Tag Archives: breach
Is your website hackable? Why you need to worry (Page 1 of 3)
Apocalypse Now
Just because you think your data is safe does not mean your database of sensitive organization information has not already been cloned and is resident elsewhere ready to be sold to the highest bidder. To make matters worse, only recently, it has been discovered that hackers are not simply selling your; theyre also selling the fact that you have vulnerabilities to others be they hackers, industrial spies or terrorists.
It all sounds apocalyptic, doesnt it? Well, rather than being an angel of doom, Ill let the stats speak for themselves.
TJX Companies Inc.,
TJX Companies, owners of T.J. Maxx, Marshalls, Winners, HomeGoods, A.J. Wright, and Bobs stores, on the 17th January this year, disclosed that 40 million of their customers credit and debit card details were stolen. In parallel, federal credit union SEFCU published a similar warning that the personal details of 10,000 of its customers were compromised in the hack attack.
Another 60 banks including Citizen Union Savings Bank and Bank of America seem to have customers whose credit and debit cards have been breached in this attack.
Ben Cammarata, Chairman and Acting Chief Executive Officer of TJX Companies, stated that the nature of the hack is not known and two computer security experts are at hand examining the problem. The warning issued by SEFCU sheds greater light and states A fraudster may have gained access to
card information through one of those entities in the payment network, including the merchant.
SC Magazine reports that hackers used data from the breach to purchase goods in a number of states in the US, in Hong Kong and in Sweden.
A digest of the latest developments follows:
* According to 3WCAX-TV Website, the attack is expected to cost consumers one-point-five (M) million dollars. This article was published before law suits started sprouting. * Brian Fraga, Standard-Times, reports that a class action lawsuit filed this week in U.S. District Court (Boston) against TJX. The amount of damages sought is undisclosed. According to SC Magazine, yesterday a West Virginia resident slapped another lawsuit and is suing TJX for $5 million. * U.S. Rep. Ed Markey, D-Mass., chairman of the House Subcommittee on Telecommunications and the Internet, has called for the Federal Trade Commission to investigate the hacking, according to a eport today in the Boston Globe. * Today, the Government of Canada, stated that it is launching an investigation into TJX and the data breach. * Of note is that the hacking may have started in May 2006 and the breach was discovered only in December 2006 (and publicized in January 2007).
Universities
University systems are usually highly decentralized which makes it hard to ensure tight security. To the extent that one department may have deployed a hardened security infrastructure while others loll in lax measures making the whole system weak.
Data Protection – Security of Personal Information
Every organization holds masses of digital data in its on-site as well as off-site storage mediums. The information it stores can be comprised of a significant portion of personally identifiable data and confidential corporate information.
All organizations should deploy appropriate security measures in place to guard the privacy of the personal information they hold. The Data Protection Act 1998 (the “Act”) requires that: “Personal information should be protected against unlawful or unauthorized use or disclosure, accidental loss, destruction or damage.” An organization that fails to effectively protect the information it holds will be in breach of the Act
This article identifies some of the practical security measures which organizations of all sizes should be considering in order to achieve an adequate level of security.
Level of Protection Required:
To determine which security measure is appropriate, organizations should consider following facts:
The value and sensitivity of the data they store;
The probable consequences of any security breach and its impact in terms of reputation loss, financial loss or integrity damage; and
The possibility of damage to individuals in case of a security breach.
The level of security required will always depend on an organizations particular circumstances.
Organizations go to great lengths to protect valuable data thats on paper and disks. Theyre kind of assets kept in locked doors and vaults.
Yet, organizations often fail to adequately protect digital information on their IT networks and hard drives-Information that is increasingly vulnerable to accidental loss and theft because of its confidentiality and organization dependency.
Much of the data so critical to organization is highly sought by cyber criminals. This includes social security numbers, credit card numbers, confidential health records and bank account records, competitive intelligence and proprietary company information.
We are all aware of the potential harm data breaches can inflict on businesses, agencies, health care organizations and schools as well as the individual involved.
Now, to solve these challenges businesses need to dig deeper. A two-in-one data protection solution is what you need if you find yourself in a similar situation. The above scenario may not be as farfetched as you may think at first. Software that allows you to encrypt your data but also makes backups of that data to your exclusive online storage account. The subscription service, when used in conjunction with Folder Lock 7 Encryption feature, offers the greater benefits of a simultaneous, automatic and real-time encryption and backup, providing both secure backup & recovery redundancy and the fastest data protection without the high cost. Your backups are stored online in a remote location, a cloud fully secured via government-grade encryption in a physically secured location.
Data Protection – Security of Personal Information
Every organization holds masses of digital data in its on-site as well as off-site storage mediums. The information it stores can be comprised of a significant portion of personally identifiable data and confidential corporate information.
All organizations should deploy appropriate security measures in place to guard the privacy of the personal information they hold. The Data Protection Act 1998 (the “Act”) requires that: “Personal information should be protected against unlawful or unauthorized use or disclosure, accidental loss, destruction or damage.” An organization that fails to effectively protect the information it holds will be in breach of the Act
This article identifies some of the practical security measures which organizations of all sizes should be considering in order to achieve an adequate level of security.
Level of Protection Required:
To determine which security measure is appropriate, organizations should consider following facts:
The value and sensitivity of the data they store;
The probable consequences of any security breach and its impact in terms of reputation loss, financial loss or integrity damage; and
The possibility of damage to individuals in case of a security breach.
The level of security required will always depend on an organizations particular circumstances.
Organizations go to great lengths to protect valuable data thats on paper and disks. Theyre kind of assets kept in locked doors and vaults.
Yet, organizations often fail to adequately protect digital information on their IT networks and hard drives-Information that is increasingly vulnerable to accidental loss and theft because of its confidentiality and organization dependency.
Much of the data so critical to organization is highly sought by cyber criminals. This includes social security numbers, credit card numbers, confidential health records and bank account records, competitive intelligence and proprietary company information.
We are all aware of the potential harm data breaches can inflict on businesses, agencies, health care organizations and schools as well as the individual involved.
Now, to solve these challenges businesses need to dig deeper. A two-in-one data protection solution is what you need if you find yourself in a similar situation. The above scenario may not be as farfetched as you may think at first. Software that allows you to encrypt your data but also makes backups of that data to your exclusive online storage account. The subscription service, when used in conjunction with Folder Lock 7 Encryption feature, offers the greater benefits of a simultaneous, automatic and real-time encryption and backup, providing both secure backup & recovery redundancy and the fastest data protection without the high cost. Your backups are stored online in a remote location, a cloud fully secured via government-grade encryption in a physically secured location.