DT Reports on Data Misuse

October 30, 2008 — 585

BONN, Germany — Deutsche Telekom today announced more findings concerning breaches of data privacy regulations and the investigation of additional incidents. The new Member of the Board of Management responsible for Data Privacy, Legal Affairs and Compliance, Dr. Manfred Balz, explained the incidents the company is now investigating. “Data privacy is now represented directly at Board of Management level: As the new Member of the Board of Management, I am personally committed to the issue,” Balz emphasized. “At the same time, I extend this obligation to every manager and employee who has to do with the privacy and security of customer data.”

 

At the beginning of October the Board of Management tasked Group Internal Audit with the review of measures taken within the Group in response to the theft of 17 million sets of customer data in 2006. A report has now been submitted. The investigations were in response to open questions generated by the most recent findings relating to the theft of data

 

Source

Tags: , ,
Posted in Data Misuse, Data Theft. Tags: , . No Comments »

The ID Theft Task Force

October 24, 2008 — 585

The ID Theft Task Force (the Americans always come up with cool names), was set up by “W” Bush in May 2006, and has now up with its first report and is available here .

There are no shock results; recommendations for more arrests and convictions and less loss of data. But, for those interested in the field, worth a read.

Tags: ,
Posted in Data Theft. Tags: . No Comments »

DarkMarket Is Taken Down

October 17, 2008 — 585

A website used by criminals to buy and sell credit card details and bank log-ins has been shut down after a police operation, the BBC has learned.

International forum Darkmarket ran for three years and led to fraud totalling millions of pounds.

Nearly 60 people connected with the site have been arrested in cities including London and Manchester as well as in Germany, Turkey and the US.

Source

Tags: , ,
Posted in Data Misuse, Data Theft. Tags: , . No Comments »

FBI sees rise in computer crime

October 16, 2008 — 585

Source

Computer spying and theft of personal information have risen notably in the past year, costing tens of millions of dollars and threatening U.S. security, the FBI’s cyber division head said on Wednesday.

FBI Assistant Director Shawn Henry told reporters that organized-crime groups are drawn by the ease of reaching millions of potential victims.

He said as many as two dozen countries have taken an “aggressive interest” in penetrating the networks of U.S. companies and government agencies.

He declined to specify countries, but U.S. intelligence agencies have voiced concern over Russia and China’s abilities to electronically spy on the United States and disrupt U.S. computer networks.

As one possible example of Russia’s electronic spying prowess, Georgia accused Moscow in August of conducting “cyber warfare” to shut down Georgian government websites at the same time as it carried out a military offensive.

U.S. federal agents are stepping up efforts to fight computer crime, and working with foreign counterparts where the rising wave of computer attacks has awakened international interest, Henry said.

“Over the past year the malicious activity has become much more prevalent,” Henry said. “The threat continues to increase.”

An attack method growing in popularity is “botnets,” in which malicious software spreads via viruses to computers of unwitting individuals and companies forms networks that can then be used for data theft or shutting down a system,

Source

Tags: ,
Posted in Data Misuse, Data Theft, US Law. Tags: . No Comments »

Would they Steal your Data? Too Right!

October 11, 2008 — 585

A survey by Cyber Ark has found that 88% of IT professionals would take data with them if they were sacked.

While this figure may sound high, this is backed up by other surveys. In 2004 a survey stated that 70% of the work force would consider stealing data when they left.

Other statistics in the from the US also show how high data theft is.

 

 

 

 

 

 

 

 

 

 

Tags:
Posted in Data Theft. Tags: . No Comments »

Data Theft: RAF

September 28, 2008 — 585

50,000 personnel records have been stolen from the RAF, rather than the usual case of “lost data”.

The theft actually took place on 17th September 2008, but has only just been reported publicly.

Three USB hard drives, containing 50,000 records of personnel information, with everything from names, and dates of birth to confidential staff reports, were stolen from the Service Personnel and Veterans Agency office at RAF Innsworth , near Gloucester.

The data was, of course, not encrypted. When will they learn?

Its not even the first time the MoD has had data stolen or lost

Related Articles

BBC

Mirror

IT Vibe

Daily Record

 

 

 

Tags: , , ,
Posted in Data Theft. Tags: , . No Comments »

We know what is lost, but how much is stolen?

September 17, 2008 — 585

There are numerous reports of “data loss” by the government, almost one every month, whether its the NHS, the MoD, or the  Home Office, no government department is free from these failures.

But this is known losses, but how much is stolen without the governments knowledge?

The key thing to remember about data is that if you “steal it” nothing is missing, its not like taking jewels. So unless there are technical solutions in place to monitor and/or stop this, there is no way of knowing if data has been stolen or not. We know that the UK Government do not have these systems in place, therefore data theft almost certainly must occur.

So how much is stolen? Well the government would like us to believe the data is highly protected and only accessed by highly competent people, but we know that the “Data Guardians” are anything but that.

While we can not say how much data is stolen, we can use some very relevant statistics to try and predict this.

The Identity Theft Centre reported in their 2007/2008 report that loss/thefts have the following break down:

  • 12.9% hacking
  • 15.6% theft by company employees
  • 21% lost laptops and other digital media
  • 14%, accident publishing
  • 11% due to subcontractors

I.e the amount of theft by employees is about 70% the size of the data loss. Therefore for every 10 records lost by government failings 7 will be stolen (mainly due to unprotected systems).

To put this in perspective 37 million records were reported lost in the UK in 2007, therefore we would estimate that round 25 million records to have been stolen.

This means that 25 million records could have been deliberately stolen, mainly from the government, for the purposes of crime.

While this figure is high its not unreasonable.

91% of senior technical staff (CTO’s) believe that cyber crime is a major problem for their company, and the government has invented new powers and laws to try and crack down on the trade in data.

We know it occurs in theory and in practice, and market and government agree. So what are the government doing to stop this?

Nothing.

Tags: ,
Posted in Data Loss, Data Theft. Tags: , , . No Comments »

Data Theft Statistics

September 13, 2008 — 585
  • 91.1 % of IT security proffesionals stated that they percieved cyber crime as a major business risk
  • 95% of IT security proffesionals in the financial sector percieved cyber crime as a major business risk
  • 73% of CIO/CSO’s stated they there were concerned about data theft than hacking.
  • 68% of CIO/CSOs stated that critical data was at risk
  • 25% of CIO/CSOs stated that there had been a breach of their data
  • 42% did not know if there has been a breach
  • Source

Those who have had their data stolen deliberately, e.g by theft from an employee with access to the data, are 12 times more likely to be victims of fraud than those who have their data lost by accident (e.g missing laptop) Source

More than 244 million pieces of data have been lost or stolen (at the time of writing) according to Privacy Rights Clearinghouse.

According to the Identify Theft Centre there have been 449 incidents of data breaches so far this year (in the US). This is more than the whole of last year.

In over 40% of the incidents of data breaches/data theft the number of records lost/exposes is not reported or fully dislclosed. I.e all the figures are a lot higher. Source (ITC) ITC 2008 Report

The categorization of breaches by industry verticle was:

  • 37% for Business
  • 20.3% for Educational
  • 15.6% for Medical/Healthcare
  • 15.4% for Government/Military
  • 11.6% for “Banking/Finance

Causes of data theft/loss were catergorised as follows:

  • 12.9% hacking
  • 15.6% theft by company employees
  • 21% lost laptops and other digital media
  • 14%, accident publishing
  • 11% due to subcontractors

Source

 

 

 

 

Tags: ,
Posted in Data Loss, Data Theft. Tags: , . No Comments »

HSBC and others have data lost in hack in UAE

September 13, 2008 — 585

Banks in the United Arab Emirates are struggling to resolve a security breach after it emerged that hackers used counterfeit bank and credit cards to steal funds from customers’ accounts.

The lenders declined to say how much money had been stolen or how many accounts were skimmed, but an initial investigation by the banks indicated that cash machines were rigged with devices that stole customers’ PINs as they made withdrawals.

Suvo Sarkar, general manager of retail banking for Emirates NBD, one of the nation’s largest lenders, said: “We don’t really know how this happened.”

However, one industry source suggested that the problem could be internal and more widespread. “The fact that the stolen numbers appear to have been stolen randomly suggests the banks themselves were somehow breached.”

Banks inolved include HSBC, Citibank, Lloyds TSB, National Bank of Abu Dhabi and Emirates NBD

Source

Posted in Data Theft. Tags: . No Comments »

100 million details stolen

August 13, 2008 — 585

Eleven people alleged to have stolen the credit card details of up to 100 million shoppers, including customers of T.K. Maxx stores in Britain, have been charged in the biggest identity theft case in the US.

A virtual United Nations of criminal co-operation was revealed, with charges being laid against three Americans, three Ukrainians, two Chinese, an Estonian, a Belarussian and a suspect known only by his online name, Delpiero.

Security experts gave warning yesterday that many British retailers were unwilling to update their computer systems and were still unprepared for such attacks.

The suspected computer hackers are believed to have been led by a double-dealing US Secret Service informant in Miami, who is accused of continuing his criminal career even while helping authorities to pursue other cyber-criminals.

“So far as we know, this is the single largest and most complex identity theft case ever charged in this country,” Michael Mukasey, the US Attorney-General, said in Boston on Tuesday.

Sources

Posted in Data Loss, Data Theft. No Comments »
Newer posts »