Stolen Flash Drive with Personal Info on 2,600 Delphi Workers

August 12th, 2008 by Agent Smith (0) Data Loss, Data Theft, IT security, Identity Theft, In the News, endpoint security, security breach

A flash drive containing private information on 2,600 former Dayton-area Delphi workers has recently been stolen from an unattended laptop of a Job and Family Services department employee. The information stored on said drive included names, addresses, social security numbers and telephone numbers of the workers.

Helen Jones-Kelley, director of the Job and Family Services department, quoted by the Dayton Daily News, said leaving the laptop unattended during lunch hour was a violation of department policy and the responsible employee could be taken disciplinary actions against, including termination.

In what those affected are concerned, the same department representative said they have sent letters to all those involved.

Countrywide Employee Arrested For Stealing Customer Private Data

August 5th, 2008 by Agent Smith (2) DLP, Data Loss, Data Theft, IT security, In the News, endpoint security, security breach

Californian FBI agents have recently arrested a Countrywide Financial Corp. employee suspected to have stolen personal information about the home mortgage lender’s customers. This new negative event puts a whole new pressure on the company who has been severely affected by the current lending crisis and has also been investigated for fraud.

According to a Computerworld article, Rene Rebollo who was a senior financial analyst for Countrywide Home Loan’s subprime mortgage division, accessed customer data through his work computer and saved it onto flash drives that he then took out of the company. According to the FBI, Rebollo admitted three months ago to have given the private information to third parties. Another man accused of having bought the stolen data was also arrested along with Rebollo.

How much money did Rebollo make from selling the data? Not nearly enough to compensate the minimum 5 years he could spend in jail: 50,000 to 70,000 dollars! Countrywide is now analyzing if he has really exposed the identity of customers and if this is the case, all those affected will be notified.

It would be interesting to see a subsequent analysis of how much Countrywide lost in this affair. But it is hard to determine the costs of a bruised image and shattered trust in the company.

Laptop With Anheuser-Busch Employees’ Private Data Stolen

July 31st, 2008 by Agent Smith (0) Data Loss, Data Theft, IT security, In the News, endpoint security, security breach

Global beverage company Anheuser-Busch has recently released information on the theft of a laptop containing private records of current and former employees. The theft took place in June at an office from the St. Louis area.

Tim Farrell, the company’s vice president for corporate human resources, quoted by DailyPress.com said Anheuser-Busch sent letters to an undisclosed number of employees and ex-employees letting them know what had happened. As the stolen laptop contained Social Security numbers, home addresses and marital status, the company also offered a year of free credit reporting. According to the same source, the private records stored on the stolen computer was password-protected and encrypted.

Banks Prefered by Fraudsters in 2008

July 31st, 2008 by Agent Smith (0) IT security, In the News, fraud, online fraud

It looks like fraudsters have a thing for banks and have been showing this affinity in the first six months of the year. This is the conclusion of the latest Fraud Barometer released KPMG Forensic’s.

According to the barometers quoted by CRN UK, fraud has increased by 50 percent, generating 630 million pounds for fraudsters. Banks toped in losses, reporting a record amount of 350 million, with 128 fraud cases coming to court. The most frequent types of fraud were mortgage fraud, and accounting and employee frauds.

KPMG also released dark predictions for the future, stating that the figures they released are most likely to get worse, one of the causes being the full impact of the credit crunch.

Stay Clear of Computer Threats on Vacation and Business Trips

July 30th, 2008 by Agent Smith (0) DLP, Data Loss, Data Theft, IT security, In The Spotlight, In the News, encryption schemes, endpoint security

And how exactly can you do that? CoSoSys has just released version 3.0 of Carry it Easy +Plus which focuses on increased security for security for USB flash drive users that access their data on public PCs like in internet cafés or hotel business centers.

Carry it Easy +Plus 3.0 has a whole range of features on display that are great for road warrior or the luckier ones of us who are vacationing: Website Password Manager, PC-Screen Lock128 bit AES data encryption, Outlook e-mail, contact and calendar sync, File & Folder Sync, No Trace Internet Browsing and much more.

So why do you need such tight security? The official release explains it:

When vacationing or travelling for business, the simplest technology-bound actions on your daily routine can expose you to real threats. Accessing your webmail account in an Internet café or on a different public PC you might run across in hotel business lounges or in airports exposes you to having your login credentials stolen by keyloggers or other malicious applications. The same can happen when plugging in your notebook in an unsecured network.

With the new SafeLogin feature in Carry it Easy +Plus as your password manager, all your website login credentials are stored securely in encrypted format on your portable storage device and automatically entered on any PC without the use of a keyboard. This feature does not only make logging in secure but also more convenient.

Secuirty Threat Caused by Lost USB Sticks

July 22nd, 2008 by Agent Smith (0) Data Leakage, Data Loss, Data Theft, IT security, In The Spotlight, In the News, endpoint security, security breach

Yet another data breach caused by lost hardware has been reported by a governmental institution. The U.K.’s Ministry of Defence (MoD) has released information on 121 USB sticks, including five containing classified information that have been lost or stolen since 2004.

As reported by DarkReading, these troubling figures became public four years later in response to an official question from Sarah Teather, a Liberal Democrat Member of Parliament. They are the latest yet not the only embarrassing breach involving the UK government. The MoD’s missing USBs come after the loss of two disks containing welfare private data on 25 million U.K. citizens and loss of an extensive number of laptops and mobile phones.

“Far from the problem getting better, it seems actually to be getting worse at the moment,” said Teather. “I think that the government has a duty to come clean and say whether or not anyone has been put at risk as a result of this – we need reassuring, for example, that none of our troops have been put at risk.”

The British government’s latest storage snafu comes less than a year after Her Majesty Revenue and Customs (HMRC), which is the U.K’s equivalent of the IRS was at the center of the country’s largest ever data loss.

This recent events begs a mind blowing question: how many such breaches actually happened but were never released to the public? And how long would it have taken until UK authorities informed the public on these national security breaches if there hadn’t been a formal inquiry?

Brand New Security Breach Reported by the US Army

July 21st, 2008 by Agent Smith (1) DLP, Data Leakage, Data Loss, Data Theft, IT security, Identity Theft, In The Spotlight, In the News, endpoint security, security breach

Ever since 2006, several cases of exposed sensitive data surrounding the US Army have kept the newspapers busy. A new such case has recently hit the papers, when a laptop computer was reported stolen from an Ary employee’s truck. The laptop contained personal information on about 900 soldiers from Fort Lewis. The information was released by Lacey police officials and quoted by The New Tribune.

As the theft might expose the Army employees to identity theft risks, the involved soldiers have been notified of the breach, said a post spokeswoman. According to Army officials, the employee, a civilian military personnel specialist, from whom the laptop has been stolen appears to have violeted Army standards and policies for protecting personal information and government property.

The Army is assisting Lacey police with the theft investigation and conducting its own review, said Catherine Caruso, a Fort Lewis spokeswoman.

“We’re not releasing anything more about what information was inappropriately compromised or about the soldiers whose information was involved,” Caruso said. “Clearly it was personal information regarding 800 to 900 soldiers from Fort Lewis. Beyond that, we’d rather not specify.”

Montgomery Ward Kept Customers in the Dark on Data Theft

June 29th, 2008 by Agent Smith (0) Data Leakage, Data Loss, Data Theft, IT security, In the News, Laws & Standards, online fraud, security breach

In a security breach not yet reported to its customers, Montgomery Ward, an old-line merchant now operating as an internet retailer had 51,000 credit card numbers stolen. The private records have been stolen in December from an online database containing credit card account information.

According to SC Magazine, the furniture retailer operates on the internet on the Wards.com site and is actually owned b Direct Marketing Services.

Direct Marketing Services notified the major credit card brands of the incident but failed to alert customers. Now that the breach has been exposed, they’ve had a change of hart and are planning on letting all those affected know of the breach.

Former Employee Charged in Southeast Security Breach

June 28th, 2008 by Agent Smith (0) Data Theft, Identity Theft, In the News, security breach

A former Southeast Missouri State University employee has been charged in a security breach exposing 800 student names and social security numbers. The man has been indicted on charges of identity fraud and one charge of computer trespass after being found in possession of the private records in question.

According to the SouthEast Missourian, William Elum was the hall director of Dearmont during the 2006 to 2007 school year and was arrested May 27 in Atlanta. While no students have reported credit fraud as a result of the leak, Elum is accused of trying to access two student accounts.

“I haven’t seen any evidence that these data have been misused beyond the attempt the employee used to log on to our system in other students’ names,” said Dr. Dennis Holt, vice president for administration and enrollment management.

Nevertheless, university administrators are recommending students place a fraud alert on their consumer credit file and also a security freeze on accounts at credit bureaus.

DCA Security Breach Exposes Private Records of 5,000

June 28th, 2008 by Agent Smith (0) DLP, Data Loss, Data Theft, IT security, Identity Theft, In the News, endpoint security, security breach

The state Department of Consumer Affairs has recently discovered a security breach exposing employees, contractors and board members to identity fraud. DCA has in response sent 5,000 letters warning those affected that the breach has compromised their names and social security numbers.

According to DCA spokesman Russ Heimerich quoted by Capitol Weekly, the breach occurred on June 5 or 6 when a Microsoft Word document was improperly transmitted electronically outside of the department. The document also contained the salaries and titles of everyone on the list, but Heimerich pointed out these additional details were public information.

Heimerich said the incident is still being investigated, and that he could not disclose who had received the document. He said that so far there is no evidence that any information has been used. It was not even clear the recipient had opened the document.