Archive - Data security RSS Feed

Universities Pummeled by Data Thefts

Massive data spill leaves thousands of students out in the cold.

The combined number of people victimized in two separate incidents at the Universities of Virginia and Miami totals over 50,000.

Nearly every imaginable piece of private information was stolen; including names, addresses, credit card data and highly- prized social security numbers.

These giant leaks aren’t supposed to occur, but the fact is that the portability of laptops and backup tapes makes the crime more common than casual observers may notice.

In the Florida case, the records were being shipped off to a private off site storage facility. This practice is usually designed to safeguard the data off campus, but this time the stagecoach was robbed.

This isn’t the first time the University of Virginia has dealt with this crime. Last year the F.B.I. was called in to investigate the theft of data belonging to 5735 University faculty members.

Techweb Media reported this story last week and also disclosed new research from analysts at AMI Partners. The research indicates that a staggering 86 percent of mid-sized U.S. business reported some sort of security breach or data loss in the last 12 months!

What can you do to ward off the grim IDENTITY GRIM REAPER?

1. Back up your data. A backup allows you to restore missing, corrupted or stolen files quickly. A backup will also allow you to continue your work while your computer is being located, repaired or restored.

2. Download updates to your OS and software regularly. Security patches and “bug fixes” can help you keep your privacy armor polished.

3. Be on guard for viruses and worms. Fight these cyber-security threats by installing a good anti-virus software program.

4. Fight off malicious Ad-ware and Spy-ware. Everyone using the web, instant messaging or file-sharing is vulnerable. Install protective software to fight off malicious mal-ware and update it regularly.

5. What do you mean you don’t have a firewall? Install one immediately to protect your computer from intrusion. Purchase a firewall “box” or get the software version from a company like Norton or McAfee.

6. Use stronger-longer passwords. The longer and stranger looking they are, the better. Recent studies indicate that most computer users utilize the same password for everything. Create long and unusual alpha-numeric passwords that don’t contain easy clues like your dog’s name or the street you grew up on.

7. Lock your computer down! The trunk of your car doesn’t count. Visit a local retailer to purchase a computer locking cable device. Turning your back on your computer for even a moment at home, at the library or at Starbucks is just asking for trouble with a capital T.

April 25, 2008 in Data Breaches, Data security

Congressman Is a High Profile Data Theft Victim

Ironic twist makes this incident noteworthy!

Even high profile identity theft advocates are vulnerable to the threat of data loss, data compromise and data crime.

Representative Joe Barton (R-Texas) was among 3000 patients whose records were reported missing by the National Institutes of Health. An NIH laptop containing the medical records for the patients was reported stolen from the trunk of a vehicle according to a report this month by The Associated Press.

Here’s the irony. Barton is a founder of the Congressional Privacy Caucus, whose mission among other things is to educate members of Congress and their staffs on matters of individual privacy.

It is noteworthy that Rep. Barton only found out about his own breach in press reports. Barton has asked the inspector general for the Health and Human Services Department to investigate why the information wasn’t encrypted and why the NIH delayed disclosure of the breach.

As difficult as it may seem to protect your financial identity, your medical records are much harder to secure. This is primarily because patients have no control over the handling and care of their own personal medical records.

The federal regulation designed to prevent these unsettling scams is the Health Insurance Portability and Accountability Act ( HIPAA) Privacy Rule. Unfortunately, it can be extremely difficult for patients to correct inaccuracies in their medical records, because insurance companies are not compelled to correct records which they did not create.

According to a report on msnbc.com, one medical identity theft victim had the contents of her wallet removed and despite the fact that she quickly cancelled all her credit cards, had almost $14,000 in prescription meds and treatments charged up in her name. Over the next four months, restoring her identity became a part-time job. She fought off bill collectors, struggled to get her own medical prescriptions paid for and nearly got arrested herself on suspicion of being a co-conspirator in the scam.

The numbers can be deceiving. According to the Federal Trade Commission, only 3 percent of U.S. identity-crime victims have their information used by others to obtain medical services or false claim reimbursements. This still means that nearly 250,000 Americans may be victims each year! The rising cost of health-care will only make these crimes more prevalent going forward.

The lurking dangers of not being able to access your own health benefits or having your medical records polluted with potentially life threatening mis-information makes this topic a sure recipe for more than just heartburn.

April 19, 2008 in Data security, Federal Government

The Next Wave of Attacks

If the gatekeepers are concerned, we should be too!

If you haven’t seen reports of  the latest Identity Theft attacks plaguing our country, you haven’t been reading much news lately. Where have you been?

Even the U.S. Air Force has waged an ad campaign designed to capture the imagination of a new crop of tech savvy young recruits to help fight the current “cyber-war”. This war is not imagined or “virtual”, it is very real indeed.  

The battle is raging on many fronts. In addition to the constant daily threat from foreign governments, bored adolescent hackers and low level organized criminals, there is a new enemy emerging.

Symantec Corporation is losing sleep due to concerns about the next virulent strain of Trojan horse programs.  According to the April 2008 issue of PC Magazine, the Trojan.Silentbanker program can perform “man in the middle” attacks between users and more than 400 banks.

This Trojan monitors usage patterns on the web, while looking for bank data that it can manipulate. This program can actually re-route the account destination of banking customer transfers. Apparently, the Trojan.Silentbanker can even overcome the “safeguard” of two -factor authentication.

The article correctly distinguishes between a single bank target like those that are cloned by realistic looking “phishing” sites and the multiple bank sites susceptible to this Trojan program.

Symantec’s well known suite of anti-virus and personal firewall products are designed to protect from these threats. If you are not in the habit of updating yours, you are headed for a hard fall someday. PC Magazine also reminds never to run executables we get from strangers.

Thank goodness for warriors like our Air Force and Symantec who “sit on the wall” for us and fight evil at every turn, keeping us from losing more than just our shirts.

March 18, 2008 in Cyberwar, Data security

Guess Who's Coming to Dumpster?

Be afraid…..be very afraid.

We live in a world where our personal habits, personal preferences, personal information,  and private lives are sometimes taken for granted. Former New York Governor Eliot Spitzer now realizes the folly of this careless, foolish and whimsical approach.

Last week, msnbc.com reported about the rash of failed savings and loans who are dumping mountains of personal information into trash bins as their businesses shut their shingles, fold their tents and abandon their clients.

The article chronicles the failure of First Magnus Corp. who was one of the largest mortgage lenders in the nation. The company was hailed as a “powerhouse” of savvy technological innovation. As unimaginable as it seems, “tens of thousands” of  documents including credit card and social security numbers were “dumped” in a nearby trash bin.

It now appears that every personal tidbit we make available in the process of securing credit for mortgages and secured or unsecured personal or commercial loans is up for grabs and beyond our ability to provide or even expect protection. Is that line of credit really worth the open exposure of all your personal data?

This new reality hit home for me today as an eagle-eyed industry associate correctly pointed out that a commercial lender who served each of our company’s mutual business clients had suddenly collapsed, leaving their customers and pending applicants’ data completely unaccounted for.

Mountains of juicy private data files are turning up in dumpsters and garbage cans all over the country. This criminal carelessness leaves us all exposed and hopelessly vulnerable beyond our control.

What’s a consumer to do? Protect yourself at all costs. Private identity theft insurance, regular credit monitoring and reactive credit restoration services are all good ways of keeping your guard up. To avoid pro-active identity self-defense is foolish.

The reality is that the information that passes through our hands and into the care of nameless, faceless, careless corporate grunts cannot be safeguarded with any degree of reliability.

Despite the fact that the Fair Credit Reporting Act was amended by Congress in 2003 to mandate better consumer privacy protection, commerce and industry must each do their part.

Because of the implosion of the sub-prime lending industry, many phone lines are down, many office cubicles are empty and many trash bins are full. In the new financial frontier its “every man and woman for themselves”.

Why not begin your proactive identity theft prevention/resolution plan today?

March 13, 2008 in Data security

Page 4 of 4«1234