Printed, stored on computers or on flash drives, your data is just not safe. Your personal details that you entrust to companies you work with, doctors and other third parties will just end up exposed. If you are lucky enough, they might get in the hands of someone who won’t use your address, social security number or card details to harm you on their quest to get fast and easy money. If you’re unlucky, your accounts will just turn empty one day, your identity will be used to commit felonies or crimes and you will have years of paperwork and bad credit records in front of you.
Let’s check the recent data breach news. We have a stolen computer that contained names, ages, addresses and medical conditions of 700 children. Next come rushing in: backup tapes and other media containing cord blood bank customer information stolen from car, which ended up exposing about 300,000 records; and 113 patients’ names and Medicare numbers on a document stolen from a vehicle… Read more
A security problem that allowed malicious web sites to access personal user information without their explicit permission has just been fixed by Facebook. This flaw has been reported by Rui Wang and Zhou Li, two student researchers.
According to Graham Cluley, senior technology consultant at Sophos, the security lapse could let malware spread between users,and abuse data as it goes by impersonating a legitimate site that already has the permission to take information.
“According to Wang and Li, it was possible for any web site to impersonate other sites which had been authorised to access user data, such as name, gender and date of birth,” he said. “Furthermore, the researchers found a way to publish content on the visiting users’ Facebook walls under the guise of legitimate web sites, a potential way to spread malware and phishing attacks.” Read more
A laptop theft that occurred at a doctor’s home has prompted Dean Health System and St. Mary’s Hospital to offer identity theft protection to more than 3,000 patients. According to Kim Sveum, Dean spokeswoman, the laptop, which was stolen on Nov. 8 did not contain Social Security numbers, addresses, phone numbers, credit card numbers or other financial information
Dean and St. Mary’s released a statement about the situation Monday. and sent letters Saturday to more than 3000 affected patients. All of these patience have had had surgeries from 2001 through Nov. 8.
The doctor ,who has not been named, apparently stored the patient information on her personal computer, against Dean policy, Sveum said. Data on Dean computers are encrypted, she added.
Sveum wouldn’t say if the doctor was disciplined. Dean and St. Mary’s “are undertaking comprehensive reviews of this breach of policy” and reminding employees to protect patient privacy, the statement said.
Along with the laptop, the doctor reported the theft of an iPod, a jewelry box and a purse stolen from her home in Fitchburg, said Lt. Todd Stetzer of the Fitchburg Police Department. Only the purse has been recovered.
This was not the only house breaking in the area and it had occurred through an unlocked patio door.
The patients affected by the theft are being allowed to sign up for one-year identity theft service, including up to $20,000 in reimbursements for expenses from resolving any identity theft issues. However, no problems have been reported so far, and the risk appears to be small, Sveum said.
According to a DHS Report from 17 December 2010, 15,000 Social Security numbers have been stolen from the computers of a New York state agency.
According to The Social Security Administration in New York City, a subcontractor working for the Office of Temporary Disability Assistance has stolen the Social Security numbers. The subcontractor stole the data while performing upgrades, for computers belonging to private contractors working for the agency. The agency decides Social Security disability claims. Read more
A professor at the Umeå University in northern Sweden has received the entire contents of his stolen laptop on a USB stick. As this data was the result of 10 years of work, one can imagine this gentleman’s relief.
In a statement addressed to the local Västerbottens-Kuriren newspaper he says that he is unhappy with the incident but the return of the data makes him “hope for humanity”. Read more
What’s stolen in Vegas stays in Vegas?
35,000 county residents found out that their private information might be in jeopardy as an Accomack County Virginia employee had a county-owned laptop stolen while being on holiday in Las Vegas. Besides personal information such as names and social security numbers, the files on the stolen computer might contain tax payer information and actual addresses.
The incident took place on October 7 and was reported to the media after seven days. The warning came with apologies as the laptop in question was apparently taken without permission by the employee. A closed meeting held by the Board of Supervisors regarding this issue was held on Wednesday. Read more
After discovering leads, customer names and other documents have been lifted form a local home loan company in the Lee County, the local sheriff’s detectives are investigating a man, former employee of the company in question, claimed to have been responsible for this crime.
Federal prosecutors have stated that a former employee of the University of Pittsburgh Medical Center has been indicted for the alleged theft of patient data. This is the first HIPAA-related prosecution in Western District of Pennsylvania.
Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients’ data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant. Read more
The Pentagon has finally confirmed a security breach that happened back in 2008 and which one of their top officials has described as “the most significant breach of U.S. military computers ever.” The breach was caused when a foreign intelligence agent used a flash drive to infect US military computers, including those used by the Central Command to oversee combat zones in Iraq and Afghanistan.
The device in question was a cigarette-lighter-sized flash drive which was plugged into an American military laptop from a base in the Middle East amounted to “a digital beachhead, from which data could be transferred to servers under foreign control,” according to William J. Lynn 3d, deputy secretary of defense, quoted by the New York Times
“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” Mr. Lynn wrote. Read more
If you think BP have their hands full with the oil spill and the whole environmental mess they’ve caused in the Gulf of Mexico, think again. It seems they lack all kinds of security – not only can’t they drill for oil in a safe environment, their data security is also poor.
The Defcon hacker contest organized in Las Vegas is a hacking competition that has its contestants trick employees of large companies into spilling out potentially sensitive information. The purpose is – and targeted companies should thank the organizers for that matter – to show how gullible people can be and how this becomes a major security vulnerability. Read more