Edmonton travel agency investigated for credit card fraud
An Edmonton travel agency is currently investigated for credit card fraud after complaints of foul play totalling over 50,000 US dollars have been reported by former customers. According to the ongoing police investigation of the Canadian travel company, a former employee has been charged in the case, but other charges might still be pending, involving other prople related to the agency.
While the information is still foggy, it is clear that there have been about 11 reports from ex-customers who have used the agency’s services and then noticed unauthorized usage of their credit cards. The initial complaint came from a customer who had found out that almost 20,000 USD had been charged to his card. Subsequent complaints raised the total abount to 50,000 USD.
It is unclear how many credit card accounts had been stolen, as the agency personnel had access to all this data. The police investigation might be able to reveal who’s to blame and how many people were affected by this data theft.
Video: Controlling Device use in your office is a must to protect your data
Endpoint Protector for Device Control explained in plain English
You can try it yourself today. Visit www.EndpointProtector.com
Identity fraud scheme targeting foster care and adoptive parents
In a new incident proving – as if more evidence was needed – that one of the biggest data security threats comes from the inside, an administrative tech of the Texas Child Protective Services in Houston decided to steal data on potential foster care and adoptive parents and use it to apply for credit cards. Together with an outside accomplice, they had used the stolen information to apply for said credit cards at various stores.
Luckily enough, the credit card issuers noticed some discrepancy in the way formed were filled out and the two were discovered and arrested after stealing data on only 70 individuals. The two accomplices charged with fraudulent possession of identifying information could face up to 10 years in prison and a 10,000 US dollar fine. Not quite worth it for some extra stolen cash that probably never came through.
As of now it is unclear if any of their identity theft attempts was successful. We do hope they have failed miserably.
Stolen laptop puts 12,500 patients’ data at risk
Shands HealthCare has recently announced about 12,500 of their patients that their private medical data has been stolen in January, along with the laptop that contained the personal details. As it almost always happens in the case of hardware storing sensitive records, the laptop wasn’t encrypted in any way.
The stolen info contains names, addresses, medical record numbers and medical procedure codes of the patients, as well as the Social Security numbers of about 650 people. Luckily, up to know, there is no evidence of any misuse of the data, and we should keep hoping that the thief or thieves just needed the notebook to sell it or for personal use…
At least some measures have been taken: training for the employees and system-wide encryption policy to prevent such data breaches in the future. And of course, there’s protection for those affected, eligible for 12 months of free credit monitoring.
Let’s hope the new system works, as according to Gainesville.com, security breaches involving large amounts of patient data being exposed are some what of a recurring habit at Shands.
Why cutting off USB ports is not a smart security solution
The USB ports leading to the computers in your network are somewhat of a hell hole, opening up the way to scary security breaches. It all comes down to the use of portable devices that can store large amounts of data that employees and visitors carry around, plug in and use, regardless of all the security red alerts popping up each step of the way.
But completely cutting access to USB ports, although still used, is not a smart move if you’re trying to protect your data against accidental loss or theft. Lawsuits, fines and seeing your customers drop like flies are all scary scenarios, but fear should never prevent you from playing it smart. Read more
Study by KPMG sees “Business crime on the rise in Germany”
As many as 37 percent of German companies were the victim of economic crime in the last three years, a new study has found. Internet fraud and the theft of business secrets have become a particular problem.
The use of USB Flash Drive in high capacity has made it easy to steal even the most complex business or construction plans in just a few seconds.
A USB Thumbdrive is all that’s required to steal valuable information.
A new study carried out by the German research institute Emnid for the financial services firm KPMG has found that criminal methods are being used more and more often in the ruthless and competitive world of business.
The survey, which took in 375 companies of all sizes, found that around one in three companies had been the victim of business crime. Two thirds of the companies surveyed also expected the level of criminality to rise.
The biggest economic crimes remain fraud, theft, embezzlement and breach of trust, but money-laundering and the forgery of accounts and financial information have all risen since the last survey was carried out in 2006.
Ignorance breeds carelessness
According to KPMG spokesman Frank M. Huelsberg, companies still need to be more aware of how crimes operate. “Despite these alarming results, small and medium-sized companies are particularly prone to underestimate the danger of falling victim to crime,” he said.
Fifty-six percent of the employees surveyed said that their company was less likely to be a victim of economic crime than a major corporation, while 76 percent believe they have made adequate security arrangements.
“Privately- or family-owned companies like to put their trust in their employees. But that makes them vulnerable,” Huelsberg said, “Experience shows that basic security mechanisms are often neglected in such companies.”
Third-party threat
In 62 percent of economic crimes involving small and medium-sized companies, employees conspired with an external third party. This figure is only 40 percent with large companies.
The theft of business or operational secrets is a growing threat, according to the study. A third of small and medium-sized companies have been a victim of such theft, the study said.
“The sale of sensitive information to competitors or criminals is particularly strong in times of economic crisis,” Huelsberg says, “Nowadays even the most complex construction plans fit on a USB stick. Data theft and industrial espionage can be child’s play if security fails, and the loss of sensitive designs or formulas can be fatal for a small, innovation-based company.”
Read the enitre article here on DW.
So what’s the endpoint security forcast for 2010?
With security journalists complaining about hazy security predictions for 2010, we thought I thought I should get my crystal ball out and share with you what the future holds for the world of Endpoint Security! My predictions are based on what I’ve noticed in the past few years, on recurring issues and generally how things work in the industry. So here goes!
1. The much hyped and awaited US Cybersecurity Czar will spend at least 6 months sorting through inter-agency policies, egos and feeble budgets and only then starting to do some work! The boost the security industry is expecting to come from the authorities interest in cybertheats will continue to lag.
2. The economy is picking up. But slowly and mostly on paper. Security budgets won’t be much increased and cost effectiveness will remain an important factor in selecting security products. Let’s hope it will come into play after the ineffective products are eliminated and not before! Read more
Most employees would steal data. Companies worry, but do nothing
If any manager out there was still wondering if their employees would actually steal company data, the answer is here. Yes, they would, although they know it’s illegal. And while most companies know the main threats that can lead to data theft are insiders, they do little to nothing about it. This is the Dark Reading conclusion after putting together two separate surveys conducted by security vendors.
One of the researches surveyed over 600 employees from the financial districts in New York, USA, and London UK. A lot of respondents admitted they had no problem taking work home and then keeping it for their own benefit. While the overwhelming majority knows this would be illegal, some had already taken confidential data to a new job and others said they would share such data at any time with friends or family if that would help them get hired in a better position. There are also those who would just take the private data just in case, as a long term insurance policy. Read more
Blue Cross Blue Shield data breach under the microscope
A data breach that results in exposing private details usually means bad consequences. Especially when an institution fails to properly inform those affected of what had happened. Such is the case of the recent Blue Cross Blue Shield’s (BCBS) loss of confidential information, including tax identification and social security numbers, for about 800000 healthcare providers from all US.
The data breach in question is currently being investigated by Connecticut Attorney General Richard Blumenthal as BCBS may have broken the state law by suffering the breach and then failing to inform those affected on time.
The information in question was lost back in August when a laptop containing it was stolen. Although the theft has affected providers all across the US, the Connecticut AG is only investigating on behalf of 18,817 of its Connecticut health care providers. What he aims is to obtain credit monitoring for more than just one year, as commonly offered, and seek additional identity theft protection.
On the other hand, BCBS states they started notifying those involved within days from the incident, not a month later as implied by the AG. Either way, they are more than willing to offer credit monitoring for two years, or at least a branch of the institution is!
