Friday, June 27, 2008
Hackers strike Comcast website
Hackers strike Comcast website
Chuck MillerMay 29 2008
Hackers broke into the website for Comcast overnight, replacing the cable and internet provider's web portal with a note.
Three apparent hacker groups -- Kryogenics, Defiant and EBK -- claimed responsibility, according to the note that appeared on the home page.
The hackers seized control of the Comcast.net domain name through DNS registrar Network Solutions and redirected it to servers under their control, according to published reports. The site was down for a few hours overnight but is operating normally, although some users are reporting email problems.
A Comcast spokesman said the company was working with law enforcement, reports said.
There has been no indication that any personal information was compromised. The company has 14.1 million subscribers for its online and other services.
Chuck MillerMay 29 2008
Hackers broke into the website for Comcast overnight, replacing the cable and internet provider's web portal with a note.
Three apparent hacker groups -- Kryogenics, Defiant and EBK -- claimed responsibility, according to the note that appeared on the home page.
The hackers seized control of the Comcast.net domain name through DNS registrar Network Solutions and redirected it to servers under their control, according to published reports. The site was down for a few hours overnight but is operating normally, although some users are reporting email problems.
A Comcast spokesman said the company was working with law enforcement, reports said.
There has been no indication that any personal information was compromised. The company has 14.1 million subscribers for its online and other services.
Labels: Comcast
Walter Reed suffers peer-to-peer data breach
Walter Reed suffers peer-to-peer data breach
Sue Marquette PorembaJune 03 2008
Unauthorized file-sharing is to blame for a data breach at Walter Reed Army Medical Center that exposed the personal information of nearly 1,000 patients.
Walter Reed officials said in a statement that they were notified of the possible breach on May 21 by an outside company. Preliminary results of an ongoing investigation have identified a computer from which the data was apparently compromised. Data security personnel from Walter Reed, located in Washington, D.C., and the U.S. Army continue to investigate the source and causes for the information compromise.
Victims, who are military health system beneficiaries, are being notified and offered credit monitoring services, the statement said.
“The disclosure of this information raises the possibility that individuals named in the file could become victims of identity theft,” the release said.
Other published reports stated that the file was found on a non-government, non-secure computer network.
The U.S. House of Representatives Armed Services Committee is awaiting the results of the Army's investigation into the situation, but it is troubling when private data is inappropriately released, committee chairman Ike Skelton, D-Mo., told SCMagazineUS.com on Tuesday.
“We must ensure that personal information is protected and prevent any future compromise of patient records,” he said.
The risk of data breaches will likely increase as the use of file-sharing software becomes more popular in the workplace, Kurt Johnson, vice president for business development at Courion, a provisioning and access compliance solutions firm, told SCMagazineUS.com on Tuesday.
“It's a great tool for sharing information when collaborating on a group project,” Johnson said. “But there isn't always a lot of control over who has access to the files and what information is being shared.”
The best way to protect data is develop certain rules and guidelines regarding file-sharing and then provide education on overall data security, Phil Neray, vice president of marketing at Guardium, a database security company.
“One of the biggest problems, however, is monitoring contractors,” Neray said. “Outsourcers are given access to a lot of information, and too often, they aren't being monitored.”
Sue Marquette PorembaJune 03 2008
Unauthorized file-sharing is to blame for a data breach at Walter Reed Army Medical Center that exposed the personal information of nearly 1,000 patients.
Walter Reed officials said in a statement that they were notified of the possible breach on May 21 by an outside company. Preliminary results of an ongoing investigation have identified a computer from which the data was apparently compromised. Data security personnel from Walter Reed, located in Washington, D.C., and the U.S. Army continue to investigate the source and causes for the information compromise.
Victims, who are military health system beneficiaries, are being notified and offered credit monitoring services, the statement said.
“The disclosure of this information raises the possibility that individuals named in the file could become victims of identity theft,” the release said.
Other published reports stated that the file was found on a non-government, non-secure computer network.
The U.S. House of Representatives Armed Services Committee is awaiting the results of the Army's investigation into the situation, but it is troubling when private data is inappropriately released, committee chairman Ike Skelton, D-Mo., told SCMagazineUS.com on Tuesday.
“We must ensure that personal information is protected and prevent any future compromise of patient records,” he said.
The risk of data breaches will likely increase as the use of file-sharing software becomes more popular in the workplace, Kurt Johnson, vice president for business development at Courion, a provisioning and access compliance solutions firm, told SCMagazineUS.com on Tuesday.
“It's a great tool for sharing information when collaborating on a group project,” Johnson said. “But there isn't always a lot of control over who has access to the files and what information is being shared.”
The best way to protect data is develop certain rules and guidelines regarding file-sharing and then provide education on overall data security, Phil Neray, vice president of marketing at Guardium, a database security company.
“One of the biggest problems, however, is monitoring contractors,” Neray said. “Outsourcers are given access to a lot of information, and too often, they aren't being monitored.”
Labels: Walter Reed
AT&T management staff data on stolen laptop
AT&T management staff data on stolen laptop
Dan KaplanJune 04 2008
Updated on Wednesday, June 4 at 5:52 p.m. EST
An undisclosed number of management-level workers at AT&T have been notified that their personal information was stored unencrypted on a stolen laptop.
The laptop was stolen May 15 from the car of an employee, Walt Sharp, a spokesman for AT&T, told SCMagazineUS.com on Wednesday. The data on the computer was not encrypted -- a violation of company policy -- and included names, Social Security numbers and in some cases, salary and bonus information.
Sharp said the company would not disclose the number of affected individuals, but there is no reason to believe any of the data was being targeted when the machine was stolen.
"Usually these are property crimes in which the drive is wiped clean and resold for profit," he said.
The employee who was in possession of the laptop when it was stolen has been disciplined.
"There are a number of rules governing the handling of encrypted material and the mobile devices handling that material that employees must follow," Sharp said. "It is up to the employee to ensure that any sensitive material is encrypted."
AT&T used the breach as a reminder that employees must follow policies.
This is the second major recent breach to involve an unencrypted laptop. Two weeks ago, Connecticut state officials announced that a Bank of New York Mellon contractor lost a laptop containing the personal information of some 4.5 bank customers.
Andy Kicklighter, director of product marketing for GuardianEdge, provider of mobile data protection solutions, said businesses must prioritize the need for laptop encryption and search for solutions that allow for simple implementation and manageability.
"IT organizations are afraid that it will be a big project," he said, adding that companies who have never experienced a data-loss incident also have difficulty understanding the ramifications of a breach.
"It just hasn't reached their priority level," Kicklighter told SCMagazineUS.com.
AT&T on May 23 began notifying victims through email and standard mail and is offering them free credit monitoring.
Dan KaplanJune 04 2008
Updated on Wednesday, June 4 at 5:52 p.m. EST
An undisclosed number of management-level workers at AT&T have been notified that their personal information was stored unencrypted on a stolen laptop.
The laptop was stolen May 15 from the car of an employee, Walt Sharp, a spokesman for AT&T, told SCMagazineUS.com on Wednesday. The data on the computer was not encrypted -- a violation of company policy -- and included names, Social Security numbers and in some cases, salary and bonus information.
Sharp said the company would not disclose the number of affected individuals, but there is no reason to believe any of the data was being targeted when the machine was stolen.
"Usually these are property crimes in which the drive is wiped clean and resold for profit," he said.
The employee who was in possession of the laptop when it was stolen has been disciplined.
"There are a number of rules governing the handling of encrypted material and the mobile devices handling that material that employees must follow," Sharp said. "It is up to the employee to ensure that any sensitive material is encrypted."
AT&T used the breach as a reminder that employees must follow policies.
This is the second major recent breach to involve an unencrypted laptop. Two weeks ago, Connecticut state officials announced that a Bank of New York Mellon contractor lost a laptop containing the personal information of some 4.5 bank customers.
Andy Kicklighter, director of product marketing for GuardianEdge, provider of mobile data protection solutions, said businesses must prioritize the need for laptop encryption and search for solutions that allow for simple implementation and manageability.
"IT organizations are afraid that it will be a big project," he said, adding that companies who have never experienced a data-loss incident also have difficulty understanding the ramifications of a breach.
"It just hasn't reached their priority level," Kicklighter told SCMagazineUS.com.
AT&T on May 23 began notifying victims through email and standard mail and is offering them free credit monitoring.
Labels: AT and T
FTC halts pretexting to obtain confidential information
FTC halts pretexting to obtain confidential information
Sue Marquette PorembaJune 02 2008
The Federal Trade Commission has put a permanent halt to an operation that allegedly obtained consumers' confidential phone records without their knowledge or consent, and then sold them to third parties, according to a statement by the FTC.
In addition, a U.S. judge ordered the company, Action Research Group and others connected with the company, to give up over $600,000 in profits made.
This is the latest in a series of FTC cases targeting telephone pretexters – individuals who use false pretenses to obtain consumers' confidential information.
According to an official FTC statement, the agency alleged that since at least 2005, Action Research Group, and its principals, Joseph and Matthew DePantes, sold confidential customer phone records, including lists of calls made and the dates, times, and duration of the calls, to third parties, without the knowledge or consent of the customers.
To get the records, these defendants relied upon the other defendants, Eye in the Sky Investigations, Cassandra Selvage and Bryan Wagner, who obtained them from phone companies through “pretexting.” Selling the records constitutes an invasion of privacy that could endanger the health and safety of consumers, the agency alleged.
Action Research Group and the other defendants were also involved in the Hewlett-Packard spy scandal in 2007. HP officials authorized the use of private investigators to trace boardroom leaks to the media.
The FTC filed a lawsuit against Action Research Group in February 2007. The civil suit covered, but was not exclusive, the HP scandal.
“The invasion of privacy and security from the unauthorized access to and sale of confidential customer phone records causes or is likely to cause substantial harm to consumers and the public, including, but not limited to, loss of privacy and endangering the health and safety of consumers,” the FTC said in its complaint.
According to the FTC statement, the settlement and default judgments permanently bar the defendants from obtaining, marketing or selling customer phone records or consumers' personal information derived from those records. They also bar the defendants from pretexting or using others to pretext to obtain consumers' information.
Emma McCulloch, a spokeswoman for HP, said the company had no comment.
Sue Marquette PorembaJune 02 2008
The Federal Trade Commission has put a permanent halt to an operation that allegedly obtained consumers' confidential phone records without their knowledge or consent, and then sold them to third parties, according to a statement by the FTC.
In addition, a U.S. judge ordered the company, Action Research Group and others connected with the company, to give up over $600,000 in profits made.
This is the latest in a series of FTC cases targeting telephone pretexters – individuals who use false pretenses to obtain consumers' confidential information.
According to an official FTC statement, the agency alleged that since at least 2005, Action Research Group, and its principals, Joseph and Matthew DePantes, sold confidential customer phone records, including lists of calls made and the dates, times, and duration of the calls, to third parties, without the knowledge or consent of the customers.
To get the records, these defendants relied upon the other defendants, Eye in the Sky Investigations, Cassandra Selvage and Bryan Wagner, who obtained them from phone companies through “pretexting.” Selling the records constitutes an invasion of privacy that could endanger the health and safety of consumers, the agency alleged.
Action Research Group and the other defendants were also involved in the Hewlett-Packard spy scandal in 2007. HP officials authorized the use of private investigators to trace boardroom leaks to the media.
The FTC filed a lawsuit against Action Research Group in February 2007. The civil suit covered, but was not exclusive, the HP scandal.
“The invasion of privacy and security from the unauthorized access to and sale of confidential customer phone records causes or is likely to cause substantial harm to consumers and the public, including, but not limited to, loss of privacy and endangering the health and safety of consumers,” the FTC said in its complaint.
According to the FTC statement, the settlement and default judgments permanently bar the defendants from obtaining, marketing or selling customer phone records or consumers' personal information derived from those records. They also bar the defendants from pretexting or using others to pretext to obtain consumers' information.
Emma McCulloch, a spokeswoman for HP, said the company had no comment.
Labels: Action Research Group
