Plymouth hospital notifies 6000 patients of potential security breach
Last month’s disappearance of a laptop from an employee’s locked car has determined Speare Memorial Hospital in Plymouth officials to send letters to 6000 of their patients, warning them of a potential threat against their private information.
The computer in question contained hospital account numbers, medical record numbers, names, addresses, and other patient and health information. However, no Social Security numbers or other sensitive information like insurance information or credit card information were stored on it. As the laptop and the employee’s desktop computer were synced, technicians were able to determine what exactly was lost. Read more
Data Breaches Down, But Threat Still Real
According to Verizon’s DBIR (Data Breach Investigations Report) issued this year, the number of data breaches in the last years has fallen significantly, but there is still reason to remain vigilant. The numbers show a decrease from 144 million compromised records in 2009 to 4 million compromised records in 2010. The progress is even more significant if we take under consideration the progress since 2008, when 361 million records have been compromised.
This study was conducted by Verizon along with U.S. Secret Service (USSS) and the Dutch High Tech Crime Unit (NHTCU).
“With the addition of Verizon’s 2010 caseload and data contributed from the USSS and NHTCU, the DBIR series now spans 7 years, 1,700-plus breaches, and over 900 million compromised records,” said a post to the Verizon Business Security Blog that accompanied the report.
Edmonton School Board data breach affected 7,000 people
CBC News recently revealed a disturbing privacy breach that happened on March 22, when a USB memory stick, containing private information for about 7,000 employees of the Edmonton Public School Board was lost.
As a result, the school board sent letters to the affected employees, notifying them that their data may have been misused. Read more
Autmattic and WordPress.com Hacked
Servers belonging to Automattic, the company which maintains the WordPress.com platform have recently been hacked via root access. The latest details regarding this breach that is still under investigation comes from an advisory from Automattic. However, the initial findings are quite unsettling for the 18 million publishers hosted by wordpress.com.
“Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed,” the company’s founder, Matt Mullenweg, wrote. “We presume our source code was exposed and copied. While much of our code is open source, there are sensitive bits of our and our partner’s code. Beyond that, however, it appears information disclosed was limited.”
Data breach costs blamed on system failures
A new survey carried out by the Ponemon Institute analyzed data breach experiences of 38 UK companies from 13 different industry sectors. According to this survey, negligence the former primary source of data breaches has been replaced by system failures.
An increase of 13% in data breach costs means that UK organisations will pay £1.9 million or £71 per record. An average cost for these type of breaches cannot be estimated as it ranges from £36,000 to £6.2 million.
The survey also showed 29% of all data breaches are caused by malicious or criminal attacks. This is an increase of 7% in 2010 from the previous year. Read more
Data breaches caused by storage device theft hit again
Printed, stored on computers or on flash drives, your data is just not safe. Your personal details that you entrust to companies you work with, doctors and other third parties will just end up exposed. If you are lucky enough, they might get in the hands of someone who won’t use your address, social security number or card details to harm you on their quest to get fast and easy money. If you’re unlucky, your accounts will just turn empty one day, your identity will be used to commit felonies or crimes and you will have years of paperwork and bad credit records in front of you.
Let’s check the recent data breach news. We have a stolen computer that contained names, ages, addresses and medical conditions of 700 children. Next come rushing in: backup tapes and other media containing cord blood bank customer information stolen from car, which ended up exposing about 300,000 records; and 113 patients’ names and Medicare numbers on a document stolen from a vehicle… Read more
Former employee gets home detention for breaching employer email system
Inside threat is kicking and screaming and far from being gone from the corporate security world. Upset over being fired, a Californian woman breached the email system of her former employer and posted confidential documents to public websites. She got caught and the sentence was 60 days of home detention plus ayear of probation for the one count of felony computer intrusion that 44 year old Ming Shao pleaded guilty to.
In her plea, the woman admitted to a value of the stolen information belonging to PanTerra Networks(which included a Weekly Ops Report) ranging between 10,000 and 30,000 US dollars. She admitted to have breached the PanTerra network and exposing the confidential files as a form of revenge for being fired in August 2009. Read more
UK government gets tough on cyber crime
The UK government decided to invest £63 million in fighting against cyber crime for the next four years. This is but a part of the £650 million funding allotted to national cyber security, according to recent reports. Home secretary Theresa May, has revealed the amount at an informal meeting with the interior ministers of France, Germany, Italy, Poland and Spain, said a report on eGov monitor.
The Strategic Defence and Security Review last October marks the point when the UK government first stated its intention to get tough on cyber crime. Downing Street pledged a further £500 million to a national cyber security program despite having decided to cut budget in other areas. Read more
Insiders, frequent source of corporate fraud incidents
Employee perpetrated fraud has lost the average company about 5% of it’s revenue in the year 2009, the stealing of company sources representing up to 90% percent of the incidents. Employees tend to be tempted by privileged access to data and commit fraud. According to a report published by the Association of Certified Fraud Examiners (ACFE) this type of fraud is the most damaging, causing a loss over $4 million.
“They have a high level of access, which gives them a greater opportunity to commit fraud,” Ben Knieff, director of product marketing for fraud products at Actimize said.
In order to prevent such fraud there are a few proactive steps a company can take: Read more
Accomack county laptop stolen on employee’s trip to Vegas
What’s stolen in Vegas stays in Vegas?
35,000 county residents found out that their private information might be in jeopardy as an Accomack County Virginia employee had a county-owned laptop stolen while being on holiday in Las Vegas. Besides personal information such as names and social security numbers, the files on the stolen computer might contain tax payer information and actual addresses.
The incident took place on October 7 and was reported to the media after seven days. The warning came with apologies as the laptop in question was apparently taken without permission by the employee. A closed meeting held by the Board of Supervisors regarding this issue was held on Wednesday. Read more
