Loss or theft of hardware, still important cause for data breaches in health sector

May 23rd, 2011 by Agent Smith (0) Data Theft & Loss,security breach

Although there are measures than can be taken to prevent data breaches caused by employees and to involve the personnel more into avoiding such occurrences, there are a lot of security mishaps caused by the loss, theft or misplacing of company hardware by staffers. Laptops, hard drives, USB stick and other storage devices are being lost or stolen on a daily basis, exposing the private data of thousands of people to identity theft or fraud, and many of them occur in the health sector. Read more

Database administrators lack proper understanding of security

May 22nd, 2011 by Agent Smith (0) Research and Studies,security breach

A recently published study shows that database administrators don’t fully understand security. According to these fresh findings, database administrators and IT decision-makers in general admit to knowing very little about security issues like change control, patch management, auditing etc. This survey was conducted on 214 Sybase administrators belonging to the International Sybase User Group.

“A majority of respondents admit that there are multiple copies of their production data, but many do not have direct control over the security of this information,” the survey report stated. “Only one out of five take proactive measures to mask or shield this data from prying eyes.”

According to the report’s author, Unisphere Research analyst Joe McKendrick, the ISUG survey is the first released of a series of similar database security surveys being conducted across various database user groups, including those running other platforms such as Oracle and SQL Server. Read more

Phoenix Dentists Lost Portable Device with 10,000 Patient Records

May 2nd, 2011 by Agent Smith (0) Data Theft & Loss,security breach

Two dentists from Phoenix, Arizona, Brian J. Daniels, D.D.S. and Paul R. Daniels, D.D.S. have recently posted a short notice on their website regarding a privacy breach. This breach involved a portable data device which was stolen on March 2nd and contained protected health information for about 10,000 patients.

The notice, poor in any relevant detail, reads as follows:

HIPAA Breach Information for Patients of Record Certain electronically-stored patient records were stolen on March 2, 2011. If you have any questions please call 602-265-8751

As the website itself seems to be lacking content, and media coverage is quite poor at the moment, more information on this issue will become available when the Department of Health and Human Services publishes it.

Sony’s PlayStation Network Hack Created 70 Million Potential Fraud Victims

April 28th, 2011 by Agent Smith (1) Data Theft & Loss,In The Spotlight,security breach

According to the PlayStation blog, the 70 million users of Qriocity and PlayStation Network may have had their personal information compromised due to a successful hacker attack. Also the network has been shut down since April 20th and users have been unable to download content or play online.

The hacker attack resulted in personal information such as names, home addresses, e-mail addresses, birth dates and passwords being compromised, but the damage to credit card information has not yet been assessed. Read more

Edmonton School Board data breach affected 7,000 people

April 19th, 2011 by Agent Smith (0) Data Theft & Loss,endpoint security,security breach

CBC News recently revealed a disturbing privacy breach that happened on March 22, when a USB memory stick, containing private information for about 7,000 employees of the Edmonton Public School Board was lost.

As a result, the school board sent letters to the affected employees, notifying them that their data may have been misused. Read more

Autmattic and WordPress.com Hacked

April 14th, 2011 by Agent Smith (0) endpoint security,security breach

Servers belonging to Automattic, the company which maintains the WordPress.com platform have recently been hacked via root access. The latest details regarding this breach that is still under investigation comes from an advisory from Automattic. However, the initial findings are quite unsettling for the 18 million publishers hosted by wordpress.com.

“Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed,” the company’s founder, Matt Mullenweg, wrote. “We presume our source code was exposed and copied. While much of our code is open source, there are sensitive bits of our and our partner’s code. Beyond that, however, it appears information disclosed was limited.”

Data breach costs blamed on system failures

March 22nd, 2011 by Agent Smith (0) endpoint security,security breach

A new survey carried out by the Ponemon Institute analyzed data breach experiences of 38 UK companies from 13 different industry sectors. According to this survey, negligence the former primary source of data breaches has been replaced by system failures.

An increase of 13% in data breach costs means that UK organisations will pay £1.9 million or £71 per record. An average cost for these type of breaches cannot be estimated as it ranges from £36,000 to £6.2 million.

The survey also showed 29% of all data breaches are caused by malicious or criminal attacks. This is an increase of 7% in 2010 from the previous year. Read more

Former employee gets home detention for breaching employer email system

March 1st, 2011 by Agent Smith (0) Data Theft & Loss,endpoint security,security breach

Inside threat is kicking and screaming and far from being gone from the corporate security world. Upset over being fired, a Californian woman breached the email system of her former employer and posted confidential documents to public websites. She got caught and the sentence was 60 days of home detention plus ayear of probation for the one count of felony computer intrusion that 44 year old Ming Shao pleaded guilty to.

In her plea, the woman admitted to a value of the stolen information belonging to PanTerra Networks(which included a Weekly Ops Report) ranging between 10,000 and 30,000 US dollars. She admitted to have breached the PanTerra network and exposing the confidential files as a form of revenge for being fired in August 2009. Read more

Data storeed on SSD drives, extremely hard to erase

February 23rd, 2011 by Agent Smith (0) Data Theft & Loss,In The Spotlight,security breach

Recent research involving solid state drives have revealed the fact that sometimes files stored on such drives are impossible to erase using traditional disk-erasure techniques. According to this research, as much as 75% percent of the data may still be present on the drive in question after erasure.

This difficulty comes form their radically changed internal design: SSDs use computer chips to store data and employ a flash translation layer (FTL) to manage the contents. This FTL component frequently writes files to new locations and updates its map to reflect the changes. Read more

UK government gets tough on cyber crime

February 16th, 2011 by Agent Smith (0) Data Theft & Loss,endpoint security,security breach

The UK government decided to invest £63 million in fighting against cyber crime for the next four years. This is but a part of the £650 million funding allotted to national cyber security, according to recent reports. Home secretary Theresa May, has revealed the amount at an informal meeting with the interior ministers of France, Germany, Italy, Poland and Spain, said a report on eGov monitor.

The Strategic Defence and Security Review last October marks the point when the UK government first stated its intention to get tough on cyber crime. Downing Street pledged a further £500 million to a national cyber security program despite having decided to cut budget in other areas. Read more