IT-Harvest

Data Protection Weekly

June 30, 2008

Looking for managed UTM?

Contact Seccom Global, an MSSP dedicated to
supporting Fortinet Unified Threat Management
appliances. Get managed AV, firewall, IPS,
VPN, anti-spam, anti-spyware, and URL
filtering for one affordable rate.
We make UTM work.

www.seccomglobal.com

Data being leeched from company databases by
less secure mobile devices is a common
occurrence, making data leakage the big
technology issue of 2008. With the increasing
use of mobile phones, PDAs and laptops as
work tools, important company data is removed
from the office every day. This increase in
data sharing promotes an environment suitable
for data leakage and is aggravated by the
associated use of hot-desking, home working
and wireless hotspots. It is further
complicated by the shuttling of data back and
forth between staff on USB sticks, CDs, DVDs,
backup tapes and even iPods. As a
consequence, security breaches are on the
increase.

Read on…

Want to know how well a company protects its
customers’ data? Don’t talk to its security
and compliance officers. Instead, try its
marketing department. A study released Monday
by the privacy-focused Ponemon Institute and
funded by e-mail marketing firm Strongmail
reveals a disturbing disconnect in companies
between the executives tasked with protecting
customer data and marketing departments,
which use the data for advertising purposes
or share it with third parties.

Read on…

More than 6,500 CNET Networks employees and
relatives are being notified of a possible
data breach after burglars stole computer
systems from the offices of the company that
administers the Internet publisher’s benefit
plans. CNET was one of several clients
affected when burglars broke into the Walnut
Creek, Calif., offices of Colt Express
Outsourcing Services, stealing equipment
“which contains the human resources data of
several of their clients including CNET
networks,” CNET Senior Vice President of
Human Resources Jose Martin said in a June
letter notifying employees of the incident.

Read on…

Virgin Media has confessed to losing the bank
details of 3,000 new customers last month.
The company is currently phoning the affected
customers and has contacted all but a few
hundred. All the customers involved have
been offered credit file protection, in
essence a close watch on all their financial
transactions, and automatic indemnity should
a theft occur. The lost data concerned
customers who signed up for Virgin Media
services at Carphone Warehouse. Unencrypted
bank account details were recorded to a CD
and transferred by hand between Virgin Media
headquarters and another office. During the
journey, on 29 May, the CD was lost.

Read on…

Data breaches remain a significant problem
for any company that manages information
about personal identity. In recent weeks,
widely publicized data breaches have hit
Lending Tree, Hannaford Bros. Co., and the
Bank of Ireland. Past data breaches at
ChoicePoint, TJX Cos., and the U.S.
Department of Veterans Affairs have resulted
in large, class-action lawsuits with claims
for or settlements in the millions of dollars
in some cases. At the April RSA Conference
in San Francisco, a number of speakers
addressed the technical and legal aspects of
the data breach problem.

Read on…

I used to work for Boeing in Wichita. Boeing
sold the Wichita division and all of the
workers, including me, to another company. We
still did the same work, but Boeing was just
one customer of several. Nearly a year after
the sale, someone at Boeing lost a laptop
that had the names, addresses and Social
Security numbers of nearly all of the 12,000
Wichita ex-employees on it. They waited an
unknown period of time before telling anyone,
then another couple of weeks before they
offered to pay for credit reporting
subscriptions for us. They offered no
compensation for people that had been actual
identity-theft victims and they wouldn’t pay
for identity-theft insurance. Almost
immediately after the laptop went missing,
someone used my SSN to apply for credit cards
all over the country.

Read on…

The loss or theft of private or confidential
data is endemic amongst UK firms, according
to research released today. The survey of
over 900 UK data protection professionals and
marketing professionals conducted by the
Ponemon Institute found almost two-thirds (61
per cent) had experienced a data breach
involving the loss or theft of consumer
information over the past 24 months. Worse
still, 90 per cent of these data breach cases
went unreported to customers, as the
organisation felt that they were either not
required to do so, or were unsure whether
they had to.

Read on…

One in three IT administrators say they or
one of their colleagues have used top-level
admin passwords to pry into confidential or
sensitive information at their workplace,
according to a survey by a
password-management vendor. Nearly half also
confessed that they have poked around systems
for information not relevant to their jobs.

Read on…

Customers of one Tampa Bay area bank should
check their bank statements and apply for a
new debit card after a data breach last week.
Bank Atlantic confirms they had a data loss,
involving their MasterCard debit cards. A
spokesperson says it happened through a local
merchant, but at this time, isn’t saying
which one.

Read on…

The recent wave of identity theft is
especially evident at health care facilities,
where a stolen computer could potentially
contain the most personal of information for
thousands of people. Through its work with
health care organizations, Absolute Software
identified the computer security risks most
often faced by hospital systems, health
management organizations and others with
responsibility for electronic protected
health information. Here’s a rundown of each
risk area.

Read on…

When security people see headlines about data
losses at TJ Maxx, ChoicePoint, DuPont, and
the Department of Veterans Affairs, they
quickly assume that preventing such loss is a
technology problem. It clearly is not. It is
an information problem. Organizations know
that protecting their clients’ or employees’
data is paramount and that the risk of not
protecting it is a story in the Wall Street
Journal. However, underneath the public
thunder about the loss of credit card and
social security numbers and healthcare
information, even more confidential
information is at risk.

Read on…

Serious institutional deficiencies at HM
Revenue and Customs were to blame for
Britain’s worst-ever breach of personal data
security, when details of 25 million people
were lost in the post, according to two
reports. Investigators from the Independent
Police Complaints Commission found that HMRC
procedures for handling sensitive data were
“woefully inadequate” and staff adopted a
“muddle through” ethos to confidential
personal records. And a separate report by
consultant Kieran Poynter found that last
October’s loss of two computer discs
containing the names, addresses and bank
details of every child benefit claimant in
the country was “entirely avoidable” and
raised “serious questions of governance and
accountability” at HMRC.

Read on…

Trusted old-name retailer Wards did not
inform its customers of a data breach that
allowed hackers to gain access to at least
51,000 records, including credit card
numbers. The breach occurred at the store’s
parent company, Montgomery Ward, where
hackers looted the database that held account
information for all of the firm’s retail
properties.

Read on…

Organizations that expose consumer data pay a
big price in consumer confidence, but can
satisfy most customers by offering them
fraud-prevention services, according to a
survey of more than 400 data breach victims
by research and consulting firm Javelin
Strategy & Research. 55% of survey
respondents say they have less confidence in
the organization that exposed their data and
30% says they would never buy from that
company again, according to the online survey
conducted in May. 40% of respondents whose
information was exposed but had not become
victims of identify theft say they think the
breach leaves them more vulnerable to
criminals misusing their personal information.

Read on…

The Liberty Alliance has released the first
versions of two key frameworks for how
businesses can share and protect sensitive
data in their networks. The Liberty Alliance,
a coalition of businesses and other
organizations, has worked to develop
protocols and policies for federated identity
and Web services, which have the potential
for new efficiencies in data handling but
come with many risks if data is lost or
mishandled.

Read on…

Contact Information