Small company break-in affects up to 1000 customers
Technorati Tag: Security Breach
Date Reported:
11/16/07
Organization:
A.J. Falciani Realty
Contractor/Consultant/Branch:
None
Victims:
A.J. Falciani clients
Number Affected:
between 500 and 1000
Types of Data:
Name, address, telephone and Social Security number.
Breach Description:
Unknown burglars broken into the offices of A.J. Falciani Realty and stole numerous items belonging to the business, among them were computers which contained sensitive personal information about clients of the real estate firm.
Reference URL:
Bridgeton News Story
The Daily Journal Story
Report Credit:
James P. Quaranta, Staff writer for The Daily Journal
Response:
From the sources cited above:
Burglars took computers containing personal information of hundreds of clients of AJ Falciani Realty from the real estate firm's office in the 1600 block of East Oak Road earlier this week.
The information included names, addresses, and telephone and Social Security numbers of between 500 and 1,000 people entered into the agency's computers during the past seven years, according to a police report.
[Comfyllama] The problem here is recording and keeping Social Security numbers. There is no need to keep this information.
Albert Falciani, who owns and operates the East Oak Road business, told officers the computers contain about seven years worth of data.
A 9 mm handgun and a quantity of business checks also were taken.
[Comfyllama] If the stolen personal information didn't get the police department's attention (which in some cases in some jurisdictions it doesn't), the stolen gun surely will!
In addition, a lock box that held listings of code lock information was taken.
[Comfyllama] This is bad. This lockbox contains the necessary information to obtain physical access to client's homes.
"There is a police investigation, and we have a private investigator," Falciani said.
The break-in occurred between 5:15 p.m. Tuesday and 8:53 a.m. Wednesday.
There were no witnesses to the theft, and the building is not equipped with an alarm or camera system, police said.
[Comfyllama] Physical security must compliment logical security, but in this case it appears the both were lacking.
Police suggest anybody who is concerned about identity theft request a free credit report from the three reporting agencies, Equifax, Experian and TransUnion.
[Comfyllama] Also, call the fraud units of the three major credit bureaus mentioned and request a "fraud alert" be placed on your credit file. Check all of your monthly financial statements for accuracy regularly. Call the police department and ask for a copy of the police report for your files. Contact your financial institutions and request they flag your accounts and instruct them to contact you immediately if there is unusual activity on your accounts. Lastly, file a complaint online with the Federal Trade Commission (FTC). Taking these steps should put you in a better position should something happen.
"Anytime you provide personal information to any store, business, bank or mortgage company, there is always a possibility that such information could be released or accessed illegally," Detective Lt. Tom Ulrich said.
[Comfyllama] Sad but true. The information you give out is yours and you have the right to ask questions before giving it out. Ask the company some simple questions about their use of your information and make a judgment based on the answers given. If a bank teller can answer my questions to my satisfaction, then I would feel pretty good about doing business with them. The risk is still there, but in my mind it has been minimized somewhat.
Commentary:
This breach points out a very significant issue in many small companies. Often times information security in small companies is an afterthought. I assume that A.J. Falciani just didn't know any better, but now they probably do and it’s too late in regards to this breach. Small companies need to understand that they have just as much of an obligation to protect information as large companies with multi-million dollar security budgets.
State and federal lawmakers, organizations and customers are starting to hold small companies accountable. Lack of security could be the difference between growth and bankruptcy. Small companies would do well to obtain professional information security guidance from reputable consultants not their IT shops. Minnesota (my home state) has numerous laws related to information security that apply to companies of all sizes.
Past Breaches:
Unknown
Date Reported:11/16/07
Organization:
A.J. Falciani Realty
Contractor/Consultant/Branch:
None
Victims:
A.J. Falciani clients
Number Affected:
between 500 and 1000
Types of Data:
Name, address, telephone and Social Security number.
Breach Description:
Unknown burglars broken into the offices of A.J. Falciani Realty and stole numerous items belonging to the business, among them were computers which contained sensitive personal information about clients of the real estate firm.
Reference URL:
Bridgeton News Story
The Daily Journal Story
Report Credit:
James P. Quaranta, Staff writer for The Daily Journal
Response:
From the sources cited above:
Burglars took computers containing personal information of hundreds of clients of AJ Falciani Realty from the real estate firm's office in the 1600 block of East Oak Road earlier this week.
The information included names, addresses, and telephone and Social Security numbers of between 500 and 1,000 people entered into the agency's computers during the past seven years, according to a police report.
[Comfyllama] The problem here is recording and keeping Social Security numbers. There is no need to keep this information.
Albert Falciani, who owns and operates the East Oak Road business, told officers the computers contain about seven years worth of data.
A 9 mm handgun and a quantity of business checks also were taken.
[Comfyllama] If the stolen personal information didn't get the police department's attention (which in some cases in some jurisdictions it doesn't), the stolen gun surely will!
In addition, a lock box that held listings of code lock information was taken.
[Comfyllama] This is bad. This lockbox contains the necessary information to obtain physical access to client's homes.
"There is a police investigation, and we have a private investigator," Falciani said.
The break-in occurred between 5:15 p.m. Tuesday and 8:53 a.m. Wednesday.
There were no witnesses to the theft, and the building is not equipped with an alarm or camera system, police said.
[Comfyllama] Physical security must compliment logical security, but in this case it appears the both were lacking.
Police suggest anybody who is concerned about identity theft request a free credit report from the three reporting agencies, Equifax, Experian and TransUnion.
[Comfyllama] Also, call the fraud units of the three major credit bureaus mentioned and request a "fraud alert" be placed on your credit file. Check all of your monthly financial statements for accuracy regularly. Call the police department and ask for a copy of the police report for your files. Contact your financial institutions and request they flag your accounts and instruct them to contact you immediately if there is unusual activity on your accounts. Lastly, file a complaint online with the Federal Trade Commission (FTC). Taking these steps should put you in a better position should something happen.
"Anytime you provide personal information to any store, business, bank or mortgage company, there is always a possibility that such information could be released or accessed illegally," Detective Lt. Tom Ulrich said.
[Comfyllama] Sad but true. The information you give out is yours and you have the right to ask questions before giving it out. Ask the company some simple questions about their use of your information and make a judgment based on the answers given. If a bank teller can answer my questions to my satisfaction, then I would feel pretty good about doing business with them. The risk is still there, but in my mind it has been minimized somewhat.
Commentary:
This breach points out a very significant issue in many small companies. Often times information security in small companies is an afterthought. I assume that A.J. Falciani just didn't know any better, but now they probably do and it’s too late in regards to this breach. Small companies need to understand that they have just as much of an obligation to protect information as large companies with multi-million dollar security budgets.
State and federal lawmakers, organizations and customers are starting to hold small companies accountable. Lack of security could be the difference between growth and bankruptcy. Small companies would do well to obtain professional information security guidance from reputable consultants not their IT shops. Minnesota (my home state) has numerous laws related to information security that apply to companies of all sizes.
Past Breaches:
Unknown
Posts Atom 1.0
Comments