Data Security

Data breach hits Google

Judi Hasson — Sat, 05 Jul 2008 21:43:07 -0400

There are reports that mega-giant Google had a major data breach affecting employees. Workers hired before Dec. 31, 2005, received notices last month that their personal data, including Social Security numbers and birth dates, had been compromised by a break-in at Colt Express Outsourcing Services, a payroll and human resources company. Employees were told of the breach and are getting a free year of identity theft protection. Certain assets of Colt Express recently have been purchased by Ceridian, a much larger payroll processing and human resources company. It's ironic that most enterprises worry about remote hackers invading their systems. In this case, the breach came through an authorized vendor, and makes one wonder that if Google and its workers are vulnerable, who is safe?

For more on Google:
- Check out this eWeek.com article

Security firm needs help cracking malware

Thu, 12 Jun 2008 06:59:59 -0400

Computerworld reports that a Russian security firm is having difficulty dealing with "ransomware'' attacks where hackers have planted malware that encrypts files and then displays a message demanding money to unlock the data.

Kaspersky Lab, a Moscow antivirus firm, recently asked for assistance from cryptographers, governmental and scientific institutions, antivirus companies and independent researchers to break a new variant of Gpcode that encrypted 143 different file types. As it deals with the threat, Kaspersky has told users that backing up data is the best way, at the moment, to sidestep such scams.

For more on ransomware:
- check out this Computerworld.com article

FTC wants new powers to fight spyware

Thu, 12 Jun 2008 06:59:59 -0400

The Federal Trade Commission this week told the U.S. Senate Committee on Commerce, Science, and Transportation that it favors legislation granting it new powers to seek civil penalties in spyware cases.

The federal agency said it wants authority to assess monetary penalties when other enforcement options--such as seeking consumer redress, or making the operators give up their ill-gotten gains--are not appropriate, or are insufficient to deter spyware distributors. A stiff civil penalty, said the FTC, may serve as a strong deterrent.

To read more:
- see the agency's testimony

Bank loses 4.5 million files

Mon, 02 Jun 2008 06:59:59 -0400

It's getting to be an all-too-familiar problem--a breakdown in controls combined with carelessness leading to theft of confidential data. The latest example is the confirmation by Bank of New York Mellon Corporation that unencrypted data storage tapes holding personal information of more than 4.5 million customers were lost in transport more than three months ago by a third-party vendor.

So far, the bank said, none of the unencrypted data has been accessed or used. The loss is causing big headaches for the bank - a lawsuit and investigations by several states.

CIOs know the risks of lax security and the consequences of data theft, and need to be constantly vigilant to make sure their IT staff take every precaution to protect their companies, customers and employees.

To read more about this problem:
- see this ComputerWorld.com article

Phishers get nabbed

Thu, 22 May 2008 06:59:59 -0400

Thirty-eight people in the U.S. and Romania have been charged in two federal indictments, alleging they used a complicated Internet phishing scheme to steal thousands of credit and debit card numbers, and then tap into bank ATMs to obtain cash.

The targets were both individuals and hundreds of financial institutions, a reminder to CIOs and their IT departments to remain vigilant and to make sure employees know the risks and do not respond to bogus emails seeking personal or company information.

In the indictments coming out of California and Connecticut, federal authorities said schemes were run by individuals with ties to organized crime, and targeted banks and other companies including Citibank, Capital One and PayPal.

For more on these indictments:
- see this pcworld.com article

U.S. border laptop searches approved

Thu, 24 Apr 2008 06:59:59 -0400

A federal appeals court has made it easier for customs officials to search through the contents of a person's laptop. The decision by the U.S. Court of Appeals for the Ninth Circuit found that agents of the U.S. Department of Homeland Security's Customs and Border Protection division do not need reasonable suspicion to examine information contained on the laptop of any individual crossing the U.S. border. The court said such border searches have long been allowed for such items as a traveler's briefcase, purse, wallet or pockets.

The decision is blow to privacy advocates and could cause problems or at least possible delays for some IT executives who travel overseas with their laptops. It is expected that this ruling will be appealed but it serves as another warning for executives to tread carefully and make sure their laptops do not contain any sensitive information or questionable material that could make a routine stop at the border a long one. The case before the appeals court, by the way, involved a man who was arrested on charges of transporting child pornography on his laptop.

For more on laptop perils:
- See this ComputerWorld article

Wipe your hard drive

Mon, 14 Apr 2008 06:59:58 -0400

There are many steps to take to protect your data. One of them is to make sure your hard drive is cleaned before reusing. And remember it is important to use the technology that can sanitize hard-drive data.

For more on products to wipe your hard drive:
- See this CIO Magazine article

Data theft puts IT on hot seat

Mon, 31 Mar 2008 07:59:59 -0400

The tech industry has been analyzing and evaluating the recent theft of 4.2 million credit and debit card numbers from the Hannaford supermarket chain, a Maine-based grocer. And what they are finding is quite unsettling. While the theft is tiny in comparison with last year's massive data breach involving 94 million cardholders at The TJX, it is worrisome for different reasons. The theft was the first known heist that occurred when customer data was in transit as opposed to sitting in a database. What's more, the company was in compliance with the Payment Card Industry Data Security Standards (PCI DSS). That standard was established by major credit card companies to protect the privacy of customer data. But some experts say that is not enough of a wall to protect valuable information from being stolen. What's a company to do? Put added safeguards in place and review them often. Check out your security protections and make sure they work. Lawsuits are expected in the wake of this latest theft. And that should come as no surprise.

For more on the fallout from this data theft:
- Check out this SearchCIO article

Other articles on data theft:
- Malware blamed on supermarket leak. Article
- Questions about Hannaford theft. Article
- A well-orchestrated leak. Article

Honey, I shrank the data center

Thu, 27 Mar 2008 07:59:58 -0400

Smaller is almost always better, the sages among us sometimes say. This was the case when a facility near St. Louis run by Schneider Electric and its American Power Conversion subsidiary created a new data center, using a little common knowledge to make it better, faster and smaller. This data center is now a mostly empty building. And it was used as a test bed to show IT managers how to reconfigure their own data centers. Chances are that most IT executives are working with an over-sized and inefficient facility.

For more on developing smaller data centers:
- See this Baseline.com article

More tech stories from the FierceCIO network:
> Windows Mobile 6.1 arriving next week? Article
> AMD to lay off 5 percent of workforce? Article
> Verizon reveals open development plans. Article

ALSO NOTED: The CIO must think like a politician;Are CIOs facing pressure to trim staff?;

Thu, 31 Jan 2008 06:59:58 -0500

> The CIO must think like a politician. Article
> Are CIOs facing pressure to trim staff? Article
> Four cases of data security breaches. Article
> Get paid for a job interview. Article
> Management gets the bulk of corporate training $$$. Article
> For CIOs: 10 free technology tools. Article
> Internet breakdown in Egypt and India. Article

And Finally... Watch out for the Valentine's Day worm. Article