|
Security in the News
 |
U.S. House of Representatives confirms encryption as the best safeguard to protect sensitive data.
The Energy and Commerce Committee of the U.S. House of Representatives unanimously approved The Data Accountability and Trust Act (H.R. 4127), a bill that requires companies to launch nationwide notification campaigns if the security of sensitive consumer information, such as Social Security Numbers, drivers license numbers or financial data, is breached and could be used for identity theft. This act recognizes data encryption as an essential, underlying security technology that provides organizations with “safe harbor” in the event of a security breach. It states that encrypted electronic data is “presumed” secure and that businesses that employ encryption technology are exempted from the nationwide notification requirement. The act affects any person or business “involved in interstate commerce that owns or possesses [sensitive data in electronic form.” Upon discovering a breach in the security of sensitive data, these businesses are required to implement a nationwide notification program, informing each individual whose data may have been compromised. In addition, the bill calls for notification of the Federal Trade Commission, placement of website or Internet notice and notification to any financial institutions that may be affected.
However, the act also says that the “encryption of (sensitive) data, combined with appropriate safeguards of the keys necessary to enable decryption of such data, shall establish a presumption” that there is no “significant risk of identity theft to the individual to whom the personal information relates.” This means businesses that utilize encryption would be exempted from the required notifications. The act gives the FTC enforcement powers and allocates $1 million a year to fund enforcement activities. If passed, the bill would take effect in approximately one year. The full text of the bill is available at: http://thomas.loc.gov/cgi-bin/bdquery/z?d109:H.R.4127: Posted on 31 March 2006 |
|
Cyber criminals stepping up targeted attacks: report
Cyber criminals are stepping up smaller, more targeted attacks as they seek to avoid detection and reap bigger profits by stealing personal and financial information, according to a report issued on Monday.
An Internet Security Threat report said during the second half of 2005 attackers continued to move away from broad attacks seeking to breach firewalls and routers and are now taking aim at the desktop and Web applications.
Threats such as viruses, worms and trojans that can unearth confidential information from a user's computer rose to 80 percent of the top 50 malicious software code threats from 74 percent in the previous six months.
Hackers are eschewing widespread viruses or worms that deliver infected software code able to potentially devastate hundreds of thousands of computers in favor of smaller-scale attacks. Criminals do not want to trigger a major security response with a high-profile attack and now seek to more narrowly tailor their focus to silently slip onto a user's machine.
By Michael Kahn Tue Mar 7, 2006, Reuters |
|
Thefts prompt products that do more to secure laptops
Recent thefts of laptops with sensitive corporate data have prompted more companies and individuals to snap up everything from locks to tracking software to protect data from PC snatchers. Laptop heists are among a wave of computer-security breaches in the past year, leaving thousands of people vulnerable to ID theft.
Fidelity Investments last week disclosed that someone made off with a laptop containing the names, Social Security numbers and other information for 196,000 current and former Hewlett-Packard employees. In recent months, laptops containing personal information have been swiped from Ameriprise Financial, Boeing and others.
As more people store data in a mobile environment, laptops and portable storage devices have become more attractive to ID thieves. And, in most instances, the data were not scrambled with encryption technology.
Once a laptop is stolen, cracking the password is easy. Crooks restart PCs using a Linux operating system disk and change passwords. Others use search engines to get software tools that unlock a password. "Anyone skilled in computer forensics can crack a password in minutes,".
By Jon Swartz, USA TODAY Mon Mar 27, 2006 |
|
Afghans selling US army 'files'
US forces in Afghanistan are checking reports that stolen computer hardware containing military secrets is being sold at a market beside a big US base. Shopkeepers at a market next to Bagram base, outside Kabul, have been selling memory drives stolen from the facility, the Los Angeles Times newspaper says. The disks reportedly contain personal details about US soldiers, military defenses and lists of enemy targets. They were all stolen from offices inside the base by the Afghans working there. Hundreds of Afghans are said to be working as cleaners, labourers and auxiliary staff at the Bagram base.
BBC News, April 12, 2006 |
|
Hackers get inside province's system
The RCMP is investigating how hackers cracked the B.C. government's computer network. The revelation, the latest in a spate of embarrassing security breaches. "Apparently, the government found out on the sixth of February of this year that outsiders had been accessing the system for at least two months."
Miro Cernetig, Vancouver Sun, Wednesday, March 08, 2006 |
|
Privacy nightmare: Sensitive files on stolen computers The provincial government had more than 100 pieces of computer equipment and dozens of laptops and cellphones stolen last year, according to documents obtained by The Vancouver Sun. The government said all of those items were stolen, rather than lost.
- Twelve laptops and 77 other pieces of computer equipment were stolen from various school districts across the province and another 21 computers went astray at universities and colleges.
- Four laptop computers and three other pieces of computer equipment from the Attorney-General's ministry.
- Four laptop computers from the Public Safety and Solicitor-General's ministry.
- Three laptop computers and one other piece of computer equipment from the Health Services ministry.
- One laptop and 15 other pieces of computer equipment from various health authorities and hospitals, includingVancouver General Hospital, Lions Gate Hospital and Richmond Hospital.
Chad Skelton, Vancouver Sun, Wednesday, March 08, 2006 |
|
Personal data sold with BlackBerries
A government auction that sold 41 computer tapes containing confidential files has also sold hand-held organizers without removing sensitive information.
The data tapes sold contained confidential information on thousands of government employees and private citizens. Those files included information on medical conditions, refugee claimants and thousands of social insurance numbers and birth dates.
Jonathan Fowlie, Vancouver Sun, Wednesday, March 08, 2006 |
|
Fidelity Laptop With Customer Info. Stolen
BOSTON - A laptop computer belonging to Fidelity Investments and containing sensitive data on about 196,000 retirement-account customers was stolen last week, the company said.
The nation's largest mutual-fund manager confirmed reports Thursday that the computer held information on participants in Hewlett-Packard Co.'s pension and 401(k) plans and that it has alerted those affected, offering them free credit monitoring for 12 months.
The data included names, addresses, birth dates, Social Security numbers and other information that potentially could be used by identity thieves.
March 23, 2006 |
|
The FTC recently released Identity Theft Report, available at http://www.ftc.gov/os/2003/09/synovatereport.pdf, showed that over 27 million individuals have been victims of identity theft, which may have occurred either offline or online, in the last five years, including almost 10 million individuals in the last year alone. The survey also showed that the average loss to businesses was $4800 per victim. Although various laws limit consumers' liability for identity theft, their average loss was still $500 - and much higher in certain circumstances. |
|
A real estate brokerage firm in Vancouver, British Columbia was burglarized. What was surprising about this break-in was that the thieves did not focus on the expensive computer equipment. Instead, the thieves stole nearly 200 current transaction files, as well as the bank records and credit card files of the brokerage. This robbery underscores the value of personal information in a time of increased identity theft. Armed with this stolen information, the thieves could cause significant financial harm to the brokerage and its clients.
Source: Report from the Real Estate Council of British Columbia |
|
Ameriprise Financial Inc. has notified about 226,000 people that their names and other personal data were stored on a laptop computer that was stolen from an employee's vehicle. Ameriprise is offering the affected current and former employees a free credit monitoring program for a year.
Last summer, 40 million consumer accounts, primarily MasterCard and Visa accounts, were exposed to possible fraud due to a breach at Atlanta-based CardSystems Solutions Inc., which processes credit card and other payments for banks and merchants. Other companies that have faced recent problems with data theft or losses include Citigroup Inc., ChoicePoint Inc., LexisNexis Inc., Bank of America Corp., DSW Shoe Warehouse and BJ's Wholesale Club Inc.
According to the Federal Trade Commission, nearly 10 million people fall victim to identity theft each year, costing consumers $5 billion in losses and businesses nearly $50 billion.
Source: By STEVE KARNOWSKI, Associated Press Writer Jan 26, 06 |
|
The Federal Trade Commission said that data warehouser ChoicePoint Inc. will pay $15 million to settle charges that its security and record-handling procedures violated consumers' privacy rights and federal laws. The FTC said it had fined the Alpharetta, Ga.-based company $10 million and that Choicepoint would pay an additional $5 million that will be used to compensate consumers.
The company also is a defendant in several lawsuits and complaints arising from the breach, and several government agencies are investigating.
"The message to ChoicePoint and others should be clear: Consumers' private data must be protected from thieves," Deborah Platt Majoras, chairman of the FTC, said Thursday in a statement.
Source: HARRY R. WEBER, AP Business Writer |
|
Citigroup, the biggest financial services company in the US lost their back-up tapes while shipping them to a credit bureau. The tapes contained personal information on 3.9 million consumer lending customers of its CitiFinancial subsidiary.
Source: CNN/Money, June 5, 2005 |
|
Wells Fargo had four computers stolen containing the Social Security numbers and other personal information of some borrowers. This was the third time in one year that computers with clients’ information were stolen.
Source: LA Times, November 3, 2004 |
|
A California medical practice had their computers stolen and this exposed 185,000 patients to the risk of identity theft. In 2004, 9.9 million Americans became identity theft victims, costing the country roughly $5 billion according to the Postal Inspection Service.
Source: msnbc.com – Associated Press, April 8, 2005 |
|
A thief walked into a University of California, Berkely office and stole a laptop containing personal information about nearly 100,000 alumni, graduate students and past applicants. The University plans to advise the 98,369 people affected to check their credit reports and has set up a 1-800 number as well as a Web site to answer questions about the laptop theft.
Source: AP Business Writer: Michael Liedtke |
|
"An IT security officer at an international metals manufacturer ... said ....an employee's notebook PC was stolen at a hotel, but the incident was reported only to the company's physical security group. The IT security officer learned of the theft by chance."We need to work more closely together on incidents like that. They [the physical security staff] have no idea what access the user of the notebook may have to our apps, nor did they ask him if he had any passwords in an open text file on his system. It was a major security breach through a lack of communication."
Source: Informationweek.com, February 11, 2002 |
|
The FBI 'lost' 184 laptops along with a number of weapons. At least 14 of the laptops were believed to have been stolen and one contained classified information related to two closed espionage cases
Source: USA Today |
|
What do the U.S. state department, the British military and the FBI have in common? Each of these security-centric organizations has recently lost laptops with sensitive information.
Source: Interactive Week Online, August 6, 2001 |
|
Laptops stolen from the Football Association's London ... thieves also stole hard drives and thousands of disks, believed to include sensitive material such as bank details.
Source: The Register, May 12, 2001 |
|
A survey ... reveals that a staggering 2,900 laptops, 1,300 PDA's and over 62,000 mobile phones have been left in London's licensed taxi cabs in ... 6 months with an average of 3 phones per taxi.
Source: TECS, August 31, 2001 |
|
"The Evening Times reported laptop thefts were on the increase as the expensive portable computers become more popular....Detective Inspector George Mitchell, of Stewart Street police station, said: It used to be video recorders but now it's laptop computers that have become the favorite for thieves".
Source: TECS, 8/31/01 |
|
A notebook with top secret info on arms proliferation disappeared from the State Department.
Three notebooks were stolen from the Democratic National Committee's finance office in New York.
The CEO of Qualcomm had his laptop stolen while it sat upon a podium from which he'd just delivered his speech
Five notebooks were stolen from the Olympic Village in Sydney containing details about the New Zealand team's strategies
An MI5 agent has admitted losing a laptop notebook containing sensitive government information at Paddington train station. Security has been stepped up at MI5 following the theft, which has caused extreme embarrassment for the security agency and the government.
|
|
|
|
