Denmark: Storage media with 9500 private records accidentally exposed

March 15th, 2010 by Agent Smith (0) DLP, Data Theft & Loss, In the News, security breach

Mistakes happen everywhere. Some lead to lots and lots of private data being exposed. This is the case of Danish group ISS whose representatives accidentally mail a storage device containing 9500 employee records instead of holiday cards. The bad news is that the information exposed included names, addresses and social security numbers. The good news is at least it wasn’t their whole employee database, about 2000 managed not to be exposed to the risk of identity theft and fraud!

The company has announced those affected by this new breach but it’s not giving too many details, as there’s an ongoing investigation. Read more on the incident here.

Endpoint Security and Device Control Solutions with low TCO and great ROI.

As far as we’re concerned, the conclusion is very simple. Be careful where you store private details of your employees! Try to do it on a safe computer network. And if you need to save all that info on a storage device, make sure it’s encrypted, because such little gadgets are misplaced all the time!

Stolen laptop puts 12,500 patients’ data at risk

March 8th, 2010 by Agent Smith (0) DLP, Data Theft & Loss, In the News, security breach

Shands HealthCare has recently announced about 12,500 of their patients that their private medical data has been stolen in January, along with the laptop that contained the personal details. As it almost always happens in the case of hardware storing sensitive records, the laptop wasn’t encrypted in any way.

The stolen info contains names, addresses, medical record numbers and medical procedure codes of the patients, as well as the Social Security numbers of about 650 people. Luckily, up to know, there is no evidence of any misuse of the data, and we should keep hoping that the thief or thieves just needed the notebook to sell it or for personal use…

At least some measures have been taken: training for the employees and system-wide encryption policy to prevent such data breaches in the future. And of course, there’s protection for those affected, eligible for 12 months of free credit monitoring.

Let’s hope the new system works, as according to Gainesville.com, security breaches involving large amounts of patient data being exposed are some what of a recurring habit at Shands.

FTC issues warning about data loss over P2P

March 5th, 2010 by Agent Smith (0) DLP, In The Spotlight, Laws & Standards, security breach

Yet another warning about data loss, company policy and how easily all your files can be liked over the internet comes into the security world, this time from the Federal Trade Commission. Long overdue some would say, including Robert Siciliano in a recent post on Information Security Resources.

Yes, it is quite bewildering to see how after warning after warning and a long line of data breach incidents, companies still allow the misuse of software and hardware resources. It is also confusing to see the FTC now getting ready to directly warn about 100 companies about the risks of peer-to-peer. It’s a bit late, years and years after the problems appeared. Read more

Who’s afraid of the big bad cyberattack?

February 23rd, 2010 by Agent Smith (0) Data Theft & Loss, In The Spotlight, security breach

There have been dozens of news on cyberattacks lately. From human rights websites from China being under attack, to the attacks on US sites and institutions, to a more recent article debating how a cyberattack will affect the UK public’s trust in their Goverment. (Check our Twitter profile for an extended list of such news).

A minor effect attack would make UK citizens not trust their representatives. It seems crazy and it tastes of instant panic, but is it? I’d say more cyberattacks would have the same effect on US citizens as well. Why? It’s simple! It’s not because people are scary and tend to run amok at the smallest of threats, it’s because of the created expectations that were never met. Read more

Breached server puts 170,000 at risk

February 22nd, 2010 by Agent Smith (0) Data Theft & Loss, Identity Theft, In the News, security breach

A security breach estimated to have taken over one month has given unidentified individual access to the grades and social security numbers of students of the Valdosta State University, along with private details of faculty members. The breach discovered in December on a university server has put 170,000 individuals at risk, but the ongoing investigation is yet to reveal who was behind the breach and what was their purpose.

Endpoint Security and Device Control Solutions with low TCO and great ROI.

While the breach was discovered in early December, the official announcement was released on February 18th, after a prior release announcing an ongoing investigation. According tot the university site “the breached server and potentially breached data were secured and removed from the network. While we still do not have any evidence that personal information was taken, we are alerting affected individuals via email, web, and mass media of the potential theft of their personal information.”

Sudents and faculty can check if they have actually been affected here and consult quite a few identity theft resources, but no protection is offered to them bu the University from what we can tell form the site, press release and press coverage. At least they are sorry and planning to make security changes…

« Previous Entries
© Endpoint Security Info 2010. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML