Countrywide Employee Arrested For Stealing Customer Private Data
Californian FBI agents have recently arrested a Countrywide Financial Corp. employee suspected to have stolen personal information about the home mortgage lender’s customers. This new negative event puts a whole new pressure on the company who has been severely affected by the current lending crisis and has also been investigated for fraud.
According to a Computerworld article, Rene Rebollo who was a senior financial analyst for Countrywide Home Loan’s subprime mortgage division, accessed customer data through his work computer and saved it onto flash drives that he then took out of the company. According to the FBI, Rebollo admitted three months ago to have given the private information to third parties. Another man accused of having bought the stolen data was also arrested along with Rebollo.
How much money did Rebollo make from selling the data? Not nearly enough to compensate the minimum 5 years he could spend in jail: 50,000 to 70,000 dollars! Countrywide is now analyzing if he has really exposed the identity of customers and if this is the case, all those affected will be notified.
It would be interesting to see a subsequent analysis of how much Countrywide lost in this affair. But it is hard to determine the costs of a bruised image and shattered trust in the company.
Stay Clear of Computer Threats on Vacation and Business Trips
And how exactly can you do that? CoSoSys has just released version 3.0 of Carry it Easy +Plus which focuses on increased security for security for USB flash drive users that access their data on public PCs like in internet cafés or hotel business centers.
Carry it Easy +Plus 3.0 has a whole range of features on display that are great for road warrior or the luckier ones of us who are vacationing: Website Password Manager, PC-Screen Lock128 bit AES data encryption, Outlook e-mail, contact and calendar sync, File & Folder Sync, No Trace Internet Browsing and much more.
So why do you need such tight security? The official release explains it:
When vacationing or travelling for business, the simplest technology-bound actions on your daily routine can expose you to real threats. Accessing your webmail account in an Internet café or on a different public PC you might run across in hotel business lounges or in airports exposes you to having your login credentials stolen by keyloggers or other malicious applications. The same can happen when plugging in your notebook in an unsecured network.
With the new SafeLogin feature in Carry it Easy +Plus as your password manager, all your website login credentials are stored securely in encrypted format on your portable storage device and automatically entered on any PC without the use of a keyboard. This feature does not only make logging in secure but also more convenient.
US Federal Agencies Welcome Data Theft
After 15 months of investigation into 24 major US federal agencies, the Government Accountability Office (GAO) has release a report showing that key US Departments still don’t take data security seriously. Given the list of breaches we’ve been covering affecting everyone from colleges and hospitals to the US Army, I’d say it’s high time they started!
According to the report quoted by Vnunet.com, around 70 percent of laptops and handhelds used by agency failed to comply with Office of Management and Budget (OMB) rules and didn’t use encryption making the data available to anyone intending to steal it. The OMB rules are not even close to being new, as they decided all federal laptops should be encrypted back in 2007.
“We are recommending that OMB clarify governmentwide encryption policy to address agency efforts to plan for and implement encryption technologies,” said the report.
“We are also making recommendations to selected agencies to properly install and configure FIPS-compliant encryption technologies, to develop policies and procedures to manage encryption, and to provide encryption training to personnel.”
Other practices of extremely low levels of security (or should we say non-existent security) include Nasa employees refusing to deploy encryption software on their laptops and members of the Department of Education who weren’t told encryption software was installed so they of course weren’t using it. From what I know if they’re using Windows, whenever a new program is installed, you have a quite nagging message in your Startup Menu. How patient must one be to simply ignore it over and over again 
Slim Risks, yet HCC Still Warns of Lost Data
Hillsborough Community College programmer’s laptop stolen from a hotel parking lot in Georgia rises identity theft concerns. All the private records the laptop used to contain on about 2,000 HCC employees has previously been deleted and the computer is password-protected, yet fears of someone with sophisticated software retrieving the data made HCC take action.
Spokeswoman Ashley Carl told Tampa Bay Online that the programmer had been working on a payroll project for a group of employees using their names, bank-routing numbers, retirement information and Social Security numbers but had subsequently deleted the data and also emptied the Trash bin.
The college also is looking into acquiring technology that will allow workers to remotely locate laptops and to encrypt computers or disks. In addition, it stressed to employees who use laptops to use extra caution when securing the devices.
HCC officials announced all their potentially affected employees of the threat and advised them to closely monitor their bank accounts. This was indeed a speedy and rather thorough reaction from HCC, especially since their determined to prevent future incidents by deploying and endpoint security solution along with enforcing other IT security policies.
Endpoint Security Strategies for SMBs
SMBs have specific requirements when it come to IT security in general and endpoint security in particular: they need comprehensive policies, high-end technology, all downsized at a larger scale and a fair price. They don’t need cheap and unreliable solutions, they just need the best there is, adjusted to their size.
If you’d like to know more about what the IT security market has to offer, what challenges arise from the current business environment, which are the real threats SMBs face, how to properly asses the costs of a security breach, how easy it is to lose data or have it stolen, read the latest white paper published by CoSoSys, Easy Guide to Comprehensive IT Security Strategies for SMBs - High-End Endpoint Security, Data Loss Prevention and Portable Device Management at a Reduced Scale.
Brand New Security Breach Reported by the US Army
Ever since 2006, several cases of exposed sensitive data surrounding the US Army have kept the newspapers busy. A new such case has recently hit the papers, when a laptop computer was reported stolen from an Ary employee’s truck. The laptop contained personal information on about 900 soldiers from Fort Lewis. The information was released by Lacey police officials and quoted by The New Tribune.
As the theft might expose the Army employees to identity theft risks, the involved soldiers have been notified of the breach, said a post spokeswoman. According to Army officials, the employee, a civilian military personnel specialist, from whom the laptop has been stolen appears to have violeted Army standards and policies for protecting personal information and government property.
The Army is assisting Lacey police with the theft investigation and conducting its own review, said Catherine Caruso, a Fort Lewis spokeswoman.
“We’re not releasing anything more about what information was inappropriately compromised or about the soldiers whose information was involved,” Caruso said. “Clearly it was personal information regarding 800 to 900 soldiers from Fort Lewis. Beyond that, we’d rather not specify.”
Data Watchdog Warns of Poor Data Protection in UK Institutions
Data protection watchdog, the Information Commissioner’s Office has recently confirmed that it has served enforcement notices on two UKgovernmental institutions, HM Revenue and Customs and the Ministry of Defence. The decision, made public in the Information Commissioner Richard Thomas’ annual report comes as a response to high profile data breaches occurring within the twe organizations.
According to IT Week, both departments will be compelled to provide progress reports detailing how they are improving data governance practices.
This piece of news comes shortly after the same office called for European data protection laws to be reformed to make them more business-friendly. The recommendation was made by the same Richard Thomas at the annual Privacy Laws and Business conference in Cambridge. Thomas said existing legislation was out-dated and increasingly ill-suited to the internet age.
Public Access vs. Private Records Protection
The European Data Protections Supervisor Peter Hustinx stated he was unhappy with the proposed law aimed at improving public access to EU documents. The European Commission proposed the law as a means to improve European government transparency.
Yet according to Computing.co.uk, Hustinx is concerned the security measures to protect personal data from public documents are inefficient. His concern was trigger when a reference to possible harm to “the privacy and the integrity” of the individual was deleted from the initial proposal.
“Public access on the one hand and privacy and data protection on the other are fundamental rights which represent key elements of good governance,” said Hustinx.
We’ll just have to wait and see what the will happen, and if the right to right to public access will win the battle, we could recommend some DLP solutions :).
UK SMEs Warned To Improve Security
The Economic and Social Research Council (ESRC) warned that small and medium sized enterprises (SMEs) are most likely to fail at effectively securing their data, which could subsequently lead to compromising a large portion of the UK economy.
Based on figures provided by the Department for Business, Enterprise and Regulatory Reform and quoted by Computing.co.uk, SMEs make up 51.9 per cent of annual turnover in the UK and over 99.3 per cent of businesses of existing businesses.
Meanwhile reported fraud cost UK businesses over £705m in the last six months, 74 per cent up on the same period last year and hitting £317m in April 2008 alone, says research from accountant BDO Stoy Hayward.
Banks and insurance firms saw suffered costs of more than £636m, or 90 per cent of the total cost of fraud in the first half of 2008 and management fraud accounts for 46 per cent of fraud cases, third party fraud accounts for 32 per cent, costing businesses a total of £541m.
Stockbrokers Get Fine for Poor Security
The Financial Services Authority (FSA) has recently fined a firm of stockbrokers for failing to adequately protect their customers from the risk of identity fraud. FSA, quoted by the Register, said the company’s poor security included failing to manage, among others, the risks posed by staff using instant messaging and web-based email.
London-based Merchant Securities Group Limited also failed to verify the identities of customers contacting the firm by telephone. They instead relied on being able to recognize customers’ voices and informally asking them about personal matters such as holidays or hobbies. The firm also had the habit of including private account numbers in routine letters which could then lead to fraud or identity theft.
The FSA also found that back-up tapes containing unencrypted customer information were stored overnight in a bag at the home of a member of staff.
The London-based firm also failed to implement adequate controls “to mitigate the risk of customers’ personal data being transmitted outside the firm by failing to prevent the use of instant messaging and web-based email,” according to the penalty notice (pdf) served by the FSA.
