Some of the other noteworthy breaches last week, 6/16/08 - 6/22/08
Technorati Tag: Security Breach
The Breach Blog
Just SOME of the other noteworthy breaches from the past week (6/16/08 - 6/22/08)
Citibank Hack Blamed for Alleged ATM Crime Spree
By Kevin Poulsen, Wired.com, 6/18/08
Security firm finds server with health-care data
By Jeremy Kirk, NetworkWorld, 6/18/08
Bank scam spreads as institutions look for possible source of breach
By Leanne Tokars, WSBT Channel 22 News, 6/18/08
Parents livid over database putting student profiles, pictures online
By Mohit Joshi, Top News, 6/16/08
Blears PC loss - officials blamed
BBC News, 6/17/08
Personal details of thousands of patients stolen from hospital in new security blunder
By James Tozer, The Daily Mail, 6/18/08
To Readers: I am testing this weekly "Other noteworthy breaches" post. I am using this first one to gauge interest and decide if it is something we should continue. Please feel free to comment.
The Breach BlogJust SOME of the other noteworthy breaches from the past week (6/16/08 - 6/22/08)
Citibank Hack Blamed for Alleged ATM Crime Spree
By Kevin Poulsen, Wired.com, 6/18/08
A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors.
The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank's systems, experts say.
The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank's systems, experts say.
Security firm finds server with health-care data
By Jeremy Kirk, NetworkWorld, 6/18/08
Security researchers with Finjan Software are seeing a growing thirst from cybercriminals for data other than credit-card numbers, with the latest findings including servers containing passwords leading to heath-care records and airline systems data.
The problem is two-fold: sensitive data is being stolen after PCs are infected with malicious software, and then that data sent to unprotected remote servers, said Yuval Ben-Itzhak, chief technology officer for Finjan. The content of those servers is then indexed by search engines, leaving it open to anyone who uses the right query terms.
The problem is two-fold: sensitive data is being stolen after PCs are infected with malicious software, and then that data sent to unprotected remote servers, said Yuval Ben-Itzhak, chief technology officer for Finjan. The content of those servers is then indexed by search engines, leaving it open to anyone who uses the right query terms.
Bank scam spreads as institutions look for possible source of breach
By Leanne Tokars, WSBT Channel 22 News, 6/18/08
SOUTH BEND - An international bank scam is spreading, and there is some idea how that information may have gotten out.
Hundreds of people and dozens of banks and credit unions across our area are trying to recover from a major security breach.
[Evan] This story is related to the "1st Source Bank reissues all debit cards in response to breach" posting on 5/30/08. Another supporting story; Fraudulent ATM transactions overseas could be tied to Indiana bank breach This is a winding storyline.
Hundreds of people and dozens of banks and credit unions across our area are trying to recover from a major security breach.
[Evan] This story is related to the "1st Source Bank reissues all debit cards in response to breach" posting on 5/30/08. Another supporting story; Fraudulent ATM transactions overseas could be tied to Indiana bank breach This is a winding storyline.
Parents livid over database putting student profiles, pictures online
By Mohit Joshi, Top News, 6/16/08
Melbourne, June 16: With the State government planning to post the profile of every state school student on its intranet database, called OneSchool, parents in Australia are livid over the fact that it will make their kids vulnerable to paedophiles.
OneSchool, will provide each and every detail of the state's 480,000 public school students enrolled from Prep to Year 12, for which, the photographs, personal details, career aspirations, off-campus activities and student performance records are already being collected from all 1251 state schools.
[Evan] I think I’d be livid too. Are parents given the opportunity to opt out, without penalty or lost opportunities? "According to Education Minister Rod Welford, if the parents refuse to give their consent to their child being profiled, they could also be denied access to public education."
OneSchool, will provide each and every detail of the state's 480,000 public school students enrolled from Prep to Year 12, for which, the photographs, personal details, career aspirations, off-campus activities and student performance records are already being collected from all 1251 state schools.
[Evan] I think I’d be livid too. Are parents given the opportunity to opt out, without penalty or lost opportunities? "According to Education Minister Rod Welford, if the parents refuse to give their consent to their child being profiled, they could also be denied access to public education."
Blears PC loss - officials blamed
BBC News, 6/17/08
Information on a computer stolen from Communities Secretary Hazel Blears' office had been sent in breach of data security rules, it has emerged.
The Communities and Local Government department admitted its officials had "not fully" complied with guidance on handling sensitive data.
Its top civil servant Peter Housden said "no damage had been done" as the documents were not secret.
The computer contained a combination of constituency and government information relating to defence and extremism.
[Evan] It is disappointing to read about breaches where the government does not follow its own laws and regulations. Mr. Housden claims that the files were "not secret". They certainly weren’t public, were they?
The Communities and Local Government department admitted its officials had "not fully" complied with guidance on handling sensitive data.
Its top civil servant Peter Housden said "no damage had been done" as the documents were not secret.
The computer contained a combination of constituency and government information relating to defence and extremism.
[Evan] It is disappointing to read about breaches where the government does not follow its own laws and regulations. Mr. Housden claims that the files were "not secret". They certainly weren’t public, were they?
Personal details of thousands of patients stolen from hospital in new security blunder
By James Tozer, The Daily Mail, 6/18/08
Laptops holding tens of thousands of patients' records have been stolen from a hospital and a GP's home, it emerged yesterday.
In the latest lost personal data scandal, the information was stored on the machines in contravention of NHS guidelines.
It was revealed that details of 20,000 patients were on six laptops stolen earlier this month from filing cabinets at St George's Hospital, in Tooting, South West London.
[Evan] This is six stolen laptops in one month, and the four breaches in one year?! The exposed information in this breach was "names, postcodes, hospital numbers and dates of birth". Check out the excuse for storing confidential information on these poorly secured laptops; "Normally such information is stored on the hospital's central network, but because of technical problems it was being stored temporarily on the laptops."
In the latest lost personal data scandal, the information was stored on the machines in contravention of NHS guidelines.
It was revealed that details of 20,000 patients were on six laptops stolen earlier this month from filing cabinets at St George's Hospital, in Tooting, South West London.
[Evan] This is six stolen laptops in one month, and the four breaches in one year?! The exposed information in this breach was "names, postcodes, hospital numbers and dates of birth". Check out the excuse for storing confidential information on these poorly secured laptops; "Normally such information is stored on the hospital's central network, but because of technical problems it was being stored temporarily on the laptops."
To Readers: I am testing this weekly "Other noteworthy breaches" post. I am using this first one to gauge interest and decide if it is something we should continue. Please feel free to comment.
Posts Atom 1.0
I like this digest of breaches. Although the single posts are great during the week, having a "roundup" of breaches makes it very clear where, what, and how much happened in a week.
Reply to this