PI Newswire

Search Results: data-security

Top 11 Privacy, Data Protection and Breach Stories of 2011

Posted on December 31, 2011 by admin | No Comments

Below are the eleven most popular news stories aggregated by PI Newswire in 2011 based on traffic and page views related to privacy, data protection and data breach.

Facebook changes privacy settings for millions of users – facial recognition is enabled
http://bit.ly/vzObAj

Facebook Privacy: 10 Must-Know Security Settings
http://bit.ly/rRiMCj

Are You Being Tracked? 8 Ways Your Privacy Is Being Eroded Online and Off
http://bit.ly/rzUV0y

Russia Considers Improving its Data Protection Law
http://bit.ly/rLYyOX

Dropbox Lied to Users About Data Security, Complaint to FTC Alleges
http://bit.ly/u5hFaG

Infected Laptop Leads to Data Breach at Pentagon Federal Credit Union
http://bit.ly/v3O0Gg

5 Biggest Private Data Breaches Remembered on Data Privacy Day
http://bit.ly/vdIWTq

Protecting Your Privacy During Divorce
http://bit.ly/sX7njG

Why Privacy Matters Even if You Have ‘Nothing to Hide’
http://bit.ly/vziMVK

Background Checks and Constitutional Privacy Rights
http://bit.ly/rDjnEG

Facial Biometrics Pose Privacy Woes
http://bit.ly/pRRn6Q

Nasdaq hackers spied on company directors, report says

Posted on October 21, 2011 by admin | No Comments

The hackers who attacked the Nasdaq last year were surreptitiously spying on public company board of directors, a new report claims.

According to Reuters, citing sources with knowledge of the ongoing investigation into the Nasdaq breach, the hackers were able to access Nasdaq’s Web-based software program, Directors Desk, to spy on company executives. According to Reuters, the software is used to facilitate communication and document sharing between Nasdaq and public companies.

Hackers reportedly breached Nasdaq defenses last year, but news of the breach wasn’t made public until earlier this year. According to a report in February, it was believed that the hackers were simply “looking around” Nasdaq’s servers, but were not able to access anything critical.

However, just a month later, sources told Bloomberg that the attack appeared to be more widespread than initially believed and the National Security Agency was involved in the investigation, prompting some to wonder if the attacks posed a national security risk.

So far, neither Nasdaq nor the NSA have commented on who might have been behind the attacks, but initial evidence seemed to point to the attacks originating in Russia. Unnamed investigators speaking to The Wall Street Journal at the time said that even though the attacks might have originated from Russia, the hackers might have been routing their attack through Russian servers to disguise their true location.

Greek police arrest suspected FBI hacker

Posted on June 8, 2011 by admin | No Comments

Greek police arrested an 18-year-old suspected of having hacked into the electronic systems of the FBI and Interpol, they announced Wednesday.

He reportedly also took over the computers of unsuspecting users, accessed their data and used it to obtain new credit cards in their names. A raid on his home turned up over 120 credit cards and thousands of euros in cash, police said.

He faces charges of computer fraud, forgery, illegal violation of privacy, and illegal weapons possession.

The teen, who was not named, was arrested at his home in Athens, according to the Greek police electronic crime squad.

They seized computers and related equipment as well as flares, shotgun cartridges and a homemade incendiary device, they said.

Greek police said they had been seeking the youth for two years, after attacks that took place in February 2008 and February 2009.

U.S. and French authorities cooperated with the investigation, they said.

View Source…

Minor Changes Urged for Data Breach Bill

Posted on September 25, 2010 by Staff | No Comments

Witnesses testifying Wednesday on a data breach bill called on senators to exempt industries from notifying individuals whose personal information is exposed if other laws require such alerts.

Melissa Bianchi, a lawyer representing the American Hospital Association, told the Senate Commerce, Science and Technology Consumer Protection, Product Safety and Insurance Subcommittee, that healthcare providers should be exempt from breach notification rules in the proposed Data Security and Breach Notification Act of 2010 because they’re covered under HIPAA, the law designed to protect patient privacy.

If hospitals must comply with Federal Trade Commission rules under the proposed bill and Department of Health and Human Services regulations mandated by HIPAA, she said, then they could be required to send two letters to the same patient for a single security incident. “That simply doesn’t make sense for patients, and it doesn’t increase the protection of their information,” she testified.

Receiving multiple notices about a single breach could confuse patients, making notifications less meaningful and, perhaps, causing them to disregard important information and not take action to protect their information and identities, she said. “If there are too many notices, at some point, letters about security breaches will become just more white noise,” Bianchi said.

Bianchi said hospitals would not object to proposed breach notification rules in the bill for their workers because HIPAA protects patient, not employee, privacy.

Social Engineering Report Shows Corporate America At Risk

Posted on September 19, 2010 by Staff | No Comments

Among the unsettling results in the final report, released today, from the Social Engineering Capture The Flag contest held in August at Defcon: Security companies were just as susceptible to social engineering as nontechnology firms, Internet Explorer 6 was still in use at 65 percent of the Fortune 500 companies targeted in the contest, and nearly 90 percent of the targets willingly opened a URL that the contestants gave them.

The contest, in which the art of social engineering was demonstrated on a rare public stage using real-world targets, was aimed at gauging the vulnerability of major corporations to social engineering. And the 17 contestants, who had to compile a dossier of as much information as they could gather passively on their assigned target company beforehand (no phone calls, email, or direct contact), had little trouble scoring information in the 25 minutes they had to social-engineer someone on the other end of the telephone line during the contest. The event was open to Defcon attendees to watch as the contestants made their calls from a soundproof booth.

Google, BP, McAfee, Symantec, Shell, Microsoft, Oracle, Cisco, Apple, and Walmart were on the list of targeted companies. The contest organizers aren’t saying which company’s employees gave up what information, but they admit the contestants were able to get plenty out of their targets.

“With every company called, if we had been hired to do an audit, they would have failed,” says Chris Hadnagy, founder of social-engineer.org, which organized the Social Engineering Capture The Flag contest.

Retailers were the savviest about not giving away too much information to a stranger over the phone, and women were more likely to stop the caller dead in his tracks, too. “We thought the AV companies would be the ones to shut us down, or the technology companies, like Cisco, Microsoft, or Apple, because they were all aware of this contest,” Hadnagy says. “And they all have some semblance of a security awareness program.”

Information insecurity: businesses not ready for cyber crime wave

Posted on September 12, 2010 by Staff | No Comments

Most, if not all executives and managers care a great deal about the security of their data. And most, if not all, would do what it takes to prevent or stop the data from being stolen or compromised. So why is data security such a big problem?

The problem is that there is so much data residing in so many parts of the organization, on so many machines, that even the most conscientious manager doesn’t have a grasp of what’s sensitive, or what’s secure and what isn’t. A lot of data might be out at vendor/partner sites. Add to this confusion is a global underworld of hackers that are constantly trying to get at valuable data for resale.

So there’s a lot of work to be done, according to poll results just released by Deloitte. In fact, fewer than six percent of respondents polled during a recent Deloitte Webcast on the topic were “highly confident” that enterprises have sufficient controls in place to minimize the occurrence of cyber crime. In fact, almost 40 percent of the 1,600 poll respondents are “not confident” in controls implemented by enterprises.

There are costs and impacts that ripple through the entire enterprise as a result of a security breach, John Clark, partner in the security & privacy services practice at Deloitt, says in the Webcast. The financial impact alone is an eye-opener — he cited estimates from the Ponemon Institute that put the average cost of a data breach at about $202 per record. In total, that results in total average loss ranges of between $613,000 to $32 million per incident, he relates.

USB stick with anti-terror training found outside police station

Posted on September 7, 2010 by Staff | No Comments

A memory stick containing anti-terror training manuals and other sensitive material was reportedly found on a street outside a Manchester police station.

The Greater Manchester Police-branded stick, which also held personnel files, was found by an unnamed businessman outside a cop shop in Stalybridge, Greater Manchester, the Daily Star on Sunday reports.

The device was branded with the GMP POTU initials of the Greater Manchester Police Public Order Training Unit and contained 2,000 files including some produced by the National Police Improvement Agency about counter-terrorism tactics. Names and ranks of officers were also found on the reportedly unencrypted device after its finder plugged it into his PC.

Superintendent Bryan Lawton, of GMP’s Specialist Operations Branch, told the Press Association: “We are aware of an article relating to the finding of a memory stick belonging to GMP by a member of the public.

“We are currently looking into who this device belongs to, what information is contained on it and the circumstances surrounding its loss.”

Data security firm Check Point said the incident emphasises the wider problem of poor portable data storage practices among many corporates.

Data Security Access Persists: Google and Skype must yield…In India

Posted on September 5, 2010 by Staff | No Comments

Telecom users in South Florida and world wide are becoming uneasy over data security access in many countries. Yesterday, India demanded access to Internet giants like Google and Skype of key data users, while it began to control the traffic between some BlackBerry phones as part of a campaign to strengthen security.

Mr. G.K. Pillai, Interior Secretary, said the government began sending notices to Google and Skype to install servers in India and allow Internet access to data which officials fear could be abused by extremists. A Google spokesman from India said: “We have not received any communication from the Government on this matter. If we do, when we do, we will review it and respond. ”

The confrontation between India and BlackBerry has been going on for weeks. The government wants to intercept messages due to security threats, but the RIM server system prevents it. RIM got this week to postpone a deadline to provide a solution to the Government, which is being evaluated. The measures taken by India could also have repercussions on the local mobile telephony market, the fastest growing in the world. Also, it could possibly generate revenues for Apple and Nokia, Blackberry’s two great rivals in India’s Smartphone market

The interior minister, Palaniappan Chidambaram, confirmed that RIM had begun to give India access to their data security on Wednesday. “Negotiations on technical solutions to boost access is proceeding and the matter will be reviewed in 60 days”, said the Minister in a statement.

Corporate Data Security In Focus Amid Apple Scandal

Posted on August 18, 2010 by Staff | No Comments

As former Apple supply chain executive Paul Devine remains under Federal custody after being charged with receiving $1 million in return for offering company data to several Asian parts suppliers, the focus turns to the efficacy of data security protocols employed by big businesses.

While applauding the way Apple cracked Devine’s data misuse, some analysts feel that valuable data would not have been compromised if better security systems and data protection protocols were in place.

“With Windows Rights Management in place, Devine might have been prevented from forwarding protected information via e-mail. Tools like Zgate or Zlock would have kept Devine from saving sensitive information to a USB thumb drive, or printing hard copies, or blocked attempts to communicate it via e-mail or social networks,” wrote Tony Bradley in PCWorld.

“Software such as Spector 360 would have captured every detail of Devine’s actions–allowing Apple to thwart the alleged unethical behavior much sooner, and giving it the tools to quickly and easily conduct an extensive investigation at the push of a button.” Bradley wrote.

Rockefeller, Pryor introduce federal data security law

Posted on August 8, 2010 by Staff | No Comments

Two senators on Thursday introduced a national data breach notification bill that also would force businesses to create measures to protect sensitive information under their control, according to a news report.

The legislation, introduced Thursday by Sens. Mark Pryor, D-Ark., and John Rockefeller, D-W.Va., would require organizations to alert victims of a breach within 60 days and provide them with two years of credit monitoring services, according to the National Journal’s Tech Daily Dose blog.

In addition, businesses and nonprofits would have to implement policies and procedures to protect their data, the blog post said.

Representatives for Pryor and Rockefeller did not immediately respond to requests for comment by SCMagazineUS.com.

Last month, Sens. Tom Carper, D-Del., and Bob Bennett, R-Utah, reintroduced a similar bill

“The Data Security Act of 2010 would require entities such as financial establishments, retailers, and federal agencies to safeguard sensitive information, investigate security breaches, and notify consumers when there is a substantial risk of identity theft or account fraud,” said a news release. “These new requirements would apply to retailers who take credit card information, data brokers who compile private information and government agencies that possess nonpublic personal information.”

Comprehensive Protection Against Fraud

Posted on July 22, 2010 by Staff | No Comments

In the past decade there has been a sharp increase in focus on the security of cardholder data held by third parties. High profile data breaches and the associated losses resulting from the fraudulent use of compromised cardholder data have made global headlines and have struck fear into consumers and merchants alike.

Well publicised breaches include the Heartland payment Systems Inc in 2008 and TJX Companies Inc in 2007. In both cases it was reported that well over 40 million card details were compromised. Although breaches tend not to be as well publicised in Europe (as the duty of disclosure is not mandated), in the UK fraud is known to have accounted for £610M of transactions in 2008 which was 0.12% of the total card turnover.

However fraud can and does, hit every corner of a business. According to a survey published in April 2010 by PwC, 92% of large British businesses have experienced some kind of security breach in the past year – including attacks by cybercriminals and accidental leaks of confidential data. According to the report, large companies are dealing with an average of 45 incidents a year – up from 15 only two years ago – and the cost incurred to deal with these incidents is soaring with the worst cases cited as costing as much as £690,000 to fix.

In addition to putting measures in place to prevent fraud at the point of purchase, merchants must also protect their infrastructures from security breaches and attacks. If network infrastructures are not protected from hackers’ intent on obtaining sensitive information such as cardholder data, hackers will penetrate systems and steal consumer and business information which will be used for fraudulent activity.

Lieberman Bill Gives Feds ‘Emergency’ Powers to Secure Civilian Nets

Posted on June 3, 2010 by Staff | No Comments

Joe Lieberman wants to give the federal government the power to take over civilian networks’ security, if there’s an “imminent cyber threat.” It’s part of a draft bill, co-sponsored by Senators Lieberman and Susan Collins, that provides the Department of Homeland Security broad authority to ensure that “critical infrastructure” stays up and running in the face of a looming hack attack.

The government’s role in protecting private firms’ networks is one of the most contentious topics in information security today. Several bills are circulating on Capitol Hill on how to keep power and transportation and financial firms running in the event of a so-called “cybersecurity emergency.”

Last week, Deputy Defense Secretary William Lynn floated the idea of extending a controversial cybersurveillance program to hacker-proof the firms. Meanwhile, the military’s new Cyber Command is readying itself to march to these companies’ aid.

Lieberman and Collins’ solution is one of the more far-reaching proposals. In the Senators’ draft bill, “the President may issue a declaration of an imminent cyber threat to covered critical infrastructure.” Once such a declaration is made, the director of a DHS National Center for Cybersecurity and Communications is supposed to “develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure.”