Archive for January, 2008

On January 15th, Absolute Software announced that it has now recovered 5,000 stolen laptops on behalf of Computrace & Lojack customers.

Absolute Software works with law enforcement agencies to recover lost and stolen computers and to provide evidence for the prosecution of thieves. Recovering stolen computers is an important step in laptop and data security practices. Absolute Software has now returned 5000 stolen computers – that’s 5000 computers whose data has been secured, that don’t need to be replaced, and that help put laptop thieves behind bars.

Some statistics about laptop security:

• Absolute Software recovers an average of 50 laptops per week
• Absolute Software recovers 3 out of 4 stolen computers that call into the Absolute Monitoring Center

Read more from the news release here, including some new case studies.

Tags: absolute software, computrace, lojack, lojack for laptops, laptop security

Who Breached: Prudential Insurance Group (UK)
Number Affected: 200
Information breached: Bank records
How: Courier drops box on highway

Prudential Insurance Group in the U.K. has suffered a data breach – not a large one, by industry standards, but an odd one.

A DHL courier was transporting a box of files, including the banking details for 200 of Prudential customers, when the box fell out of the courier’s van on the motorway. The files contained information related to investments worth millions, details of three lottery winners, and other sensitive information.

The documents were found on the motorway by a vehicle recovery driver and returned to Prudential. All customers have been contacted about the incident. Luckily, the box of files was recovered and returned – an unusual circumstance in a data breach situation.

Prudential has suspended shipping with DHL pending a full investigation.

Via finextra ; Tags: prudential, dhl, bank records, data breach, highway, motorway, lost box

Nobody is safe from having a computer stolen – not even a celebrity. If you remember, we reported that Prince Charles was a victim of laptop theft in July. Now, Salma Hayek has become the latest victim of laptop theft.

Salma Hayek, star of such films as “Frida” and “Wild Wild West” and of tv’s “Ugly Betty”, recently became a first-time mother to a baby girl named Valentina Paloma Pinault. During a recent trip abroad, Salma Hayek’s laptop was stolen.

The actress and new mother is desperate to get back the laptop, as it contains personal photos of the family, friends and of the baby Valentina. As a celebrity, Salma is worried that the images could fall into the wrong hands. As a public figure, she has not only identity theft to worry about, but also stalkers who could prey on her or her family. The police are investigating the theft.

Latina.com rightly points out that Salma “should have purchased LoJack…”

Via PageSix; image source ; Tags: salma hayek, laptop theft, laptop security

Laptops and portable data devices such as flash drives continue to be a persistent source of data breaches, but experts say that smart phones are poised to become the next major security challenge.

The issue is twofold: data can be stored on the device, but it can also be breached by the wireless capabilities of the phones. If you check your email or open sensitive information, you put that information at risk for hackers.

For Bluetooth users who have not changed the factory-passwords, there are devices that can remotely access and download all your data. The risk for virus attack of these devices is also increasing as wi-fi phones become a growing target.

According to a survey from the Computing Technology Industry Association, 60% of firms have seen an increase in the past year of security issues from handheld computing devices – smart phones, laptops, PDAs.

While hacking once was about bragging rights or cyber vandalism, security industry officials say profit now largely drives attacks, as the kind of information traveling over wireless networks grows in volume and value.

Business-oriented smart phones have some built-in safeguards, more so than consumer phones. But the line between a consumer phone and a business phone is eroding as consumer phones are outfitted with wi-fi connectivity. Phones which are then put to business use. The prospect of doing work on-the-go is increasingly attractive to many, but while mobility is convenient, it is a security issue.

Via freep Tags: mobility, security, it security, data security, handheld devices, smart phones, bluetooth, business security

Following its latest data breach, the Wisconsin Department of Health and Family Services has announced it will no longer use Social Security Numbers as part of its identity system. Instead, they plan to implement a system that will assign randomly generated ID numbers to everyone in their system.

Deputy Secretary for the agency, Karen Timberlake, says this system has been in the works for some time in order to avoid identity theft. The new change will be rolled into a complete upgrade of the Medicaid computer system – a project taking two years extra and twice as much money to complete.

In 1993, Wisconsin set up an advisory Privacy Council. However, it was eliminated by the Governor in the 1995-1997 budget. Although such a framework may not have prevented the latest breaches, it would have established a framework for the collection and use of personal information.

Via govexec, madison.com Tags: wisconsin, wisconsin state, department of health and family services, data breach, ssns, social security numbers, id numbers, privacy

Absolute Software has released another segment in its “An Absolute Minute” radio series. This segment outlines top tips for laptop security from Absolute CEO John Livingston.

“Anyone who owns a laptop today needs to be concerned with its security. Fortunately, we can all apply a few simple guidelines to significantly decrease our vulnerability”

You can listen to this segment here, as well as past segments on privacy, identity theft, and tales of the missing laptop.

Tags: absolute software, absolute, laptop security

Who Breached: EDS (contractor for Wisconsin Department of Health and Family Services)
Number Affected: 260,000
Information breached: Social Security Numbers
How: Printed on brochures

Wisconsin State Department of Health and Family Services contractor EDS has sent out 260,000 informational brochures with Social Security Numbers printed on them. This is the second mailing label-related breach at the state level in the last 13 months, the previous being in December, 2006 on tax mailing forms.

Texas-based EDS is a private vendor hired by the state for Medicaid services. The recipients of the informational brochures, whose Social Security Numbers were breached on their mailing labels, include SeniorCare, Medicaid and BadgerCare members.

Karen Timberlake, deputy secretary of the state department, puts all blame onto EDS for the incident:

“We are appalled that EDS made this mistake. We take our responsibility for protecting the confidentiality of our members very seriously — and we expect our contractors to do the same.”

Bill Ritz, an EDS spokesman, says the breach was isolated and the result of human error when the address file was created. The error was caught after 260,000 of the 485,000 brochures had gone out. They are providing credit monitoring to those affected and are “implementing additional steps to protect against a repeat of this type of error.”

State Sen. Ted Kanavas, responding to three data breaches in Wisconsin in the last 3 years, including the two mailing label incidents, renewed his call for the government to audit how it uses personal information.

“You yell for it now. You don’t call for anything. You scream for it. Hey, dummies get it right.”

The Senator does well to lay some blame on the State, for it is State security policies which must be enforced with the contractors. As this is a repeat incident, one could say that more blame lies with the State for not correcting its data security problems. It is hard to conceive of a reason why the marketing department at EDS was authorized to see this information at all.

Via attrition, business week, computerworld Tags: wisconsin state, eds, department of health and family services, data breach, it security, breach

Who Breached: Davidson County Election Commission
Number Affected: 337,000
Information breached: Social Security Numbers
How: 2 laptops stolen

Welcome to 2008! And to a whole new series of data breaches. Perhaps not how most businesses want to start off the new year.

The Davidson County Election Commission has breached the personal information, including Social Security Numbers, of more than 337,000 of its voting constituents. A thief broke into several county offices on Christmas Eve and stole 2 laptops a camera and a router.

On Christmas Eve, electronic records show the computer going offline (being stolen). The thief gained access by means of breaking a window, although it appears he/she was cut in the process. Leaving evidence behind that could potentially lead to the thief.

At first, it was thought only partial Social Security Numbers were involved, but investigation found that the data contained full SSNs. The Election Commission will be contacting the affected voters.

Via attrition.org, tennessean, news channel 5 Tags: davidson county, election commission, data breach, id theft, breach, it security

The Parliament’s Justice Committee in the UK has published a report urging UK lawmakers to approve tougher laws to protect private data.

In the wake of some very large data breaches in the last months of 2007, the UK government has faced public scrutiny regarding its data security practices.

“The scale of the data loss by government bodies and contractors is truly shocking but the evidence we have had points to further hidden problems,” Justice Committee Chairman Alan Beith said in an e-mailed statement. “It is frankly incredible” that the measures introduced since the missing tax disks were made public “were not already standard procedure.”

The report, which can be viewed here, suggests that there be new criminal penalties for data breaches. It is also suggested that government data systems be checked.

The report looks at the current political landscape and problems with current data protection practices. It reviews the framework for using data, data protection, possible changes to the Law, suggested reporting requirements, stronger criminal law and enforcement.

The conclusion of the article suggests that the government limit the collection and use of personal data, and that it be stored only where ‘proper safeguards’ are in place. That is, however, not a guarantee. And with the new National Health System centralized data bank, there are very real and ongoing risks to data security.

Via Bloomberg Tags: uk government, data breach, data breach law, privacy, privacy law, government security, it security, personal information, identity theft, data breach, data protection

Security compliance is necessarily a top priority for 2008. So it should come as no surprise that IT security experts are listed as one of the “eight hottest IT skills for 2008“. These are IT skills that are in short supply, with no end to the shortage in sight.

InterGovWorld names the 8 hottest IT skills as:

1. Programming/application development in Web 2.0
2. Project management
3. Help / tech support
4. Security
5. Database management
6. Business acumen
7. Networking skills
8. Telecommunication skills

IT security professionals are needed in all core security areas, from intrusion-detection to government security, but the highest demand is in database and wireless security projects.

Thanks to the Sarbanes-Oxley Act of 2002, “there has to be a way to control security on databases and networks to a level that we’ve never had to lock it down before,” says Joel Reiter, an application analyst at U.S. Bancorp in St. Paul, Minn.

The 8th skill on the list is also a top skill for security professionals. There is a huge demand for people with wireless and security skills combined as organizations try to expand into a networked environment – safely.

Tags: it skills, it, it management, data security, security, it security, tech skills