Endpoint Protector Appliance: Stop data theft on Windows and Mac

Data breaches caused by storage device theft hit again

March 4th, 2011 by Agent Smith (0) Data Theft & Loss,DLP,endpoint security

Printed, stored on computers or on flash drives, your data is just not safe. Your personal details that you entrust to companies you work with, doctors and other third parties will just end up exposed. If you are lucky enough, they might get in the hands of someone who won’t use your address, social security number or card details to harm you on their quest to get fast and easy money. If you’re unlucky, your accounts will just turn empty one day, your identity will be used to commit felonies or crimes and you will have years of paperwork and bad credit records in front of you.

Let’s check the recent data breach news. We have a stolen computer that contained names, ages, addresses and medical conditions of 700 children. Next come rushing in: backup tapes and other media containing cord blood bank customer information stolen from car, which ended up exposing about 300,000 records; and 113 patients’ names and Medicare numbers on a document stolen from a vehicleRead more

Facebook fixes data theft issue

February 4th, 2011 by Agent Smith (0) Data Theft & Loss,security breach

A security problem that allowed malicious web sites to access personal user information without their explicit permission has just been fixed by Facebook. This flaw has been reported by Rui Wang and Zhou Li, two student researchers.

According to Graham Cluley, senior technology consultant at Sophos, the security lapse could let malware spread between users,and abuse data as it goes by impersonating a legitimate site that already has the permission to take information.

“According to Wang and Li, it was possible for any web site to impersonate other sites which had been authorised to access user data, such as name, gender and date of birth,” he said. “Furthermore, the researchers found a way to publish content on the visiting users’ Facebook walls under the guise of legitimate web sites, a potential way to spread malware and phishing attacks.” Read more

Stolen laptop jeopardizes more than 3000 patients

January 3rd, 2011 by Agent Smith (1) Data Theft & Loss

A laptop theft that occurred at a doctor’s home has prompted Dean Health System and St. Mary’s Hospital to offer identity theft protection to more than 3,000 patients. According to Kim Sveum, Dean spokeswoman, the laptop, which was stolen on Nov. 8 did not contain Social Security numbers, addresses, phone numbers, credit card numbers or other financial information

Dean and St. Mary’s released a statement about the situation Monday. and  sent letters Saturday to more than 3000 affected patients. All of these patience have had had surgeries from 2001 through Nov. 8.

The doctor ,who has not been named, apparently stored  the patient information on her personal computer, against Dean policy, Sveum said. Data on Dean computers are encrypted, she added.

Sveum wouldn’t say if the doctor was disciplined. Dean and St. Mary’s “are undertaking comprehensive reviews of this breach of policy” and reminding employees to protect patient privacy, the statement said.

Along with the laptop, the doctor reported the theft of  an iPod, a jewelry box and a purse  stolen from her home in Fitchburg, said Lt. Todd Stetzer of the Fitchburg Police Department. Only the purse has been recovered.

This was not the only house breaking in the area and it had occurred through an unlocked patio door.

The patients affected by the theft are being allowed to sign up for one-year identity theft service, including up to $20,000 in reimbursements for expenses from resolving any identity theft issues. However, no problems have been reported so far, and the risk appears to be small, Sveum said.

Private data stolen from state computers

December 27th, 2010 by Agent Smith (0) Data Theft & Loss

According to a DHS Report from 17 December 2010, 15,000 Social Security numbers have been stolen from the computers of a New York state agency.

According to The Social Security Administration in New York City, a subcontractor working for the Office of Temporary Disability Assistance  has stolen the Social Security numbers. The subcontractor stole the data while performing upgrades,  for computers belonging to private contractors working for the agency. The agency decides Social Security disability claims. Read more

Is there such a thing as decent thieves?

October 25th, 2010 by Agent Smith (0) Data Theft & Loss,In The Spotlight

A professor at the Umeå University in northern Sweden has received the entire contents of his stolen laptop on a USB stick. As this data was the result of 10 years of work, one can imagine this gentleman’s relief.

In a statement addressed to the local Västerbottens-Kuriren newspaper he says that he is unhappy with the incident but the return of the data makes him “hope for humanity”. Read more

Accomack county laptop stolen on employee’s trip to Vegas

October 15th, 2010 by Agent Smith (1) Data Theft & Loss,endpoint security

What’s stolen in Vegas stays in Vegas?

35,000 county residents found out that their private information might be in jeopardy as an Accomack County Virginia employee had a county-owned laptop stolen while being on holiday in Las Vegas. Besides personal information such as names and social security numbers, the files on the stolen computer might contain tax payer information and actual addresses.

The incident took place on October 7 and was reported to the media after seven days. The warning came with apologies as the laptop in question was apparently taken without permission by the employee.  A closed meeting held by the Board of Supervisors regarding this issue was held on Wednesday. Read more

Former employee hacks computer system to steal company data

October 11th, 2010 by Agent Smith (2) Data Theft & Loss

After discovering  leads, customer names and other documents have been lifted form a local home loan company in the Lee County, the local sheriff’s detectives are investigating a man, former employee of the company in question, claimed to have been responsible for this crime.

Bryan Howel, owner of Homelynx Home Loans says: “I’m tired of people stealing, lying cheating in the mortgage industry and I’m one that’s going to stand up and do something about it…”
And he actually did something about it, he charged a former employee. Read more

Former Hospital Employee Sells Patients’ Private Data

September 24th, 2010 by Agent Smith (0) Data Theft & Loss,Laws & Standards

Federal prosecutors have stated that a former employee of the University of Pittsburgh Medical Center has been indicted for the alleged theft of patient data. This is the first HIPAA-related prosecution in Western District of Pennsylvania.

Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of patients’ data for personal gain in February 2008, when he was an employee at UPMC Shadyside Hospital. The indictment lists Pepala as the sole defendant. Read more

The Pentagon finally confirms the most significant breach of US military computers ever

August 26th, 2010 by Agent Smith (1) In The Spotlight,Malware Infections,security breach

The Pentagon has finally confirmed a security breach that happened back in 2008 and which one of their top officials has described as “the most significant breach of U.S. military computers ever.” The breach was caused when a foreign intelligence agent used a flash drive to infect US military computers, including those used by the Central Command to oversee combat zones in Iraq and Afghanistan.

The device in question was a cigarette-lighter-sized flash drive which was plugged into an American military laptop from a base in the Middle East amounted to “a digital beachhead, from which data could be transferred to servers under foreign control,” according to William J. Lynn 3d, deputy secretary of defense, quoted by the New York Times

“It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” Mr. Lynn wrote. Read more

Sensitive BP info revealed in hacking contest

July 31st, 2010 by Agent Smith (0) Data Theft & Loss,In The Spotlight,security breach

If you think BP have their hands full with the oil spill and the whole environmental mess they’ve caused in the Gulf of Mexico, think again. It seems they lack all kinds of security – not only can’t they drill for oil in a safe environment, their data security is also poor.

banner-sky.jpg

The Defcon hacker contest organized in Las Vegas is a hacking competition that has its contestants trick employees of large companies into spilling out potentially sensitive information. The purpose is – and targeted companies should thank the organizers for that matter – to show how gullible people can be and how this becomes a major security vulnerability. Read more