Hackers Looking to Chat or Spam Expose 2,800 to Identity Theft

Another security breach involving a college has recently been reported. While trying to set up chat rooms or establish a spam sending headquarters from themselves, a group of hackers broke into a library consortium that serves Connecticut College, Trinity College and Wesleyan University.

According to consortium sources quoted by Courant.com, the two breached servers were ocated at the consortium’s headquarters at Wesleyan and were used to store a database belonging to all three colleges. The database included the names, addresses and Social Security or driver’s license numbers of about 2,800 Connecticut College library patrons, 12 Wesleyan University patrons and three from Trinity.

There’s no evidence that personal information was stolen, but affected individuals will be mailed letters with information on how to enroll in an identity protection service. All personal information has been deleted from the database and steps were taken to secure the servers.

Slim Risks, yet HCC Still Warns of Lost Data

July 29th, 2008 by Agent Smith (0) DLP, Data Loss, Data Theft, IT security, Identity Theft, endpoint security, security breach

Hillsborough Community College programmer’s laptop stolen from a hotel parking lot in Georgia rises identity theft concerns. All the private records the laptop used to contain on about 2,000 HCC employees has previously been deleted and the computer is password-protected, yet fears of someone with sophisticated software retrieving the data made HCC take action.

Spokeswoman Ashley Carl told Tampa Bay Online that the programmer had been working on a payroll project for a group of employees using their names, bank-routing numbers, retirement information and Social Security numbers but had subsequently deleted the data and also emptied the Trash bin.

The college also is looking into acquiring technology that will allow workers to remotely locate laptops and to encrypt computers or disks. In addition, it stressed to employees who use laptops to use extra caution when securing the devices.

HCC officials announced all their potentially affected employees of the threat and advised them to closely monitor their bank accounts. This was indeed a speedy and rather thorough reaction from HCC, especially since their determined to prevent future incidents by deploying and endpoint security solution along with enforcing other IT security policies.

Potential Breach Affects 128,000 Saint Mary Patients and Clients

July 28th, 2008 by Agent Smith (0) Data Leakage, Data Theft, IT security, Identity Theft, endpoint security, security breach

Saint Mary’s Regional Medical Center has recently released information about a potential data breach involving one of its databases. The database in question was used Saint Mary’s health education classes and wellness programs contained private records of about 128,000 patients and clients.

The personal information contained details such as names and addresses, limited health information and some Social Security numbers. According to a statement made by Gary Aldax, marketing manager for Saint Mary’s and quoted by RGJ.com, the database did not contain medical records or credit card information.

“What happened was that an unauthorized person may have accessed the database,” Aldax said. “We’re currently working with Equifax, which is one of the three major credit agencies, to help handle this for us.

“In some cases, there were people who had their Social Security numbers (in the database) as well, so we’re sending different letters to people depending on their situation.”

Saint Mary’s has emailed all those potentially affected this month, warning them about the threats they might be exposed to.

Computer Tapes with over 20,000 Social Security Numbers Lost

July 27th, 2008 by Agent Smith (0) Data Loss, Data Theft, IT security, endpoint security, security breach

Several computer backup tapes containing thousands of social security numbers of Tinley Park residents have been lost during a common moving procedure aimed to insure they wouldn’t be destroyed in a village hall disaster.

According to the Chicago Tribune, officials doubt there’s any real chance of identity theft, as the tapes contained 15 year old information. Village Manager Scott Niehaus said letters describing the incident will be sent out to about 19,000 residents and another 1,400 current, former or retired village employees.

Private Data on 300 Vets Stolen along with Backup Server

July 27th, 2008 by Agent Smith (0) Data Loss, Data Theft, Identity Theft, endpoint security, security breach

Burglars breaking into the Minneapolis Veterans Home stole a backup computer server containing private records of over 300 residents. The server stored telephone numbers, addresses, next-of-kin details, social security numbers and other private medical details or the 336 residents, according to the statement of an official with the Minnesota Department of Veterans Affairs quoted by StarTribune.com.

It appears the burglars broke into the facility early on a Sunday. According to Gil Acevedo, deputy commissioner for Veterans Health Care, the thieves also took a tool kit, a laptop computer, a guitar and a computer game, and are unlikely to have targeted the private records.

“We don’t suspect the burglars came in looking for that specifically,” he said. “They broke in, kicked in several doors, and took a series of things. There’s no pattern.”

The case is currently investigated by the Minneapolis police together with the Veterans Affairs department. The residents, their families and credit bureaus have all been informed of the data theft in order to prevent subsequent identity theft and fraud attempts.

Secuirty Threat Caused by Lost USB Sticks

July 22nd, 2008 by Agent Smith (0) Data Leakage, Data Loss, Data Theft, IT security, In The Spotlight, In the News, endpoint security, security breach

Yet another data breach caused by lost hardware has been reported by a governmental institution. The U.K.’s Ministry of Defence (MoD) has released information on 121 USB sticks, including five containing classified information that have been lost or stolen since 2004.

As reported by DarkReading, these troubling figures became public four years later in response to an official question from Sarah Teather, a Liberal Democrat Member of Parliament. They are the latest yet not the only embarrassing breach involving the UK government. The MoD’s missing USBs come after the loss of two disks containing welfare private data on 25 million U.K. citizens and loss of an extensive number of laptops and mobile phones.

“Far from the problem getting better, it seems actually to be getting worse at the moment,” said Teather. “I think that the government has a duty to come clean and say whether or not anyone has been put at risk as a result of this – we need reassuring, for example, that none of our troops have been put at risk.”

The British government’s latest storage snafu comes less than a year after Her Majesty Revenue and Customs (HMRC), which is the U.K’s equivalent of the IRS was at the center of the country’s largest ever data loss.

This recent events begs a mind blowing question: how many such breaches actually happened but were never released to the public? And how long would it have taken until UK authorities informed the public on these national security breaches if there hadn’t been a formal inquiry?

Endpoint Security Strategies for SMBs

July 21st, 2008 by Agent Smith (0) DLP, Data Loss, Data Theft, IT security, Identity Theft, Laws & Standards, Research and Studies, endpoint security, security breach

SMBs have specific requirements when it come to IT security in general and endpoint security in particular: they need comprehensive policies, high-end technology, all downsized at a larger scale and a fair price. They don’t need cheap and unreliable solutions, they just need the best there is, adjusted to their size.

If you’d like to know more about what the IT security market has to offer, what challenges arise from the current business environment, which are the real threats SMBs face, how to properly asses the costs of a security breach, how easy it is to lose data or have it stolen, read the latest white paper published by CoSoSys, Easy Guide to Comprehensive IT Security Strategies for SMBs - High-End Endpoint Security, Data Loss Prevention and Portable Device Management at a Reduced Scale.

Brand New Security Breach Reported by the US Army

July 21st, 2008 by Agent Smith (1) DLP, Data Leakage, Data Loss, Data Theft, IT security, Identity Theft, In The Spotlight, In the News, endpoint security, security breach

Ever since 2006, several cases of exposed sensitive data surrounding the US Army have kept the newspapers busy. A new such case has recently hit the papers, when a laptop computer was reported stolen from an Ary employee’s truck. The laptop contained personal information on about 900 soldiers from Fort Lewis. The information was released by Lacey police officials and quoted by The New Tribune.

As the theft might expose the Army employees to identity theft risks, the involved soldiers have been notified of the breach, said a post spokeswoman. According to Army officials, the employee, a civilian military personnel specialist, from whom the laptop has been stolen appears to have violeted Army standards and policies for protecting personal information and government property.

The Army is assisting Lacey police with the theft investigation and conducting its own review, said Catherine Caruso, a Fort Lewis spokeswoman.

“We’re not releasing anything more about what information was inappropriately compromised or about the soldiers whose information was involved,” Caruso said. “Clearly it was personal information regarding 800 to 900 soldiers from Fort Lewis. Beyond that, we’d rather not specify.”

Data Watchdog Warns of Poor Data Protection in UK Institutions

July 16th, 2008 by Agent Smith (0) DLP, Data Loss, Data Theft, IT security, In The Spotlight, Laws & Standards, endpoint security

Data protection watchdog, the Information Commissioner’s Office has recently confirmed that it has served enforcement notices on two UKgovernmental institutions, HM Revenue and Customs and the Ministry of Defence. The decision, made public in the Information Commissioner Richard Thomas’ annual report comes as a response to high profile data breaches occurring within the twe organizations.

According to IT Week, both departments will be compelled to provide progress reports detailing how they are improving data governance practices.

This piece of news comes shortly after the same office called for European data protection laws to be reformed to make them more business-friendly. The recommendation was made by the same Richard Thomas at the annual Privacy Laws and Business conference in Cambridge. Thomas said existing legislation was out-dated and increasingly ill-suited to the internet age.

Daily Mail Loses Laptop With Staff’s Private Info

July 8th, 2008 by Agent Smith (0) Data Theft, IT security, Identity Theft, endpoint security, security breach

The latest security breach involving a stolen laptop has recently been reported by Northcliffe Media, owner of the Daily Mail. The lost computer contained sensitive information on the company’s employees, such as names, addresses, bank accounts and sort codes of Mail and General Trust staff.

According to company representatives quoted by the Register, the said laptop was password protected but most likely not encrypted. Northcliffe Media warned its staff of the risk they were exposed to advised them to contact their bank in order to prevent future problems.

The letter, signed by group finance director M J Hindley, said:
The likelihood is that this theft was carried out in an opportunistic manner by a thief who will not realise that there is any personal data on the laptop and who may just erase what is on the hard disk in order to disguise the fact that the laptop is stolen.