January 9th, 2012 by cristina (0) Data Theft & Loss,In the News,In The Spotlight,Malware Infections

The Ramnit worm, first discovered a year and a half ago, a malware that used to target online banking and FTP credentials, makes victims among UK and French Facebook users.

A new version of the worm managed to steal more than 45000 Facebook usernames and passwords and tried to attack the e-mail accounts and virtual private networks of affected persons. The worm has sent malicious links to victims’ friends, links that downloaded malware to the person’s computer, which helped spread the worm even faster.

It seems like the attackers are adapting to market tendencies, targeting social networks rather than traditional communication means (such as email).

For more details, you can read the techweekeurope.co.uk report.

Security audit reveals Department of Taxation internal breaches

December 18th, 2011 by Agent Smith (0) DLP,endpoint security

The US Department of Taxation (DOTAX) decided to take a closer look at how their systems work this year. The process of evaluation included a security audit which lead to discovering internal security breaches dating back to 2008. DOTAX celebrated the three years of undiscovered breaches by putting employees of the Hawaii DOTAX on administrative leave without pay and starting a comprehensive investigation.

The breaches affected the Department’s computer tax database but no one knows when they occurred, it is suspected they happened at least as far back as 2008.The discovered incidents were immediately turned over to the Department of the Attorney General for review and investigation. Read more

Healthcare data breaches on the rise and costing billions

December 2nd, 2011 by Agent Smith (0) Data Theft & Loss,DLP,Research and Studies

Based on the many stories about data breaches reported by organizations in the healthcare industry, from hospitals to insurance companies and other third-party companies that deal with healthcare data, we could have guessed this is not even close to being a top sector when it comes to data security. A new report released by the Ponemon Institute now brings even further insight into the state of the healthcare industry, showing a spike in data breaches of over 30% and average annual costs of 6.5 billion US dollars.

The “2011 Benchmark Study on Patient Privacy and Data Security,” commissioned by IDExperts, idendified employee error to be one of the main cause for data breaches in hospitals and healthcare providers. These types of organizations in the healthcare industry suffered an average of four data breaches in the past year. Nearly 30 percent of healthcare companies said the breaches they suffered resulted in medical identity theft – an over 25 percent increase over 2010. Read more

British authorities experienced 1,035 data loss incidents

November 24th, 2011 by Agent Smith (0) Data Theft & Loss,DLP

Only 55 of the data loss breaches have actually been reported

If you can’t stop data breaches, at least cover them up! This seems to be the data security code British authorities go by. Too bad for them there is something called Freedom of Information Act requests… A new report issued by privacy campaign group Big Brother Watch showed that councils across the UK experienced over a thousand data loss cases over a three year period – August 2008 to August 2011.

To get the information, the group sent 433 FOIs to local authorities and councils across the Great Britain and showed s shocking discrepancy between the reported 50 something incidents and the harsh reality. Not only did BBW uncover the data mishandling cases, they also requested information on what happened to the employees of said councils – if they had been disciplined, fired or prosecuted over the data breaches -, and inquired about the council’s response to each incident. Read more

Steam hit by hackers. Are all their 35 million user accounts breached?

November 14th, 2011 by Agent Smith (0) Data Theft & Loss,Identity Theft,security breach

Almost two weeks ago, we revealed the major changes that had happened this year in the major data breaches top of all times. 2011 was leading in what the number of high profile of breaches is concerned. The top might change once more, ensuring an even stronger position for the current year as hackers hit Steam, a gaming giant that is home to 35 million user accounts.

What we know so far is that the Steam customer data base has been indeed accessed by hackers.

“We learned that intruders obtained access to a Steam database in addition to the forums,” said Gabe Newell, co-founder and managing director of Steam parent company Valve. “This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.”

UK’s ICO takes serious measures to enforce data protection

November 8th, 2011 by cristina (0) Data Encryption,Data Theft & Loss,DLP,endpoint security,In the News,In The Spotlight,Laws & Standards,security breach

The ICO conducted an investigation on a case of hardware loss in May at the Rochdale Metropolitan Borough Council. The incident consisted in the loss of an unencrypted memory stick by a Council’s finance department employee, stick which contained names, addresses and payment details for 18.000 residents. The missing hardware was not found to the date.

The investigation concluded that the Rochdale Council has breached the Data Protection Act by not providing employees with encrypted memory sticks (although it was a known fact that these devices would be used to transfer private information) and by not training their employees to properly use portable devices for work purposes.

Sally Anne Poole, ICO’s head of enforcement qualifies this mishap as ‘unacceptable’ and says ‘This incident could have been easily avoided if adequate security measures had been in place.’ in a quote by eWeek.

The measures taken by the ICO in this case consist of signing an undertaking of actions to take to implement data protection policies by 31^st March 2012.

Let’s hope that more than one private data handling organization learns from this incident and encrypts their portable devices using proper solutions.