Blue-Cross Discovers it is One Laptop Short 3 Months Later
The Western New York branch of the Blue-Cross Blue-Shield has recently discovered one of its laptops containing private information of about 40,000 of its members has gone missing sometime in November 2007.
According to WIVB TV, Blue-Cross started notifying its members they run the risk of having their identity stolen. Furthermore, they are offering credit checks for all affected members and taking steps to make sure it doesn’t happen again.
I guess they are now considering some serious endpoint security and DLP solution implementation. Especially if it takes them 4 months to even notice their sensitive data is missing.
Thumbnail Drive with Data of Job Seekers Lost
A company hired by the Nevada Department of Public Safety to do background checks for 109 job applicants managed to loose the private data of said job seekers. According to an article in Chron.com, their private records were stored on a thumbnail drive owned by one of the hired firm employees.
Following this incident, the Department of Public Safety has temporarily suspended the use of outside vendors for background checks while it is reviewing all its processes and procedure.
Builders of London Olympics Site - Biometricaly Authenticated
All workers involved in building the London Olympic site for the 2010 games will go through a thorough biometric authentication process. The biometric screening will consist of a two-tier process, reports the Times, palm-print reading and face recognition. A total of 100,000 workers will have to comply with this security requirement until the completion of the Olympic site. If the system works, it might also be used for stadium ticket holders.
The biometric screening project is on the other hand already rising serious questions about the level of protection it can provide for private data:
The use of biometrics is part of a £354 million strategy to secure the 500-acre Olympic Park during its construction, which starts in June. But it has raised concerns about data protection among unions and civil liberty groups.
Alan Ritchie, general secretary of Ucatt, the main construction union, said: “We do not foresee a problem, providing the ODA [Olympic Delivery Authority] guarantee that the biometric data will not be passed on to any third parties and will be wiped once the project is complete.”
The methods employed to prevent data losses, theft or security breaches aren’t clear for now. I’d recommend a thorough analysis of what endpoint security and DLP solution will be chosen to make sure biometric data is not lost or stolen before its final deletion at the end of the project.
Laptop with Private Data Stolen from Kraft Foods Employee
A laptop has been recently stolen from a Kraft Foods staffer doing some business traveling. The computer in question contained the private data of 20,000 US-based employees who were then informed they ran the risk of having their identities stolen.
According to Kraft Foods spokesman Cathy Pernu, quoted by Quad-City Times, the theft was reported in mid-January. The data stored on the stolen laptop was to be transferred on a different computer. It contained employee names and it is possible to also have stored social security numbers. Kraft on the other hand believes the private records were not obtained by anyone and then state the stored information wasn’t used for any malicious purposes.
The company is now trying to offer retroactive protection to those affected. It seems protecting data pro-actively would have had better results:
We have contacted people whose names were on the computer, by letter, offering as a precaution, free credit monitoring … to help guard against improper use of personal information. It is a two-year program,” she said.
Only those who were potentially affected and received letters are being offered the credit monitoring program through TransUnion.
US Government Agencies Have Higher Security Levels
Although US government agencies fall short when it comes to protecting private data, apparently their level of security has been improved throughout 2007 according to their compliance analysis to the Federal Information Security Management Act (FISMA) of 2002. This is the core finding of a report recently issued by the Office of Management and Budget and quoted by ScurityFocus.
The Inspectors General for 22 of the 25 agencies required to comply with FISMA inventoried at least 80 percent of their systems in 2007, compared with 20 agencies that had reached that milestone in 2006. While an improvement over the previous year, only two-thirds of the IGs claimed that their auditing processes were rated “satisfactory” or better.
The increased awareness of their systems have also caused the agencies to report more attacks, the report stated. In 2007, incidents reported to the US Computer Emergency Readiness Team (US-CERT) jumped to 12,986, an increase of 150 percent over the previous year. While nearly a third of the incidents were alarms created by the US-CERT’s EINSTEIN network monitoring system and remain uncategorized, about a quarter were classified as improper usage and about 15 percent classified as unauthorized access, according to the OMB report.
OMB identified the four stars of the compliance efforts as being the National Aeronautics and Space Administration (NASA) and the Departments of State, Treasury and Defense, all doing a great job at complying to FISMA. The Department of Defense however did not do that great. It looks like security policies and compliances fall short for this particularly important agency.
Private Records of 500 Seniors Lost or Stolen
One would think that in our world of subsequent technological breakthroughs, where kids are born with computers, iPods and Facebook within reach, people would choose some other means of transporting private records than having it printed clearly on paper and mailing it in an envelope. Apparently, if you think like that, you’re wrong.
As Boston Herald reports, personal information of nearly 500 seniors who received flu shots in Wellesley has been lost or stolen. When the envelope containing their private records reached a Medicare office in Boston torn and void of any data. The Postal service is still trying to figure out what has happened there. Seniors will now receive snail mail announcing them that their social security numbers, addresses and dates of birth might have been exposed. I wonder, will these envelopes reach them?
