A data breach affecting 1.8 million customers of two New York utilities companies has recently been made public by the New York State Public Service Commission. The investigation into this data breach was initiated after an employee from a third party IT company contracted by New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) was given unauthorized access to the company’s databases.
It is not clear if accessing the customer databases had any malicious intent, both affected companies claiming there was no proof of any data having been misused as a consequence of the breach. But, to stay on the safe side, they have decided to send out notifications regarding the data access, as it exposed Social Security Numbers, dates of birth and financial account information, as shown in the official press release sent out by the NY Commission. Read more
According to datalossdb.org, a site belonging to the Open Security Foundation, that publishes the latest news regarding data loss and data breaches, the month of 2011 with the largest number of such incidents was June, when 90 cases were recorded.
The causes of these incidents were very diverse: from the ever-present theft of computers, laptops or hard drives and other portable devices, to fraud, hacking attacks, personal information disclosed on websites, viruses, documents thrown in the dustbin, etc.
The most significant breach from June was the one produced at Sony Pictures, when the LulzSec hackers have accessed one million records of Sony clients in Belgium and the Netherlands.
According to the PlayStation blog, the 70 million users of Qriocity and PlayStation Network may have had their personal information compromised due to a successful hacker attack. Also the network has been shut down since April 20th and users have been unable to download content or play online.
The hacker attack resulted in personal information such as names, home addresses, e-mail addresses, birth dates and passwords being compromised, but the damage to credit card information has not yet been assessed. Read more
US identity fraud losses went down last year by 28%, with the total number of 2010 victims going from 11 million a year before to 8.1 million. The estimated amounts also went down from $56 billion in 2009 to $37 billion in 2010, according to an annual study by Javelin Strategy & Research. These figures appear to be the lowest in the last 8 years.
The average loss per victim went down from $5,000 in 2009 to $4,600 in 2010, the drop being directly linked with the decrease in identity fraud, according to Javelin. Research data also shows 26 million records have been exposed in 404 reported breaches during 2010, compared to 221 million records in 604 breaches during 2009. Read more
The latest annual statistics from the UK’s National Fraud Authority show that more than £38bn have been lost over the last 12 months due to fraud. This amounts to an increase of more than 25%.The public sector (£21.2bn) reported the biggest part of the loss, while the private sector cost the government only £12bn, with another £4bn in losses from fraud against individuals.
According to the NFA the increase was to be expected, at least in part, due to improved reporting procedures. The figures include estimates for procurement (£2.4bn) and grant fraud (£515m) for the first time. Read more
Four women living in the Waco area have been charged and arrested as a result of their conspiracy to commit identity theft. They have developed a scheme scheme involving stolen Fingerprint Applicant Services of Texas (FAST) applications required by licensing and certification entities such as the Texas Education Agency.
A seven count federal grand jury indictment, that was unsealed yesterday afternoon, charges 32-year-old Angela Cuellar, 38-year-old Yolanda Ramos, 33-year-old Diane Rivera and 29-year-old Christine Elifritz with one count of conspiracy to commit identity theft. Angela Cuellar has also been charged with six substantive aggravated identity theft counts while Elifritz and Ramos, with only one aggravated identity theft count. Read more
Employee perpetrated fraud has lost the average company about 5% of it’s revenue in the year 2009, the stealing of company sources representing up to 90% percent of the incidents. Employees tend to be tempted by privileged access to data and commit fraud. According to a report published by the Association of Certified Fraud Examiners (ACFE) this type of fraud is the most damaging, causing a loss over $4 million.
“They have a high level of access, which gives them a greater opportunity to commit fraud,” Ben Knieff, director of product marketing for fraud products at Actimize said.
In order to prevent such fraud there are a few proactive steps a company can take: Read more
In a new incident proving – as if more evidence was needed – that one of the biggest data security threats comes from the inside, an administrative tech of the Texas Child Protective Services in Houston decided to steal data on potential foster care and adoptive parents and use it to apply for credit cards. Together with an outside accomplice, they had used the stolen information to apply for said credit cards at various stores.
Luckily enough, the credit card issuers noticed some discrepancy in the way formed were filled out and the two were discovered and arrested after stealing data on only 70 individuals. The two accomplices charged with fraudulent possession of identifying information could face up to 10 years in prison and a 10,000 US dollar fine. Not quite worth it for some extra stolen cash that probably never came through.
As of now it is unclear if any of their identity theft attempts was successful. We do hope they have failed miserably.
If a company, bank of hospital handling your private details has suffered a data breach, you are four times more likely to have your identity stolen. So if you have received a notification letting you know your data has been exposed, you should acknowledge the greater risk for ID theft or fraud, says a recent study by Javelin Research and quoted by DarkReading.
This new report comes to completely contradict breached companies breached who commonly state they have no indication that the compromised data has been used by criminals.
“During each of the past three years, an average of 11 percent of consumers received a breach notification,” Javelin said. “Slightly more than 33 percent of breach victims experienced exposure of their Social Security numbers, and 15 percent of breach victims had their ATM PINs compromised. [But] despite 19.5 percent of breach victims suffering some kind of fraud in the past year, only 2 percent attribute their fraud to the breach.”
Buying second hand PCs might be quite an adventure. Especially if they contain sensitive information that could blow one’s mind out, as it happened for a group of researchers from the University of Glamorgan in Scotland. According to a DarkReading article, the researchers found their used hard drives to contain details of test-launch procedures for a U.S. defense missile.
The researchers have included these findings in the results of a a five-year study that aimed to show the dangers of poor hard drive and device data-wiping and disposal practices. Acording to this years’ results, which are not yet final, the research also led them to sensitive data from Ford Motor, Laura Ashley, and other businesses.
This year, the researchers found personal or sensitive data on 34 percent of 300 hard disks bought randomly at computer fairs and online auctions in the U.K., U.S., Germany, France, and Australia. The information was enough to expose individuals and firms to fraud and identity theft, they said.
So if someone indulged in the idea of starting a fraud or theft based scam, all they needed is to start buying used computer parts. It’s easy and far less dangerous than actually atemtping to steal the data directly from the businesses currently using them.