Data storeed on SSD drives, extremely hard to erase

Recent research involving solid state drives have revealed the fact that sometimes files stored on such drives are impossible to erase using traditional disk-erasure techniques. According to this research, as much as 75% percent of the data may still be present on the drive in question after erasure.

This difficulty comes form their radically changed internal design: SSDs use computer chips to store data and employ a flash translation layer (FTL) to manage the contents. This FTL component frequently writes files to new locations and updates its map to reflect the changes. Read more

UK government gets tough on cyber crime

The UK government decided to invest £63 million in fighting against cyber crime for the next four years. This is but a part of the  £650 million funding allotted to national cyber security, according to recent reports. Home secretary Theresa May, has revealed the amount at an informal meeting with the interior ministers of France, Germany, Italy, Poland and Spain, said a report on eGov monitor.

The Strategic Defence and Security Review last October marks the point when the UK government first stated its intention to get tough on cyber crime. Downing Street pledged a further £500 million to a national cyber security program despite having decided to cut budget in other areas. Read more

Fraud has decreased in 2010 – crime does not pay anymore?

US identity fraud losses went down last year by 28%, with the total number of 2010 victims going from 11 million a year before to 8.1 million. The estimated amounts also went down from $56 billion in 2009 to $37 billion in 2010, according to an annual study by Javelin Strategy & Research. These figures appear to be the lowest in the last 8 years.

The average loss per victim went down from $5,000 in 2009 to $4,600 in 2010, the drop being directly linked with the decrease in identity fraud, according to Javelin. Research data also shows 26 million records have been exposed in 404 reported breaches during 2010, compared to 221 million records in 604 breaches during 2009. Read more

Companies selling credit reports settle FTC charges over data breaches

As result of a court settlement, three credit report reselling companies – Washington state-based ACRAnet Inc. and SettlementOne Credit Corporation and Statewide Credit Services of California – have agreed to obtain independent security audits every other year for the next two decade. Also more comprehensive security programs designed to protect the confidentiality of the consumer data they sell will be developed.

The three companies use credit information to create special reports which are then delivered to mortgage brokers. These resellers of credit information have been charged with lack of security, fact that lead to allow security breaches exposing sensitive consumer information. Read more

Facebook fixes data theft issue

A security problem that allowed malicious web sites to access personal user information without their explicit permission has just been fixed by Facebook. This flaw has been reported by Rui Wang and Zhou Li, two student researchers.

According to Graham Cluley, senior technology consultant at Sophos, the security lapse could let malware spread between users,and abuse data as it goes by impersonating a legitimate site that already has the permission to take information.

“According to Wang and Li, it was possible for any web site to impersonate other sites which had been authorised to access user data, such as name, gender and date of birth,” he said. “Furthermore, the researchers found a way to publish content on the visiting users’ Facebook walls under the guise of legitimate web sites, a potential way to spread malware and phishing attacks.” Read more

Data leaks at the Scottish Court Service

A formal undertaking was signed by the Scottish Court Service, after the Information Commissioner’s Office (ICO) reveiled that sensitive court documents were accidentally disposed of at a Glasgow recycling bank.

This breach was brought to ICO’s attention when a Scottish newspaper published details of the files containing appeal documents in September 2010. The documents in question have been lost by the editor of a series of law reports and the court service has failed to specify the procedure of keeping the documents safe. Read more

Massive data breach discovered at Ohio State University

Personal information of more than 760,000 of the current and former Ohio State University students, faculty and staff was repeatedly compromised earlier this year by hackers who managed to access an unsecured university server. Starting this week, according to an advisory posted on the university’s website, school officials said they began sending out notification letters all affected individuals.

A routine IT security review discovered the breach, during late October. This breach allowed hackers to access student and staff files containing names, social security numbers, birth dates and addresses. Read more

University of Tennessee Medical Center data was improperly disposed of

8,000 patients of the University of Tennessee Medical Center are being alerted about a possible privacy breach risk as hospital reports that contained personal information were not properly disposed of.

According to UT Medical Center spokesman, Jim Ragonese, there is no actual proof that such information was disclosed, used or accessed inappropriately.

“We are providing letter recipients with information about how to receive free credit reports and are creating a toll-free telephone line specifically to answer questions pertaining to this incident,” Ragonese said via e-mail. Read more

Federal Reserve computers hacked, 400000 credit card numbers stolen

Data Breach affecting ALDI stores’ payment terminals