Security Breaches

Private data has been lost by or stolen from UK local councils more than 1,000 times since 2008, a report says. The data included details relating to children and vulnerable people in care, campaign group Big Brother Watch said. Some 132 authorities said they had had a total of 1,035 cases of data loss or theft between 2008 and 2011. The Information Commissioner said it was vital councils kept data secure. The Local Government Association for England and Wales declined [...]

Southwark Council breached the Data Protection Act by misplacing a computer and some papers containing 7,200 peoples’ personal information which were discovered in a skip earlier this year, the Information Commissioner’s Office (ICO) said today. The computer and papers were mistakenly left at one of the council’s buildings at the Spa Road Complex in Southwark when it was vacated in December 2009. They were then discovered in June of this year and disposed of by the building’s new tenant. The [...]

Two-thirds of firms are at risk of security breaches because of erroneous changes being made to their security system, according to new research. Keeping firewalls and business software up to date is becoming an increasingly onerous task for the IT department, amid a cascade of patches, new vulnerabilities and changes to business processes. As a result, many systems intended to secure the enterprise are being updated incorrectly or inadequately, said Shaul Efraim, vice president of business development at Tufin Technologies. [...]

Security ninja-pen tester David Kennedy shares an interesting snapshot of the healthcare industry and security breaches this year. The findings are not pretty. On his SecManiac site is an analysis where he digs through documented data breaches as chronicled on PrivacyRights.org — a site that keeps breach stats dating back to 2005. Looking at cases for this year alone, Kennedy finds that the health sector is the hardest hit in recent months. He writes: Doing some analysis of breaches this [...]

Valve has now confirmed that the hack of its Steam forums reported last week may have included the theft of credit card numbers. The company has emailed users saying that the intruders that defaced its forums also accessed a database which included “information including user names, hashed and salted passwords, game purchases, email addresses, billing information and encrypted credit card information.” Since the card data was encrypted, it may not be usable to the attackers, operating under the handle fkn0wned. [...]

A former gambling industry worker who unlawfully obtained and sold personal data relating to over 65,000 online bingo players has been found guilty of committing three offences under section 55 of the Data Protection Act. Marc Ben-Ezra, of Finchley, was given a three year conditional discharge and ordered to pay £1,700 to Cashcade Limited as well as £830.80 costs at Hendon Magistrates Court today. Information Commissioner, Christopher Graham, said: “This case shows that the unlawful trade in personal information is [...]

Adidas has taken its website content offline after suffering what it described as a “sophisticated, criminal cyber-attack”. The German sportswear maker said it had no evidence that its consumers’ data had been impacted, but that it was taking down the affected sites to protect visitors. The news follows a series of attacks against Sony earlier in the year. Millions of users details were compromised. A statement from Adidas said that it discovered the incident on 3 November. The firm said [...]

A security breach at the secure socket layers (SSL) certificate issuing authority of Dutch telco KPN has gone undetected for four years. The company’s Corporate Markets division announced on Friday that it has stopped issuing SSL certificates because in 2007 hackers compromised one of its servers. Previously issued certificates from KPN Corporate Markets remain in play, although there is an outside chance that they may have been compromised, the company confirmed. It has replaced its web servers and says it [...]

Rochdale Metropolitan Borough Council has become the latest local authority to be named and shamed by the Information Commissioner’s Office (ICO) after breaching the Data Protection Act by losing the details of 18,000 residents on an unencrypted memory stick. The device contained names, addresses and council payment details, although not bank account details, and has yet to be recovered despite being lost in May, according to the ICO. The council failed to ensure that memory sticks were encrypted, and did [...]

In the past two days the Information Commissioner’s Office (ICO) has reported serious data breaches involving three public bodies, two of which are NHS Trusts. Yesterday the ICO said that confidential patient records were found to have been dumped in public bins by staff at University Hospitals Coventry & Warwickshire NHS Trust on separate occasions this year. Sally Anne Poole, acting head of enforcement, explained that the sensitivity of the data held by the NHS imposes a duty to protect [...]