Insider Compromises 2 million Private Records

August 19th, 2008 by Agent Smith (0) Data Loss, Data Theft, IT security, Identity Theft, endpoint security, fraud, security breach

If you’re acquainted to endpoint security solutions and the threats they try to prevent, you have definitely heard of the inside threat. It refers to employees who breach security systems and compromise confidential data. Whether it criminal intent that drives them or ignorance, the effects on the company are the same: loss of money, trust, customers and quite a lot of hassle, all eventually leading to loosing more money.

There are dozens of examples and they such breaches keep happening. The latest has recently been reported by Countrywide Financial Corp. The FBI has just arrested one of their employees and his accomplice for stealing and subsequently selling private records on the company’s customers.

The breach is thought to have started three years ago. The employee in question used to copy batches of 2000 records containing sensitive details, such as social security numbers, and sell them to the competition. Those investigating what happened estimate the total number of affected customers to around 2 million. If you want more details on how it all happened, see the details in the LA Times.

In this specific case, the employee is thought to have acted knowingly. Yet he exploited a flaw in the company’s security. Had they monitored all the computers on their premises and make sure unauthorized data transfers to portable devices was denied, the whole breach would have been avoided.

The inside threat is real and can lead to significant damages. It’s not something to get paranoid about or fear, it’s something companies can easily monitor, preventing such data thefts.

Stolen Flash Drive with Personal Info on 2,600 Delphi Workers

August 12th, 2008 by Agent Smith (0) Data Loss, Data Theft, IT security, Identity Theft, In the News, endpoint security, security breach

A flash drive containing private information on 2,600 former Dayton-area Delphi workers has recently been stolen from an unattended laptop of a Job and Family Services department employee. The information stored on said drive included names, addresses, social security numbers and telephone numbers of the workers.

Helen Jones-Kelley, director of the Job and Family Services department, quoted by the Dayton Daily News, said leaving the laptop unattended during lunch hour was a violation of department policy and the responsible employee could be taken disciplinary actions against, including termination.

In what those affected are concerned, the same department representative said they have sent letters to all those involved.

11 Arrested in the TJX Identity Theft and Data Breach Case

August 7th, 2008 by Agent Smith (2) Data Theft, IT security, Identity Theft, In The Spotlight, fraud, online fraud, security breach

The FBI has arrested 11 people in the case of the largest identity theft and data breach in history that targeted TJX and other companies. The suspects of which three are US citizens are believed to have taken part in the theft of over 40 million credit and debit card accounts from 9 major retailers and restaurants. Stealing that much data was possible after installing malicious software on the systems of TJX Companies, BJ’s Wholesale Club, OfficeMax, Barnes & Noble, Sports Authority, Forever 21, DSW, Dave & Busters and Boston Market.

Never surpassed in the time it has passed has been covered constantly by the media. The Reigster tells the story of the breach in a recent article: in the beginning of 2007, TJX first reported the a breach by unknown idividuals who had at the time stolen 46.5 million credit cards, number later proved to be twice as high. According to the Register, the fraud have been going on for quite a while when TJX reported it, as a year earlier industry watchers had noticed an unusual increse in debit card fraud at retailers OfficeMax and Sam’s Club.

US Attorney of Massachussets and the US Attorney General had both commented on the issue:

“While technology has made our lives much easier it has also created new vulnerabilities,” Michael J. Sullivan, US Attorney for the District of Massachusetts, said in a statement announcing the indictments. “This case clearly shows how strokes on a keyboard with a criminal purpose can have costly results.”

“They used sophisticated computer hacking techniques, breaching security systems and installing programs that gathered enormous quantities of personal financial data, which they then allegedly sold to others or used themselves,” US Attorney General Michael Mukasey said in prepared remarks. “And in total, they caused widespread losses by banks, retailers, and consumers.”

Other than having a sophisticated and high end technique of stealing the information, the ring of thieves also had multiple way to turn the theft into profit, either by selling the data to other criminals or by using it to create fake cards and withdraw thousands of dollars at a time.

The eleven arrested individuals are from the United States, Estonia, Ukraine, the People’s Republic of China and Belarus. The FBI is still in pursuit of another member of the group who is only known by his online alias and continues to elude authorities. Let’s hope he’s caught soon enough!

Hackers Looking to Chat or Spam Expose 2,800 to Identity Theft

July 29th, 2008 by Agent Smith (0) Data Theft, Identity Theft, endpoint security, security breach

Another security breach involving a college has recently been reported. While trying to set up chat rooms or establish a spam sending headquarters from themselves, a group of hackers broke into a library consortium that serves Connecticut College, Trinity College and Wesleyan University.

According to consortium sources quoted by Courant.com, the two breached servers were ocated at the consortium’s headquarters at Wesleyan and were used to store a database belonging to all three colleges. The database included the names, addresses and Social Security or driver’s license numbers of about 2,800 Connecticut College library patrons, 12 Wesleyan University patrons and three from Trinity.

There’s no evidence that personal information was stolen, but affected individuals will be mailed letters with information on how to enroll in an identity protection service. All personal information has been deleted from the database and steps were taken to secure the servers.

Slim Risks, yet HCC Still Warns of Lost Data

July 29th, 2008 by Agent Smith (0) DLP, Data Loss, Data Theft, IT security, Identity Theft, endpoint security, security breach

Hillsborough Community College programmer’s laptop stolen from a hotel parking lot in Georgia rises identity theft concerns. All the private records the laptop used to contain on about 2,000 HCC employees has previously been deleted and the computer is password-protected, yet fears of someone with sophisticated software retrieving the data made HCC take action.

Spokeswoman Ashley Carl told Tampa Bay Online that the programmer had been working on a payroll project for a group of employees using their names, bank-routing numbers, retirement information and Social Security numbers but had subsequently deleted the data and also emptied the Trash bin.

The college also is looking into acquiring technology that will allow workers to remotely locate laptops and to encrypt computers or disks. In addition, it stressed to employees who use laptops to use extra caution when securing the devices.

HCC officials announced all their potentially affected employees of the threat and advised them to closely monitor their bank accounts. This was indeed a speedy and rather thorough reaction from HCC, especially since their determined to prevent future incidents by deploying and endpoint security solution along with enforcing other IT security policies.

Potential Breach Affects 128,000 Saint Mary Patients and Clients

July 28th, 2008 by Agent Smith (0) Data Leakage, Data Theft, IT security, Identity Theft, endpoint security, security breach

Saint Mary’s Regional Medical Center has recently released information about a potential data breach involving one of its databases. The database in question was used Saint Mary’s health education classes and wellness programs contained private records of about 128,000 patients and clients.

The personal information contained details such as names and addresses, limited health information and some Social Security numbers. According to a statement made by Gary Aldax, marketing manager for Saint Mary’s and quoted by RGJ.com, the database did not contain medical records or credit card information.

“What happened was that an unauthorized person may have accessed the database,” Aldax said. “We’re currently working with Equifax, which is one of the three major credit agencies, to help handle this for us.

“In some cases, there were people who had their Social Security numbers (in the database) as well, so we’re sending different letters to people depending on their situation.”

Saint Mary’s has emailed all those potentially affected this month, warning them about the threats they might be exposed to.

Private Data on 300 Vets Stolen along with Backup Server

July 27th, 2008 by Agent Smith (0) Data Loss, Data Theft, Identity Theft, endpoint security, security breach

Burglars breaking into the Minneapolis Veterans Home stole a backup computer server containing private records of over 300 residents. The server stored telephone numbers, addresses, next-of-kin details, social security numbers and other private medical details or the 336 residents, according to the statement of an official with the Minnesota Department of Veterans Affairs quoted by StarTribune.com.

It appears the burglars broke into the facility early on a Sunday. According to Gil Acevedo, deputy commissioner for Veterans Health Care, the thieves also took a tool kit, a laptop computer, a guitar and a computer game, and are unlikely to have targeted the private records.

“We don’t suspect the burglars came in looking for that specifically,” he said. “They broke in, kicked in several doors, and took a series of things. There’s no pattern.”

The case is currently investigated by the Minneapolis police together with the Veterans Affairs department. The residents, their families and credit bureaus have all been informed of the data theft in order to prevent subsequent identity theft and fraud attempts.

Endpoint Security Strategies for SMBs

July 21st, 2008 by Agent Smith (0) DLP, Data Loss, Data Theft, IT security, Identity Theft, Laws & Standards, Research and Studies, endpoint security, security breach

SMBs have specific requirements when it come to IT security in general and endpoint security in particular: they need comprehensive policies, high-end technology, all downsized at a larger scale and a fair price. They don’t need cheap and unreliable solutions, they just need the best there is, adjusted to their size.

If you’d like to know more about what the IT security market has to offer, what challenges arise from the current business environment, which are the real threats SMBs face, how to properly asses the costs of a security breach, how easy it is to lose data or have it stolen, read the latest white paper published by CoSoSys, Easy Guide to Comprehensive IT Security Strategies for SMBs - High-End Endpoint Security, Data Loss Prevention and Portable Device Management at a Reduced Scale.

Brand New Security Breach Reported by the US Army

July 21st, 2008 by Agent Smith (1) DLP, Data Leakage, Data Loss, Data Theft, IT security, Identity Theft, In The Spotlight, In the News, endpoint security, security breach

Ever since 2006, several cases of exposed sensitive data surrounding the US Army have kept the newspapers busy. A new such case has recently hit the papers, when a laptop computer was reported stolen from an Ary employee’s truck. The laptop contained personal information on about 900 soldiers from Fort Lewis. The information was released by Lacey police officials and quoted by The New Tribune.

As the theft might expose the Army employees to identity theft risks, the involved soldiers have been notified of the breach, said a post spokeswoman. According to Army officials, the employee, a civilian military personnel specialist, from whom the laptop has been stolen appears to have violeted Army standards and policies for protecting personal information and government property.

The Army is assisting Lacey police with the theft investigation and conducting its own review, said Catherine Caruso, a Fort Lewis spokeswoman.

“We’re not releasing anything more about what information was inappropriately compromised or about the soldiers whose information was involved,” Caruso said. “Clearly it was personal information regarding 800 to 900 soldiers from Fort Lewis. Beyond that, we’d rather not specify.”

Daily Mail Loses Laptop With Staff’s Private Info

July 8th, 2008 by Agent Smith (0) Data Theft, IT security, Identity Theft, endpoint security, security breach

The latest security breach involving a stolen laptop has recently been reported by Northcliffe Media, owner of the Daily Mail. The lost computer contained sensitive information on the company’s employees, such as names, addresses, bank accounts and sort codes of Mail and General Trust staff.

According to company representatives quoted by the Register, the said laptop was password protected but most likely not encrypted. Northcliffe Media warned its staff of the risk they were exposed to advised them to contact their bank in order to prevent future problems.

The letter, signed by group finance director M J Hindley, said:
The likelihood is that this theft was carried out in an opportunistic manner by a thief who will not realise that there is any personal data on the laptop and who may just erase what is on the hard disk in order to disguise the fact that the laptop is stolen.

« Previous Entries
© Endpoint Security Info 2008. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML