Data Protection Weekly for November 10, 2008
December 1st, 2008
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Data Protection Weekly
Update on encryption, device management, and leak prevention
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Is your loading dock your biggest data leak?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
blancco2
Once your new equipment has been commissioned and brought on line, do you have control of the data that is still on the old equipment? After all of the effort to protect network and equipment, data protection during equipment disposal or change of ownership is too often overlooked.
www.blancco.com
White House powned by Chinese
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It is just too embarrassing. The Financial Times is reporting that the Chinese government has hacked successfully into the White House on several occasions. Chinese hackers have penetrated the White House computer network on multiple occasions, and obtained e-mails between government officials, a senior US official told the Financial Times. On top of the major hack on the Pentagon announced in 2007 this is just more evidence that the Chinese are engaging in a concerted effort to glean information from the US. Of course, Whitehall, the German Chancelary, France, India, Australia, and New Zealand have all been hacked as well. It might be time for the US to lodge a complaint with the Chinese government.
Read on…
Ex-AMD employee allegedly stole $1B Intel secrets
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A former Intel Corp. engineer has been charged with stealing trade secrets worth $1 billion from the chip maker while he worked for its main rival, Advanced Micro Devices Inc. Federal prosecutors in Massachusetts alleged this week in a five-count indictment that Biswamohan Pani, 33, illegally downloaded more than a dozen confidential documents from Intel’s computer system in California during a four-day stretch in June. He had already resigned from Santa Clara, Calif.-based Intel, but remained on the payroll and still had access to the company’s computers while he burned unused vacation days.
Read on…
Express Scripts demonstrates best practices in handling a data breach incident
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Express Scripts, one of the largest pharmacy benefit management companies in North America, Sunday announced that it has received a letter from an unknown person or persons trying to extort money from the company by threatening to expose millions of the company’s patients’ records. Extortion is an old, old methodology for extracting funds from victims. In the cyber crime arena it has a history that pre-dates the Internet. During the twenty years before the Internet was commercialized over $600 million was paid to extortionists who stole account data from UK banks. They were either employees of those banks or had bribed insiders to print out account records. The banks would pay the extortion demands in order to avoid embarrassment and potential loss of brand. Banks of course rely on their brand of providing a safe and secure home for your money.
Read on…
Data security threats worst at home, expert says
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The threats to data security are most severe at home, a Seattle security expert told the Secure World Detroit conference at the Ford Conference and Events Center in Dearborn Wednesday. Gordon Mitchell, president of Future Focus Inc., told the audience of a couple of hundred IT security professionals how to “become a counterspy in three easy lessons.” Mitchell said good counterspies must figure out what information is valuable, think about who could be a spy, think likea spy would and protect the information. Companies and institutions are constantly surrounded by people who are spying on them, Michell said. The strategies can range from the sophisticated to the simple — like the biotech client that actually had an employee listening to board meetings by using a drinking glass up against a wall.
Read on…
Programmer charged for sniffer used in TJX breach
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A New York programmer is charged with helping a group of hackers break into corporate networks to pilfer corporate data. Stephen Watt, 25, was charged in U.S. District Court with providing a modified sniffer program used to monitor and capture data, including customers credit and credit card information, as it traveled across corporate computer networks. Watt’s indictment is believed to be tied to the massive data security breach at TJX Cos. Inc. as well as several other retailers.
Read on…
British Government computer system shut down after data breach
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you hand over important details to the government, you expect a certain level of protection of that data. Unfortunately, it’s probably safer to give your details to a stranger in the street than trust the British Government to take care of them. The latest data breach saw a memory stick containing details of 12 million people found outside a pub.
Read on…
.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
safend2
Don’t let reductions in your workforce turn into yet another reason for critical data to walk out the door. Join Richard Stiennon, Chief Research Analyst, IT-Harvest, and Susan Callahan, SVP of Safend to learn how to protect your critical information during times of retrenchment and cut backs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reduce data breach risks with secure USB flash drives
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Imagine yourself in this position. It’s Monday morning, and your task is to go to your lead executive to let him know that an ambitious employee who wanted to get some work done over the weekend just reported that her USB flash drive was either lost or stolen from her desk. The drive contains downloaded medical and financial records for 1,200 patients with HIV, AIDS and other medical conditions.
Read on…
After laptop theft, Baylor Health warns of possible data compromise
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HealthTexas Provider Network Inc., a subsidiary of Dallas-based Baylor Health Care System, is notifying about 7,400 patients of the potential compromise of their Social Security numbers and other personal information after a laptop containing the data was stolen in September. It is also contacting an additional 100,000 people whose records on the laptop contained a “limited amount” of health information — though not Social Security numbers, Baylor said in a statement yesterday.
Read on…
Up to 40,000 kids’ identities stolen from Phoenix DES in burglary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Up to 40,000 children’s identities were stored on Department of Economic Security hard drives that were stolen from a storage unit in October. Now all those families may be at risk of identity theft. This affects anyone who has applied for or been accepted to DES’s “Early Intervention Program” over the past several years. This has the parents of those 40,000 children seriously concerned about their well-being.
Read on…
NC government computer with personal info stolen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A North Carolina health department’s stolen laptop contained personal information about some residents who are receiving government services. The Department of Health and Human Services said Wednesday the computer belonging to the Division of Aging and Adult Services employee was stolen on Oct. 25 in Atlanta.
Read on…
Avoiding costly data breach notifications
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Privacy Organizations spend serious money dealing with data breach notifications-millions of dollars that could be better spent on improving security procedures or technology, according to Bart A. Lazar, a partner with the law firm of Seyfarth Shaw. The CIO and the legal department can try and limit the risks associated with incident response while conserving resources, says Lazar. He offers five tips that shouldn’t break the bank.
Read on…
Preventing security breaches
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A security breach is the last thing you want to have to deal with in any enterprise. If sensitive company data leaked outside, you’d already be past worrying about hardening firewalls and strengthening perimeters-by then it’s too late. According to Michael Rothschild, senior manager of enterprise solutions at Juniper Networks, “outside-in” attacks have been eclipsed by insider threats this year, which opens up a whole new attack vector (bypassing the perimeter security strategy). Rothschild says today’s hackers go far beyond hacking to attain notoriety and hack for profit instead. This puts corporate data, customer data, applications, and, indeed, the organization at risk.
Read on…
Card breaches shake faith in e-payments
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the past three months, all three of my payments cards — one credit card and two debit cards — have been compromised. That means somewhere, in some database, various fraudsters have my name and enough card details to attempt a shopping spree anywhere in the world. The cards have all been replaced by the issuers and, luckily, I never discovered any fraudulent transactions. The card breaches are particularly disturbing since I cover computer security. So what happened? I still have no clue. Investigating a card breach as a consumer, or a journalist, is a black hole.
Read on…
A&M-CC student data exposed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For the fourth time in two years and the second time in three months, a security breach at Texas A&M University-Corpus Christi has exposed students’ or former students’ Social Security numbers, university officials said Friday. Through an Internet search on the university’s Web site Monday, a student viewed a document that listed admissions applicants from 2005, A&M-Corpus Christi spokesman Marshall Collins said. The page listed 1,430 names and Social Security numbers.
Read on…
Charlottesville voter information at risk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After a bold break in at a voting precinct, the personal information for every registered voter in the city of Charlottesville is on the line. Two laptops containing voter registration information were stolen from a building at Tonsler Park in Charlottesville sometime after the polls closed Tuesday night. Charlottesville police say someone threw a cinder block through the door of the building and made off with the laptops.
Read on…
Clients’ data missing, Harvard Law warns
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Harvard Law School is alerting thousands of clients from a legal services clinic after a computer tape containing their Social Security numbers, addresses, and financial information was lost in September. The personal information, dating back 10 years, belonged to about 21,000 people who sought help through the school’s legal services center in Jamaica Plain, Robert London, a school spokesman, said yesterday. About 8,000 records of present and former clients contained Social Security numbers; another 13,000 had other identification information.
Read on…
Contact Information
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
email: news@it-harvest.com
advertising inquiries: karen@it-harvest.com
web: http://www.it-harvest.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Entry Filed under: DPW Issues
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed