Category Archives: Data Loss

Sony admits to huge potential data theft

April 27, 2011

Users of the Sony online gaming network could have had their personal information stolen, following on from last week�s online attack. The hack which occurred on the 20th April has left the network offline since, which has angered many of its users. This admission by Sony will heighten the concern of its members, by what already has been termed �a PR Disaster� by one technology consultant.

Only today has Sony admitted that its users may have had their personal information stolen following the hack. This is no small amount of data either given the number of users registered on the network is over 70 million worldwide.

Posting on the Sony websites blog, Nick Caplin, head of communications at Sony, states �that between April 17 and April 19 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network�.

Sony believes that user information including Names, Addresses, email accounts, Dates of Birth and user log in details have all been compromised, which has lead Sony to warn its users to be aware of email, postal and telephone scams. Additionally if users have used their credit card through the network � for example users can purchase games online � this may have also been obtained.

One senior technology consultant, Graham Cluely who works for Sophos, believes hackers could very well start using the information gleaned from the hack to attempt log ins at other sites as well as into personal email accounts. He says “The impact of this could be much greater than your typical internet hack.”
Users posting on blogs largely have been disgusted by Sony handling of the matter and why it has taken them almost a week to inform its members that a data breach has happened. Sony hasn�t indicated when the service will be available again and still remains offline.

Study finds Data Loss has affected 39% of Financial Organisations

April 8, 2011

A recent study released by Informatica, a world leading data integration specialist, states that 39% of financial organisations have experienced data loss or theft.
Of those firms affected, 87% said that it had a serious impact on their business and their operations. When it comes to protecting customer data, of the all the firms researched, 74 % admitted to having very little confidence in their company�s ability to protect this vital information.

Informatica� s Senior Vice President, John Poulter, states

�There appears to be an overwhelming lack of confidence from IT professionals that their organisations have the right measures in place to ensure that customer data remains protected and the business remains out of the firing line from industry regulators. To avoid the sting of a hefty fine from bodies such as the FSA, it�s essential that organisations clearly define their data management strategy, implement best practice and are observant when it comes to making sure that the same level of data management quality is delivered across the business at all times, whether as a part of live customer services, or in the development stages of new ones.�

The research follows the report this week from Ovum who state that IT managers aren�t up taking data loss prevention (DLP) solutions. This, Ovum state, is due to the perceived notion by some IT professionals that DLP solutions are complex and offer no immediate return on investment. So despite the worry of a breach, the fines and damage to reputation that follows, many firms it would seem only see the value of a DLP solution after the data breach has occurred.

Leicester City Council suffers data loss, again

March 29, 2011

A USB memory stick containing the details of around 4,000 people has been lost by Leicester City Council.

The loss, which was confirmed to a local paper, has been reported to the Information Commissioners Office (ICO) who have started their own investigation into the breach. The 4000 people in question were signed up to a service called LeicesterCare, which supports vulnerable city residents. The details contained medical details and 2000 keysafe codes that allowed carers into residents homes.

A spokesperson for the council confirmed the data was encrypted. However the stick was supposed to be stored in the council offices in a locked safe each night.

The spokesperson states “We can confirm we are investigating the possible loss of a data device that contains personal details of around 4,000 LeicesterCare users. At this time we have no reason to believe this data has been removed deliberately”.

Two years ago the council suffered a similar data breach when a USB stick containing the details of a number of children went missing. At the time it was unclear if the stick was lost or stolen, however it was unencrypted. The stick went missing from a council run nursery and contained the names and addresses of the children.

Selling Your Mobile Data on eBay

March 24, 2011

A recent study has found that many people selling their phones on the auctioning site ebay are not deleting sensitive data first.

Such data left on phones often consists of banking details, photographs and emails, amongst other pieces of information.

Many of the security concerns regarding computers are now applicable to mobile phones as they become increasingly sophisticated as emphasised by Joe Nocera, an information security expert at PricewaterhouseCoopers.

Researchers at CPP bought an assortment of phones and used SIM cards. The results were clear. Two hundred and seven pieces of separate pieces of information were discovered on 19 of the 35 phones in addition to 27 of the 50 SIM cards.

Information included bank account details, credit card details and login details to social networking sites, including Facebook and Twitter.

These shocking reports claim that up to half of mobile users selling their phones on the site leave them teaming with sensitive data, potentially crippling in the wrong hands. Perhaps the most apparent branch of fraud would be identity fraud.

Four in five people claim to have wiped their phone before selling it. A further six in ten are confident that all sensitive data has at least been removed, according to the report. The fact that people are convinced they have actually removed the data is very worrying indeed. It perhaps points to how difficult removing personal information from such devices, can be.

Today people upgrade mobile phones frequently, and must make a conscious effort to be less careless when it comes to loading personal data onto them.

As Danny Harrison of CPP puts it �This report is a shocking wake-up call.�

Data Breaches Costing UK Companies More

March 22, 2011

A leading data security firm has released a report stating that malicious or neglectful data breaches are costing UK companies more. Average annual costs have risen for the third year in a row, which now stands at �1.9million.

These costs are based on the clear up process after the breach as well as loss of customers and the processes of rebuilding damaged reputations and trust with customers. The largest breach in 2010 cost one company �6.2 million, �2.3 million more than the previous year�s largest cost.

37% of the breaches where down to system failures, with either errors with the technology or the policies in place for the companies data management systems. 31% of cases were down to employee negligence, with data being lost on laptops, USB sticks and phones.

A spokesman for the security firm said that cyber criminals were causing the most expensive threats to data security, with costs generated of the recovery process. Further expense was incurred by attracting new customers something which could be escalated if the breach became common knowledge.

The spokesman went on to say that companies needed to be more active rather than re-active to these breaches. “Putting measures in place after the fact is not good enough anymore,” he said. “Companies need to be alert now rather than waiting for the event to happen.”

Also high standards in compliance and regulation burdened companies even more than previous years.

U.S. Insurance Company loses nearly 2 million personal records

March 16, 2011

Following on from last weeks blog, it appears another Californian based organisation has suffered a substantial data breach.

On Monday, Health Net released a statement saying it had lost the records for 1.9 million people from its hard drives. The data could have information pertaining to people�s names and addresses as well health and financial information. The company states a full investigation has been launched.

The missing data was spotted by IBM, who support Health Net�s IT infrastructure, when they couldn�t locate nine hard drives running on the company�s servers within their data centre.

Beth Givens, director of consumer organisation Privacy Rights Clearinghouse, says the breach is one of the top 20 security breaches since 2005 in the whole of the U.S. And with the drive containing un-encrypted data was of concern; she goes on to say �The fact that a server drive is unaccounted for is astounding. Under California law this wouldn�t even be a breach if the data had been encrypted. And relative to the expense of notifying affected individuals, (encrypting records) is not expensive.�

No statement was forth coming from the company itself beyond the news release. Given the recent statistics from the Ponemon Institute concerning cost to a company per lost record ($214 per record), the financial implications of this breach could be sizeable. Health Net also suffered another data breach in 2009 when a USB hard drive went missing from their head quarters in Connecticut with the loss 1.5 million customer records.

Health Net is offering two years of free identity theft insurance and credit monitoring to help those affected, with a hotline being set up for individuals concerned by the current breach.