Category Archives: Data Loss

Data leak costs Swiss bank £6.23 million

A data leak error by Swiss bank UBS is alleged to have cost the organisation £6.23 million, the equivalent of $10 million, according to a report in The Telegraph.

The error occurred when an employee accidentally emailed details relating to the flotation of American car manufacturer General Motors (GM) to a list of over 100 recipients. GM made news of the leak public after it alerted the Securities and Exchange Commission in the US.

The mistake by a UBS worker has led to the firm being ditched by client GM after it had initially proposed to involve the bank in a deal that could have been worth millions.

GM said in a statement that the data contained in the leaked email, was not representative of opinions within the motor firm and claimed that share holders would be within their rights to make claims for reparations, if UBS was retained as the underwriter in the forging of a major business deal.

Check Point security expert Nick Lowe told SC Magazine, that this type of error was easy to understand and something with which many people could sympathise. When using email, clients selecting the wrong contact list and then hitting send occurs all too frequently, according to Mr Lowe.

He pointed out that data loss can easily occur within relatively secure business systems if accidental leakages occur via email in this manner and said that it was difficult to prevent this type of loss, with businesses required to plan for the aftermath as a precautionary measure.

Mr Lowe said that the best way to stop employees accidentally leaking data in this manner is to prompt them to check that their email has appropriate content and is being sent to the appropriate recipients before it is lost in the ether.

Whether or not the bank will face regulatory action as a result of this incident is unclear, but the damage to its reputation and the loss of a major client should be significant punishment and a lesson to other businesses about the potential for disaster.

Cyber war heightens focus on stealing business data, report finds

A report written by Websense has found that there are an increasing number of cyber attacks being targeted at businesses, resulting in more frequent data theft and loss.

Over the past 12 months it was found that 52 per cent of breaches in which data was stolen occurred via the internet, with nine per cent harnessing email as an alternative route into business systems.

The total number of spam mails with malicious links rose to 90 per cent when looking at the unsolicited mail statistics, which is an increase of four per cent compared to last year.

Experts now believe that cybercriminals are more able than ever before to attack and breach businesses to steal data, thanks to a host of exploitable weaknesses in current security systems.

It is said that firewalls and other common forms of protection which have been in place for years are simply not up to the task of dealing with the sophisticated nature of current attacks. By hiding malicious code in multimedia web-based content like Flash, or by harnessing social media tools and hijacking big-name brands, it is now much more difficult to detect and deflect attacks.

Analysts identify that most successful attacks are able to break through security checks because they are new variants on established malicious code, or entirely unseen entities. This leaves antivirus and firewall providers playing catch-up, as they have to patch flaws as they are discovered by the criminals.

Websense’s Dan Hubbard said that the upwards trend for malware attacks and the growing complexity which they exhibit, should be serious cause for concern among the business and data security communities.

Mr Hubbard believes that there is a simple solution to this type of attack using contextual analysis of threats, which can, in turn, make classifying and deflecting malware much easier.

By blending attacks into innocuous content on social networking sites, organised cybercriminal groups were able to make headway in 2010, according to the report.

Data theft was top of the criminal agenda this year, with an 111 per cent increase in the number of websites designed and sustained to perpetuate the spread of viruses.

Public sector device losses revealed

The loss of portable electronic devices including laptops and smartphones is regularly the bane of centrally governed organisations in the UK and now the Metropolitan Police, Ministry of Justice and Home Office have been implicated in the latest figures, which suggest that there is still a lack of policy adherence when it comes to protecting the data stored on these devices.

Since 2008 these three groups have been responsible for the loss of close to 400 such items, according to statistics obtained by F-Secure, after it made a request under the Freedom of Information Act.

One hundred and eighty nine laptops went missing in this time period in addition to 165 smartphones and other portable devices capable of storing data. The Ministry of Justice said that 13 of the lost laptops were destroyed in a fire, while 43 of the smartphones were BlackBerrys which had not been used.

Eleven laptops and 17 mobile devices were lost by the Metropolitan Police, which said it was not able to give any details about how those responsible were dealt with, as such information was not available in its central archive.

The Home Office and Ministry of Justice said that they had not seen fit to reprimand any employees as a result of the significant losses over the past two years.

F-Secure’s Tom Gaffney, said that the severity of the threat posed by these lost devices should not be underestimated as they more likely than not would contain data of national importance.

Mr Gaffney argues that these three institutions are responsible for public safety at home and by showing an inability to keep a handle on sensitive data, they are liable not only to limit their abilities to act but also damage their reputation in the public eye.

According to Mr Gaffney, the security measures and data loss prevention policies are inconsistent and inadequate in the face of contemporary threats posed by cybercriminals and international terrorists. Several high profile laptop losses have caused significant public scandals in the past, with public sector organisations often at the centre of the bother.

Celebs suffer data loss after theft of laptops

Public attention has been turned onto the potential damage that can be caused by the theft of a portable computer, after two celebrities became victims of this crime, losing significant personal data in the process.

Hollywood star Keira Knightly was one of the high profile targets who had reported two laptops taken during a break-in, according to police. Obviously the data stored on these devices could be of significant value to the tabloid press and there are concerns that the criminals will be able to make financial gains from the private information, either via blackmail or direct sale.

This news has come shortly after it was claimed an as yet anonymous pop singer was coerced by criminals, after pictures stored on a stolen laptop were used as leverage.

In this second incident two laptops manufactured by Apple were stolen from the singer, who is said to be internationally renowned, after which images depicting sensitive scenes were used to blackmail the artist.

Data security expert Christ McIntosh, said that thanks to these incidents, public awareness about how criminals who steal laptops are able to exploit the data which they contain, will be increased.

Mr McIntosh pointed out that while most data loss scandals involve public or private sector organisations, these thefts prove that individuals can be just as much at risk from similar catastrophes.

Since many people store financial details, private pictures and personal data on laptops, any exposed computing equipment becomes a target for criminals, valued more than the basic worth of the hardware alone.

Mr McIntosh is insistent that the public has no reason to live in a constant state of fear, but believes there are steps that everyone should take in order to minimise the likelihood of being impacted by data loss or theft.

Password protection, encryption of data and browsing history deletion are just a few of the recommended actions to take, along with a policy of never noting down information relating to banking, so that if a laptop is stolen, it is of little use to the criminals.

ICO criticises city council in Portsmouth over data leak

The information Commissioner’s Office (ICO) has revealed details about an unintended data leak which saw Portsmouth City Council hand over sensitive information about a local resident, after a request was made for details relating to another person entirely.

The ICO said that this occurred after a subject access request, during which a worker neglected to fully redact the documents before distribution, allowing private information to leak.

The ICO investigated this incident and revealed some worrying facts. Firstly, the person who was charged with redacting the documents was not directly in the employ of the council and, secondly, they were not adhering to the regulations relating to terms of service.

In addition, the ICO concluded that staff had not been properly instructed on how to handle and protect personal data.

The ICO’s Mick Gorrill, said that this data loss incident could have been prevented had those involved been subjected to rigorous instruction relating to the requirements of the Data Protection Act, backed up by managerial support.

Mr Gorrill said that unnecessary stress and worry could have been caused as a result of these careless actions on behalf of the council, particularly as the individual who had details exposed was completely unrelated to the issue covered by the request.

The council has said that it is aware of the severity of this incident and will endeavour to make sure that it does not recur. The ICO is hoping that this event will act as further incentive to other local authorities around the UK, resulting in a greater degree of compliance with the DPA, even when outsourcing work to third party firms.

The council head, David Williams, followed in the footsteps of other leaders by committing to an ICO formal undertaking, that will require improved training and greater data monitoring within the organisation and across its external contractors.

Experts are concerned that the ICO’s powers to fine up to half a million pounds for data loss and DPA breaches, is not really enough to encourage public sector organisations to change their policies and improve security, leading some to call for greater powers to be handed out to the regulator.

Report examines security flaws of mobile device usage

An international report has discovered that while mobile device usage is on the rise many people are combining business and pleasure in a single smartphone and, consequently, putting corporate data and personal customer details at risk of loss or theft.

More than 6000 people from around the world were questioned as part of the survey conducted on behalf of Juniper Networks, with 81 per cent of respondents saying that they hooked up their mobile devices to internal networks at their place of work, without the knowledge of their bosses.

Almost a fifth of those questioned said that they had downloaded or viewed proprietary details relating to their employer.

Juniper’s Dan Hoffman explained why businesses should be so concerned with these findings. In 98 per cent of cases the mobile devices used by employees are completely free of security software, leaving them open to exploitation by malicious parties.

Mr Hoffman was damning about the levels of spyware infection across mobile devices, claiming that Android-based smartphones are almost all infected with dangerous software, while two thirds of BlackBerry handsets are similarly afflicted.

The majority of mobile-targeted spyware is intended to harvest passwords and login details from the user, while it is not unusual to see software that is capable of listening in to phone calls and even keeping tabs on the user’s location using the integrated GPS features found on modern mobiles.

Mr Hoffman believes that thanks to the prevalence of smartphones the cybercriminals are able to infect and disrupt business with greater ease than in previous periods.

The only way to ensure that mobile devices are no longer liabilities and conduits for data loss and theft is by implementing widespread security software across all major platforms, according to Mr Hoffman.

Experts predict that while half of all mobiles have Wi-Fi connectivity today, within the coming years this will rise to 90 per cent, indicating that most people will be connected to multiple networks simultaneously and greatly increasing the risk of encountering serious problems.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal