Personal Info on 45,000 Stolen from State Street

May 31st, 2008 by Agent Smith (0) DLP, Data Theft & Loss, Identity Theft, In the News, endpoint security, security breach

The State Street corporation has recently made public a security breach affecting 45,000 customers and employees. Five months ago, the company discovered computer equipment storing personal information had been stolen from one of its units. The records contained by the equipment in question included names, addresses and social security numbers.

According to CNBC, the company, a Boston-based provider of financial services to institutional investors, said 5,500 employees and 40,000 customers of Investors Financial Services, which it acquired last year, were affected.

State Street said there was no evidence the data had been misused, but it declined to say if the stolen equipment had been recovered. It is working with federal and local law enforcement agencies on the matter.

UCSF Takes Breaches Seriously

May 31st, 2008 by Agent Smith (0) DLP, Data Theft & Loss, Identity Theft, In the News, security breach

The University of California San Francisco decided to prevent a group of patients that it discovered a security breach involving a computer storing personal patient information. Although there is no proof any patient files were ever accessed, UCSF gave this incident high importance and responded with the highest level of caution and concern.

According to the UCSF news office, the breach was discovered during routine monitoring of the campus computer network that took place on January 11, 2008. At that time, IT personnel noticed unusual data traffic on one of the university’s computers and immediately removed it from the network to prevent all possible damage.

During the investigation, UCSF determined that an unauthorized movie-sharing program had been installed on this one computer on or about December 2, 2007, by an unknown individual. Installation of this program required high-level system access, which is why the incident is considered a security breach.

Former NYU Students Exposed to Identity Theft for a Year

May 31st, 2008 by Agent Smith (0) Data Theft & Loss, Identity Theft

Duke University’s Fuqua School of Business has been notifying 273 former New York University students that some of their personal information could have been easily accessed trough specific Internet searcher for almost a year, July 2007 and April 2008.

According to the News&Observer, the data someone could have retrieved on those affected included names and Social Security numbers and was stored in the faculty member’s research records. The article also quotes Duke officials stating no form of unauthorized access or use of the personal information has been identified.

The personal information was removed from Fuqua’s public drives within 30 minutes of the school becoming aware of the problem on April 30. Within hours, all major search engines had cleared their caches and indexes of the student information, the press release states.

A New Approach to Stealing Identities

May 31st, 2008 by Agent Smith (0) Data Theft & Loss, Identity Theft, In The Spotlight, In the News, security breach

Research company Gartner is about to release it’s new forecast showing us what security threats we’ll be dealing with in the future. To raise interest in their soon to come data, they’ve given away some of the details, as a teaser that seems to be working great. Their statements have been also reported by Dark Reading.

What is really interesting here is their view on where new threats will emerge. Hackers and all types of wrong doers will target all things shared and social. While this will be mostly to facilitate the quick spread of malware, social networks will also be targeted to obtain credentials. So beware what personal data you post on your social profiles, make sure you find out how your email passwords are handled when you import contacts or send out invitations. Try these easy steps to make sure your identity isn’t then misused.

Our blog will fill you in with other interesting findings as soon as the official Gartner Forcast hits the market, so see you all soon!

Malware Infected Giveaways at Security Conference

May 30th, 2008 by Agent Smith (0) In The Spotlight, In the News, Malware Infections, endpoint security, security breach

One would expect security to be a major concern for those advertising at and attending security conference. But reality shows otherwise. Integrated telecommunication provider Telstra distributed malware-infected USB drives at the 2008 AusCERT security conference.

According to SerchSecurity, as soon as the security issue was discovered, the USB drives have been recalled. The AusCERT security conference was attended by up to 1200 delegates, all of them potentially exposed to a serious infection.

IT Security journalist Davey Winder states security problems at such conferences are no longer surprising. In a blog post published on DaniWeb, he provides insight on how potential breaches are facilitated at security events:

I have lost count of the number of such events where I have been able to quickly scan and detect numerous unsecured wireless networks and where ‘researchers’ attend with the express intention of finding such security holes and jumping in with both feet to see what resources can be compromised. Often it is the people who should know best who seem most liable to suffer from complacency, and security conferences are a great example of this genre of should have known better syndrome.[...]
So you could say I am not easily surprised, but what does surprise and rather shock me about this particular case in Australia is that the USB sticks being distributed by a large telco were apparently pre-owned, second-hand ones. I mean, how cheap do you have to be to use pre-owned USB sticks? These things are so cheap brand new that you will be finding them in Xmas crackers soon…