That’s what HM Revenue & Customs seems to be doing these days. They have taken the credit details of over 50,000 individuals claiming tax credits and mistakenly sent them out in the post. The result was that each one of the claimants has received their annual tax credit award notice, along with the private details of someone else.
Yearly earnings, parts of bank accounts, insurance numbers and names have all been sent out randomly to claimants. Yet the HMRC claims they will apologize and no IT theft could have resulted from this!
“Unfortunately an error has occurred in one of the tax credits print runs, causing some customer information to be wrongly formatted,” said a spokeswoman.
“Investigations are under way to identify the cause of the problem and we will be contacting affected customers in writing this week, apologising and providing a corrected award notice.”
Let’s hope that all claimants are moral, law abiding citizens and that the information is indeed to little to be used in any wrongful way! Yet the apology is still in order and a thorough analysis should follow the initial one that stated there were no ID theft risks!
UK: Information Commissioner’s Office reports that the NHS has disclosed 305 security losses, as the amount of breaches tops 1,000
Over more than 1000 data losses for the NHS. This is a new record.
Of which alone 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
The Information Commissioner’s Office has warned organisations that they need to minimise the risk of mistakes, as the amount of losses reported tops 1,000.
The ICO claimed that staff need simple procedures on how to handle personal information with appropriate training to ensure the importance of securing it is fully understood. It also said that it is essential that the protection of people’s personal information is part of organisations’ culture and DNA.
An ICO report revealed that 254 breaches were as a result of information being disclosed in error, 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
A further 83 were due to a technical or procedural failure and 59 were lost in transit. A breakdown of companies revealed 305 incidents were recorded by the NHS, 288 in the private sector and 132 by local government. Only 81 incidents were the result of central government.
David Smith, deputy commissioner at the ICO, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands.
“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it.
“We are keen to work with organisations to prevent breaches happening in the first place and to help ensure that things are put right when they do go wrong.”
Source and full article: SC Magazine
An Edmonton travel agency is currently investigated for credit card fraud after complaints of foul play totalling over 50,000 US dollars have been reported by former customers. According to the ongoing police investigation of the Canadian travel company, a former employee has been charged in the case, but other charges might still be pending, involving other prople related to the agency.
While the information is still foggy, it is clear that there have been about 11 reports from ex-customers who have used the agency’s services and then noticed unauthorized usage of their credit cards. The initial complaint came from a customer who had found out that almost 20,000 USD had been charged to his card. Subsequent complaints raised the total abount to 50,000 USD.
It is unclear how many credit card accounts had been stolen, as the agency personnel had access to all this data. The police investigation might be able to reveal who’s to blame and how many people were affected by this data theft.
The in-the-cloud data loss prevention and endpoint security solution developed by CoSoSys has just been launched on the Japanese market by their local partner, Uptown Inc. For those new to the Security as a Service world of endpoint security, My Endpoint Protector is the world’s first software as a service application for device control and data loss prevention that helps companies manage internal and external threats effectively, thus dodging the overwhelming threats harbored by the broad use of portable storage devices and at the same time avoiding to put unnecessary pressure on IT departments and budgets.
My Endpoint Protector’ main benefits include:
- Proactive protection against data loss, data theft, data leakage and malware infection by controlling the use of portable devices
- Protection for Windows PCs (7 / Vista / XP) and Mac OS X
- Effective device management and control by defining specific usage rights for both devices and employees accessing the network
- Centralized Web-based interface for ease of management and reporting, plus real-time monitoring of devices
The 28,000 members of the Los Angeles Firemen’s Credit Union are in danger of having their private information exposed. The CU has recently notified them of a potential data breach generated by a file transfer. They believe that a small percentage of the members might be affected by an improper file move during the CU’s change of location.
Data that might have been compromised includes members names, addresses, phone numbers, account numbers, social security numbers and other identifiers. Mentioning their state of the art technology and protocols for member validation, the CU tried to reassure their members and diminish the impact. The truth of the matter is that there is enough information to compromise other accounts or memberships the affected individuals might have that do not have the very same technology.
The now very common measure to ensure free credit monitoring for two years is in place for the LA Firemen’s Credit Union members, along with a nice promice of practice review for future file transfers. Let’s all hope they don’t need it!
Endpoint Protector for Device Control explained in plain English
You can try it yourself today. Visit www.EndpointProtector.com