The job site Monster.com has recently announced its database has been breached, but the number of those affected is still unspecified. The site has however admited that the breachers accessed job seekers’ names, phone numbers, e-mail addresses, log-in names and passwords.
“Immediately upon learning about this, Monster initiated an investigation and took corrective steps,” the company said in its statement quoted by SecurityFocus. “It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.
According to SecurityFocus, the Web site, run by New York-based Monster Worldwide, released very limited details on the breach. The however made a point in explaining that the intrusion did not compromise any Social Security numbers or personal financial details, as the company does not generally collect them. The Monster.com’s government client, USAJobs.com, has also been affected by this breach and immediatelly posted a notice.
This is not the first breach affecting the job seeking site. In August 2007 the company released information about a then discovered and terminated breach that affected 1.3 million users. Let’s hope the numbers are lower this time and that they’ll take better care for their database security in the future.
Portable storage device applications and endpoint security solution provider CoSoSys has just risen the red flag regarding Netbooks. As they explain, although treandy gift and excellent PC replacement for all offices, netbooks embed serious threats to corporate and individual security. While their seamless connectivity and increasingly large solid state disks (SSD) or traditional HDD capacities can help everyone of us increase productivity while considerably decreasing the weight we carry around, they are also the perfect means for both intentional and unintentional data breaches.
“Corporate IT departments needs to consider Netbooks as a serious issue when it comes to Endpoint Security and they are advised to take control over them as they enter their networks rather than waiting for the first data breaches to happen. Enforcing Endpoint Security policies with Endpoint Protector allows IT administrators to fully control all ports and data transfers from endpoints, including Netbooks, to any other portable device such as USB Flash Drives or External HDDs to prevent data loss” said Roman Foeckl, CoSoSys CEO.
While the CD or DVD drive is no longer a threat, netbooks come with almost immediate access to any data through wireless networks, USB Ports, SD Card readers and other ports, making it extremely easy for confidential details to be transferred in and out of unsecured networks. And if you run a search through our blog to see how many laptops have been lost, stolen and misplaced in the past, we have to also wonder about how much easier it is to steal or lose a much smaller version.
So take this warning seriously and stay trendy and safe at the same time!
Apart from the economic downturn, the year 2008 brought another critical issue to US companies: a nearly 50% increase in data breaches, leading them to lose considerably more sensitive data. According to an Identity Theft Resources Center (ITRC) study quoted by the Register, last year 35 million data records were exposed in 656 admitted incidents, amounting to a 47% increase compared to the 446 data loss incidents reported in 2007.
ITRC also states that about 40% of security breaches are never reported, thus the true number of exposed confidential records is most likely to be far greater than the study suggests.
Computer malware, hacking, and insider theft accounted for 29.6 per cent of recorded breaches, where the root cause of the attack is known. One in six breaches (15.7 per cent) were blamed to insider theft, a figure that’s more then doubled between 2007 and 2008.
The good news is that as education regarding data loss prevention reached more companies, the number of incidents caused by human errors has decreased. But that is a very small light in a highly untrained corporate world, where most reported data breaches involved data unprotected by either encryption or the simplest password protection. Let’s hope for a better protected 2009!
Fashionably late, as the who’s who laws require, electronic payment services firm RBS WorldPay has admitted a breach that exposed 1.5 million payroll and gift card holders exposed to fraud and identity theft. The breach was caused by a group of hackers finding their way to the RBS network and accessing about 1.1 million social security records, along with other private details, reports The Register.
RBS disclosed the breach to law enforcement and regulators on November 10, but waited untill December 23rd to also let those affected know their private data was at risk. Great Christmas gift idea! Yet the company pledges strong commitment to prevent any fraud or identity theft attempts and offers 12 months complimentary membership to a credit monitoring service toall those whose personal information has been exposed by the hackers. Does this mean they will also take a good look at everything going on in their customer’s accounts between November 10 and December 23? 100 payroll cards have already been misused as a result of the breach, but have been deactivated since. We hope the toll does not go up.
I’d like to wish you all a happy, sucessful and above all safe 2009! Hope you’ve had and are still having an amazing holiday and that the new year will bring us all everything we wish for! Happy New Year!