Insecure folder on NSK Americas' internal network
Technorati Tag: Security Breach
Date Reported:
1/25/08
Organization:
NSK Ltd.
Contractor/Consultant/Branch:
NSK Americas, Inc.
Victims:
NSK employees, past employees, and retirees
Number Affected:
~2,000
Types of Data:
Names, Social Security numbers, and salaries
Breach Description:
NSK Americas has reported a breach to the New Hampshire State Attorney General in which a folder containing sensitive personal information was found to be inadequately secured on their internal network.
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
NSK Americas, Inc. recently became aware that a computer folder containing employee
data on our internal corporate server was not properly secured
The affected folder included the names, Social Security numbers and salaries of approximately 2,000 current, former and retired employees
The affected folder was on an internal NSK server which was not accessible by non-NSK employees
We immediately secured the affected folder and launched an investigation to detennine the facts.
We promptly retained Kroll On-Track, an industry-leading security consulting firm, to help us. As a part of this investigation and with the assistance of Kroll, we conducted a detailed review of all network logs to determine if the information was inappropriately accessed or downloaded to personal computers.
Based on our investigation, security for this particular folder was likely compromised due to an IT administrative error when information was migrated to a new server in June 2006.
Based on our corporate IT infrastructure, only 360 people out our employee population of 1,600 would have been able to access this document
As of now, we have confirmed that only a few employees gained access to the data file without authorization.
In addition, we are working with Kroll to determine if any other corrective or improved security measures are necessary.
we have also contracted with Kroll ID TheftSmart firm to provide credit monitoring and other related services at no cost to our employees
[Evan] Sounds like Kroll got some good business out of this breach. I have never worked with Kroll, so I don't know enough to comment.
NSK is committed to never compromising your personal information. We have a zero tolerance privacy policy and do everything we can to make sure your data is protected.
Commentary:
NSK deserves credit for doing the right thing security-wise. Did they do the right thing business-wise? How many companies encounter similar circumstances during their day-to-day operations that simply overlook it as a non-incident worthy of reporting?
Based on this response and the retention of outside help, NSK has demonstrated that they are willing to do what it takes to secure personal information.
Past Breaches:
Unknown
Date Reported:1/25/08
Organization:
NSK Ltd.
Contractor/Consultant/Branch:
NSK Americas, Inc.
Victims:
NSK employees, past employees, and retirees
Number Affected:
~2,000
Types of Data:
Names, Social Security numbers, and salaries
Breach Description:
NSK Americas has reported a breach to the New Hampshire State Attorney General in which a folder containing sensitive personal information was found to be inadequately secured on their internal network.
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
NSK Americas, Inc. recently became aware that a computer folder containing employee
data on our internal corporate server was not properly secured
The affected folder included the names, Social Security numbers and salaries of approximately 2,000 current, former and retired employees
The affected folder was on an internal NSK server which was not accessible by non-NSK employees
We immediately secured the affected folder and launched an investigation to detennine the facts.
We promptly retained Kroll On-Track, an industry-leading security consulting firm, to help us. As a part of this investigation and with the assistance of Kroll, we conducted a detailed review of all network logs to determine if the information was inappropriately accessed or downloaded to personal computers.
Based on our investigation, security for this particular folder was likely compromised due to an IT administrative error when information was migrated to a new server in June 2006.
Based on our corporate IT infrastructure, only 360 people out our employee population of 1,600 would have been able to access this document
As of now, we have confirmed that only a few employees gained access to the data file without authorization.
In addition, we are working with Kroll to determine if any other corrective or improved security measures are necessary.
we have also contracted with Kroll ID TheftSmart firm to provide credit monitoring and other related services at no cost to our employees
[Evan] Sounds like Kroll got some good business out of this breach. I have never worked with Kroll, so I don't know enough to comment.
NSK is committed to never compromising your personal information. We have a zero tolerance privacy policy and do everything we can to make sure your data is protected.
Commentary:
NSK deserves credit for doing the right thing security-wise. Did they do the right thing business-wise? How many companies encounter similar circumstances during their day-to-day operations that simply overlook it as a non-incident worthy of reporting?
Based on this response and the retention of outside help, NSK has demonstrated that they are willing to do what it takes to secure personal information.
Past Breaches:
Unknown
Posts Atom 1.0
Comments