The US State Department Lost 1,000 Laptops

May 30th, 2008 by Agent Smith (0) DLP,Data Theft & Loss,endpoint security,security breach

A recent audit at the US State Department has revealed the loss of over 1,000 laptops. Although an official statement has not been made regarding the content of the missing laptops, some are believed to be storing classified information. According to Vnunet, the problem has been reported since February, but apparently has not received the necessary attention.

Around $30m worth of computing hardware is “unaccounted for”, the bulk of it laptops. These include over 400 from the Anti-Terrorism Assistance Program, some containing security material.

The situation has been compared to the loss of a laptop by the Veterans Administration in 2006 which held personal details on 23 million veterans.

Breach at New York Bank Exposes Millions to High Risks

May 29th, 2008 by Agent Smith (1) DLP,Data Theft & Loss,Identity Theft,endpoint security,security breach

According to data recently released Attorney General Richard Blumenthal, a storage company for a New York bank lost an unencrypted backup tape containing Social Security numbers and bank account information belonging to hundreds of thousands of Connecticut consumers and personal information of millions more nationwide.

NorwalkPlus.com reports that the Connecticut consumers were depositors and investors of People’s United Bank of Bridgeport, which gave Bank of New York Mellon the information to allow it to offer those consumers an investment opportunity.

Blumenthal urged Bank of New York Mellon, which lost the information in February, to provide affected consumers with credit monitoring and other identity theft protections, and to also provide them with full details on how the loss occurred.

“I am alarmed and deeply concerned by a recent and serious data breach at The Bank of New York Mellon (‘BNY’) involving the loss of computer backup tapes containing sensitive information of some 4.5 million consumers, including People’s United Bank account holders and shareowners,” Blumenthal said in his letter. “Several hundred thousand Connecticut citizens may be affected, and possibly more, by this loss of highly significant personal information.

Student Uses Flash Drive to Steal Personal Info of 55,000

May 29th, 2008 by Agent Smith (2) DLP,Data Theft & Loss,Identity Theft,In the News,endpoint security,security breach

A 15 year old student living in Chester County has been accused of hacking into the computer system of the high-school he was attending and of stealing information from over 50,000 individuals. The information stolen by the Downingtown West High School student contained names, addresses and social security numbers.

The teenager, whose name has not been made public given he is a minor, is believed to have used a flash drive to store the private records belonging to about 40,000 taxpayers and 15,000 students, police said.

According to NBC10.com, this is not the first such incident in the area:

The incident marked the second time a student has hacked into the school’s system since December. The district said it had tightened up security since the late 2007 breach.

School officials sent a letter explaining the incident home with students and posted it to the district’s Web site.

Identity Fraud on the Rise in the UK

May 29th, 2008 by Agent Smith (0) Data Theft & Loss,Identity Theft,In the News,security breach

The Experian credit reference agency has just released new data on identity fraud in the UK. According to their report, this phenomenon was marked by an incredible increase in 2007, affluent Londoners being particularly at risk.

Experian based this conclusion on the fact that it received identity fraud reports from over 6,000 victims in 2007, compared with only 3,500 in the previous year. Experian also pointed out that the reported frauds are only a small part of those actually happening. Experian actually used 10,000 identity fraud cases to define victim profiles and to identify ID crime hotspots.

The new data, quoted by the Register, shows London residents were twice as likely as others UK residents to be exposed to identity fraud. The Register also reproduced the most common profile of identity fraud victims:

The typical identity fraud victim is aged between 26 and 45, earns more than £50,000 a year and tends to be a homeowner. Higher income earners are three times as likely to fall victim to identity fraudsters. Many victims realized they had been swindled after spotting dodgy transactions on credit monitoring reports.

The US and Romania, a Perfect Team

May 27th, 2008 by Agent Smith (0) Data Theft & Loss,Identity Theft,In the News,Laws & Standards,security breach

It looks like Romanians and US citizens are really great at teaming, regardless of their intentions. While a team of 22 Romanians and 9 Americans got together to create a credit and debit card fraud ring, the US and Romanian authorities, helped by other countries, collaborated on catching them. SecurityFocus covered the story, but their numbers are a bit blurry. They speak of 33 individuals being charged on this issue, but for the live of me I can’t tell who the other 2 are. Maths mistake or 2 more of different citizenship?

The members of the fraud gang allegedly used spam e-mail messages to get their victims to visit a fake website, where they were urged to enter in financial details. The U.S. members of the group used the gathered information to create counterfeit credit and debit cards, then stealing millions of dollars from thousands of cards.

“International organized crime poses a serious threat not only to the United States and Romania, but to all nations,” Deputy Attorney General Mark R. Filip said during a press conference in Romania, according to a statement announcing the indictment. “Criminals who exploit the power and convenience of the Internet do not recognize national borders; therefore our efforts to prevent their attacks cannot end at our borders either.”