Category Archives: Data Loss

Data loss from left devices expected to have spiralled over holidays

Average UK citizens are expected to have lost thousands of devices over the Christmas period as over four million of us upped sticks and travelled by plane, train or automobile and transport hubs are collecting the laptops, smartphones and memory sticks that go missing as a result of the hustle and bustle.

This news has come as the result of a study commissioned by Credant Technologies, which involved contacting major UK airports and asking the lost property departments to tally up the number of data-holding devices which were left over the holiday season.

In total over 5100 smartphones and 3844 latptop computers were found at 15 locations across the country, including busy airports like Heathrow.

Those who do leave their mobile phones or laptops at the airport or on the train, can usually expect them to be sold on or given to a recycling charity if they are not claimed within an allotted period, although this does require that they are handed in rather than stolen.

It is significant to note that rather than stemming the damage of data loss, this could actually accentuate it as once the phones and computers are sold, there is no guarantee that the information stored within will be correctly erased, potentially delivering it into the hands of an unknown third party.

Identity thieves are harnessing data found on lost mobiles and the problem is only getting worse, so experts believe more needs to be done in order to ensure that losing a device does not necessarily have to result in serious data loss.

The place at which travellers are more likely to misplace their mobiles is during the rigorous security checks, according to a spokesperson representing Luton Airport. With the stress that is endemic to having your belongings scrutinised, it is thought that people are much more susceptible to forgetting to pick up their mobiles.

Mobile insurance can play a role in limiting the number of handsets which are subsequently reclaimed, as many who are covered simply make a claim and ignore the lost data which they have left behind.

McDonalds customers exposed after security breach at mail provider

Data relating to customers of the McDonald’s fast food franchise has been leaked, after a failure of the security at the company which provides the email service to the firm.

The data in question was gathered by McDonald’s from its website and was subsequently accessed illicitly by a third party, according to a statement from the company.

The data included the names, addresses, contact numbers, genders and D.O.Bs of many customers, although the exact number has not been made public at the time of writing.

The firm went on to explain that those affected would not be at risk of payment card fraud because no such information was accessed in this security breach.

McDonald’s had used Arc Worldwide to oversee a promotional email campaign for the chain and Arc had consequently handed out some of the work to yet another external firm, which has remained anonymous. It was this third firm which suffered the data breach.

McDonald’s confirmed that although it collected data on customers for promotional purposes, it did not store payment card details or other highly sensitive information which could easily be exploited.

In the aftermath of the data leak, the restaurant franchise has warned that some customers may now be contacted by scammers claiming to represent McDonald’s and, as such, has urged vigilance and care when dealing with unsolicited emails.

McDonald’s confirmed that the police and regulators are involved but would not give further details on the extent of the data loss or indeed the time frame in which it occurred.

Security expert Mark Darvill told SC Magazine, that using third party firms to provide IT services and backup data is useful, but warned that businesses like McDonald’s would need to ensure that the policies and safeguards used by external providers were in keeping with security strategies within the client’s operation.

Mr Darvill also spoke about the fact that stored data which is not regularly accessed, needs to be just as well protected as that which is in regular use.

Business smartphones suffer from data encryption deficit

A new study has found worrying evidence that a majority of smartphones used by businesses do not have any kind of encryption protecting the sensitive data which they store, leaving the door open for malicious parties to steal and corrupt corporate details and private information.

Seventy per cent of respondents to a survey carried out by security firm Check Point, said that the smartphones issued by their employers had no kind of encryption in place, while 87 per cent said that this extends across other portable storage solutions such as USB memory sticks.

The analysts claim that the study shows just how difficult it can be for IT departments to keep on top of device security, consequently making it much more difficult to counteract data loss, portable storage theft and unwarranted third party network access.

Two hundred and twenty people took part in the study and vulnerabilities were exposed in almost all of the businesses which they represent. The results are said to show that as workers move into operating more regularly in a mobile environment, the threats posed to data increase.

Many are attempting to step up efforts to stem the growth of potential data loss flaws by implementing the usage of secure VPNs on laptops, which was suggested by 52 per cent of respondents. Meanwhile, only 23 per cent said that they would be encrypting portable hard drives and a fifth said USB memory sticks would be getting encryption over the next 12 months.

Check Point’s Nick Lowe, said that because many businesses are going to increase the number of devices capable of storing data, the problems facing the security teams are becoming greater.

There is a general debate over who should be held responsible for the protection of data stored on a portable, mobile device, according to Mr Lowe.

Industry analyst Bob Tarzey, believes that with greater restrictions on personal device usage, many businesses will actually increase the number of employees who break regulations and so urges firms to employ sensible, inclusive practices, so that security can be assured without alienating the average employee.

Data loss incident affects NASA

NASA has come under fire after it accidentally leaked data on 10 computers which it was selling off after they had reached the end of their useful lives in the space agency.

The data stored on the hard drives within each of the computers was considered to be top secret and related to work on the Space Shuttle missions.

NASA conducted an internal study as a result of the data loss and it discovered that current practice does not sufficiently ensure that all sensitive information is completely eradicated during the disposal of aging hardware.

It is in NASA’s data protection policies that all outgoing computer hardware must be completely sanitised, with all relevant data erased, before it can be passed on to any third parties. Ideally, this would make it impossible for any malicious groups to reassemble the data.

The weak link in the current procedural chain seems to be a lack of communication between managers who are responsible for overseeing the sanitisation process and the engineers who test to see whether the data has been completely erased.

The investigative team discovered that in certain situations, managers were not informed if a computer failed to pass verification tests and in the worst cases, there was no kind of testing carried out. Unauthorised software was also found to have been used in attempted sanitisation incidents at the Johnson Space Centres and Langley Research Centres, which have become the centre of the scandal.

NASA IP information was found in plain sight on computers which were being taken from the Kennedy centre and readied for subsequent sale. This piece of information has proved to be particularly worrying for NASA, because with this type of data, it would be easy for a hacker to identify and attack individual NASA IT systems.

The investigation has shown that large organisations around the world are susceptible to data loss as a result of poor communication, human error and lax policy. NASA has not yet explained how it will ameliorate the situation but a shakeup is to be expected.

UK fares well in data protection study

A study conducted by Ernst & Young has looked at the state of preparedness amongst businesses from around the world when it comes to dealing with the next generation of threats to IT security and data protection, with UK firms coming off better than their international counterparts.

As part of the Global Information Security Survey, it was discovered that, on average, just a tenth of businesses are prepared to invest in studying the way in which up and coming advancements in technology are altering the security landscape.

Cloud computing and social networking are considered as the two largest areas of growth which could potentially cause problems for firms who have not considered the potential risk to security which they pose.

While the businesses may have shown a lack of willing when it comes to analysing new technology, close to two thirds of respondents said that they appreciated the potential hazards posed by outsourcing data storage to third party firms and integrating new platforms without thorough investigation.

Ernst & Young’s Seamus Reilly, said that cloud computing and social networking have made collaboration and communication between employees and clients much easier. He went on to point out that while many businesses recognise the risks involved in adopting new technology, only a small proportion are actually willing to invest in tools which can mitigate threats.

Where the UK businesses trumped the international averages was in data protection investment levels, which are set to rise in 67 per cent of UK firms next year, compared to just 46 per cent on a global basis.

Eighty-five per cent of UK firms have taken action to encrypt portable storage and laptop computers, a much healthier figure than the 47 per cent of firms who have done so across the whole of the survey.

Business continuity planning was also part of the survey and again the UK came out on top, with 93 per cent of firms saying that they have a detailed scheme for dealing with disasters, much higher than the 60 per cent global average. Eighty-five per cent of UK firms have tested their business continuity plans, while just 55 per cent have done so on average.

Data at risk as amateur employees invest in new IT systems

A study conducted by Informatica Corporation has concluded that many businesses are putting themselves at risk of data loss or security breaches, because they lack the true expertise in non-IT departments, where amateur users are executing significant decisions without involving the experts.

The report states that since figures show a 62 per cent annual increase in the amount of data which is being generated around the world, many workers are seeking more flexible solutions such as cloud computing and virtualisation, as they strive to improve productivity and the efficiency of data handling within the workplace.

Informatica is concerned that this leads to corporate systems becoming awash with varied and often competing platforms, that leave a lot to be desired in terms of security and cohesion. The firm also says that ignoring this state of affairs will mean that businesses are no longer able to generate revenue as a result of the valuable data they store going unused.

The report looked at 300 firms with over 250 workers in the UK and throughout Europe, finding that almost 40 per cent of those working in the sales and marketing divisions had complained that they had been forced to buy their own software, since their IT departments were failing to provide them with the speedy access to data that is required on a daily basis.

Informatica’s Mark Seager, explained that while cloud computing offers great opportunities for many firms, the fact that IT workers are failing to integrate it into in-house systems before other amateur employees begin to do so, can create issues further down the line.

Mr Seager said that most users expect to see improvements and changes implemented in a matter of hours and, as such, are taking the initiative where the IT departments fail to live up to their idealised view of data storage technology.

There is concern that IT will become more fragmented in the coming years if businesses do not do something to combat this dispersal of responsibility.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal