The latest local authority to contravene the Data Protection Act after losing sensitive information is the Cambridgeshire County Council. According to the Information Commissioner’s Office, an unencrypted memory stick containing personal information on at least six “vulnerable adults” has been lost by the council.
This breach occurred just after the council had launched an internal campaign designed to highlight the importance of personal information, thus putting the council in a shady position.
“While Cambridgeshire County Council clearly recognises the importance of encrypting devices in order to keep personal data secure, this case shows that organisations need to check that their data protection policies are continually followed and fully understood by staff,” said ICO enforcement group manager Sally Anne Poole. “We are pleased that Cambridgeshire County Council has taken action to improve its existing security measures, and has agreed to carry out regular and routine monitoring of its encryption policy to ensure it is being followed.”
Fines of £80,000 and £70,000 have also been applied to the Ealing Council and Hounslow Councils earlier this month, after the loss of 1000 private records by the first council and 700 by the second.
Recent research involving solid state drives have revealed the fact that sometimes files stored on such drives are impossible to erase using traditional disk-erasure techniques. According to this research, as much as 75% percent of the data may still be present on the drive in question after erasure.
This difficulty comes form their radically changed internal design: SSDs use computer chips to store data and employ a flash translation layer (FTL) to manage the contents. This FTL component frequently writes files to new locations and updates its map to reflect the changes. Read more
The UK government decided to invest £63 million in fighting against cyber crime for the next four years. This is but a part of the £650 million funding allotted to national cyber security, according to recent reports. Home secretary Theresa May, has revealed the amount at an informal meeting with the interior ministers of France, Germany, Italy, Poland and Spain, said a report on eGov monitor.
The Strategic Defence and Security Review last October marks the point when the UK government first stated its intention to get tough on cyber crime. Downing Street pledged a further £500 million to a national cyber security program despite having decided to cut budget in other areas. Read more
US identity fraud losses went down last year by 28%, with the total number of 2010 victims going from 11 million a year before to 8.1 million. The estimated amounts also went down from $56 billion in 2009 to $37 billion in 2010, according to an annual study by Javelin Strategy & Research. These figures appear to be the lowest in the last 8 years.
The average loss per victim went down from $5,000 in 2009 to $4,600 in 2010, the drop being directly linked with the decrease in identity fraud, according to Javelin. Research data also shows 26 million records have been exposed in 404 reported breaches during 2010, compared to 221 million records in 604 breaches during 2009. Read more
As result of a court settlement, three credit report reselling companies – Washington state-based ACRAnet Inc. and SettlementOne Credit Corporation and Statewide Credit Services of California – have agreed to obtain independent security audits every other year for the next two decade. Also more comprehensive security programs designed to protect the confidentiality of the consumer data they sell will be developed.
The three companies use credit information to create special reports which are then delivered to mortgage brokers. These resellers of credit information have been charged with lack of security, fact that lead to allow security breaches exposing sensitive consumer information. Read more
A security problem that allowed malicious web sites to access personal user information without their explicit permission has just been fixed by Facebook. This flaw has been reported by Rui Wang and Zhou Li, two student researchers.
According to Graham Cluley, senior technology consultant at Sophos, the security lapse could let malware spread between users,and abuse data as it goes by impersonating a legitimate site that already has the permission to take information.
“According to Wang and Li, it was possible for any web site to impersonate other sites which had been authorised to access user data, such as name, gender and date of birth,” he said. “Furthermore, the researchers found a way to publish content on the visiting users’ Facebook walls under the guise of legitimate web sites, a potential way to spread malware and phishing attacks.” Read more