Added: 22/2/2012

Many of us have all heard of the acronyms BYO (bring your own), BYOW (bring your own wine) or BYOB (bring your own booze). It’s where an unlicensed restaurant allows you to bring your own wine, sprits, cider or beer for no charge or for a small corkage cost. Similarly, within many IT environments there is now a tendency to allow employees to BYOD (Bring Your Own Device). Many organisations allow their workers to bring their own PCs, smartphones, USB hard drives, laptops and tablets.

Added: 20/2/2012
Taken from ico.gov.uk

A receptionist who unlawfully obtained her sister-in-law’s medical records in order to find out about the medication she was taking has been found guilty of an offence under section 55 of the Data Protection Act. Usha Patwal, of Romford, was given a two year conditional discharge and ordered to pay £614 prosecution costs by Havering Magistrates Court today. The offence was uncovered when Patwal’s sister-in-law received texts.

Added: 15/2/2012

Generally when someone wants to encrypt a file, folder or email they use a password to protect it. Many people use Microsoft Office Suite's inbuilt encryption which is part of Word, Excel, Access and PowerPoint. Another commonly used application is WinZip which holds multiple files and can be password-protected. While such options are fast, simple and often free they do not offer the greatest security in the world.

Added: 15/2/2012
Taken from ico.gov.uk

The Information Commissioner’s Office (ICO) has today published new guidance making it clear that information concerning official business held in private email accounts is subject to the Freedom of Information Act. Information Commissioner, Christopher Graham said: “It should not come as a surprise to public authorities to have the clarification that information held in private email accounts can be subject to Freedom of Information law if it relates to official business.

Added: 13/2/2012

Data Defender is running a User Awareness Training 1/2 day training course on 29/2/2012 in the afternoon. There is no cost to the event or catch but you need to be a genuine charity to attend. Find out more and book at http://www.eventbrite.co.uk/event/2853323367

Added: 8/2/2012
Taken from ico.gov.uk

‘Significant progress’ has been made in identifying those responsible for sending spam texts, the Information Commissioner’s Office (ICO) said today. The update comes as figures from the ICO’s consumer survey show that 95% of people find spam texts either inconvenient, concerning or distressing. The ICO’s investigation into accident claim spam texts and other similar messages began in early 2011.

Added: 06/2/2012

How do you secure your data? The standard response is that there’s a firewall and antivirus system for that – even some IT security specialists think this is adequate. Cyber threats from the likes of trojans, worms, viruses, DoS (denial of service) and hackers are a real threat; but they are by no means the only security threats facing companies, which is why it’s really important that businesses think outside of the box.

Added: 3/2/2012
Taken from ico.gov.uk

The Information Commissioner's Office (ICO) has today served a monetary penalty of £130,000 to Powys County Council for a serious breach of the Data Protection Act where the details of a child protection case were sent to the wrong recipient. The penalty is the highest that the ICO has served since it received the power in April 2010 and follows a less serious, but similar incident.

Added: 1/2/2012

Months have passed from the last major story relating to Anonymous and LulzSec. It seems they are back with their “robin hood” tendencies. They say their “goal was to use the credit data to take a million dollars and give the money away as Christmas donations”, from the target for this was Strategic Forecasting Inc which is an intelligence think tank with around 70 staff based in Austin.

Added: 30/1/2012

From today all articles will now have a category assigned to them. Hopefully this will make our blog easy to navigate.

• General Blog - content created by Data Defender
• Topical Blog- content created by Data Defender, press releases and articles relating to current news
• External Blog - content from external sources

Added: 27/1/2012
Taken from ico.gov.uk

An estate agent yesterday pleaded guilty to the offence of failing to notify the Information Commissioner’s Office (ICO) that his business processes personal data. John Merfyn Pugh of Merfyn Pugh Estate Agents was prosecuted for an offence under section 17 of the Data Protection Act. The hearing took place at Caernarfon Magistrates Court.

Added: 25/1/2012
Taken from ico.gov.uk

The Information Commissioner’s Office (ICO) has served monetary penalties to North Somerset Council and Worcestershire County Council after staff at both authorities sent highly sensitive personal information to the wrong recipients. The news comes as the Information Commissioner is pressing for stronger powers to audit data protection compliance across local government and the NHS.

Added: 23/1/2012

This was spotted in High Street Kensington, London in December 2011. If the bag contained a laptop they should have done three things: fit a software tracker, encrypt the drive and backup. This would stop leaks, help find it and help you get your data back.

Added: 20/1/2012
Taken from ico.gov.uk

The Information Commissioner’s Office (ICO) today launched a consumer campaign aimed at getting the public to offer their views about what information public authorities should proactively release. The 'Tell Me More' campaign will run alongside the ICO’s existing consultation on the content of publication schemes - the documents that set out what information a public authority will make available about how they work.

Added: 18/1/2012

Months have passed from the last major story relating to Anonymous and LulzSec. It seems they are back with “robin hood” tendencies, leading a “Christmas-inspired assault” and would “use the credit data to take a million dollars and give the money away as Christmas donations” to charities. The latest target was Strategic Forecasting Inc which is an intelligence think tank with around 70 staff based in Austin.

Added: 16/1/2012

Data Defender is pleased to announce the launch of ultra secure off site data back company Backup Defender.

"Backup Defender offers one of the most secure and private off site data backup services in the world with support available 24/7/365. Security is at the heart of our operation, that is why we house our servers in a ex MoD bunker which can withstand nuclear, biological, chemical, EMP and terrorist attacks."

Added: 13/1/2012
Taken from ico.gov.uk

Southwark Council breached the Data Protection Act by misplacing a computer and some papers containing 7,200 peoples’ personal information which were discovered in a skip earlier this year, the Information Commissioner’s Office (ICO) said today. The computer and papers were mistakenly left at one of the council’s buildings at the Spa Road Complex in Southwark when it was vacated in December 2009.

Added: 11/1/2012
Taken from ico.gov.uk

A Scottish advocate breached the Data Protection Act after failing to encrypt a laptop containing sensitive personal data which was later stolen, the Information Commissioner’s Office (ICO) said today. The laptop was stolen from the home of Ruth Crawford QC in 2009 when she was away on holiday. It contained personal data relating to a number of individuals involved in eight court cases the advocate had been working on.

Added: 09/1/2012

HOW DO YOU SECURE your data? Most would reply that their company has a firewall and antivirus system in place to combat a wide range of threats. This is normally the response by non IT staff, IT managers and occasionally by some IT security specialists. Personally I would be stupid to argue against protecting your company from cyber threats. The reality is, these attacks - trojans, worms, viruses, DoS (denial of service) and hackers - are a big threat.

Added: 23/12/2011

Passwords are the first line of defense for pretty much everything ... websites, email, laptops, desktop and mobile phones. Various password-cracking methods exist which use automated software to guess passwords; the three main methods are to use dictionary words, a combination of dictionary and other combinations (known as hybrid) and brute force which uses all possible methods and combinations.

Added: 21/12/2011
Taken from ico.gov.uk

Oliver Letwin must ensure that he keeps personal information secure or face formal enforcement action, the Information Commissioner has said. Christopher Graham today announced that the West Dorset MP’s disposal of constituency paperwork in public bins constituted a breach of the Data Protection Act.

Mr Letwin has signed a written commitment to put changes in place, including ensuring that any documents containing personal data are disposed of in a secure manner. Mr Letwin will also make sure that he complies with the Cabinet Office’s data handling guidance.

Added: 19/12/2011

What is social engineering?
Social engineering is normally a low-tech attack carried out by someone who is confident. It is where an attacker uses his (or her) social skills to engineer an attack. Whereas normally hackers go after technology, social engineering goes after people (staff). It is normally delivered by one of the following:

• Email
• Letter
• Phone
• In person

Added: 16/12/2011

What is social engineering?
Social engineering is normally a low-tech attack carried out by someone who is confident. It is where an attacker uses his (or her) social skills to engineer an attack. Whereas normally hackers go after technology, social engineering goes after people (staff). It is normally delivered by one of the following:

Added: 14/12/2011
Taken from ico.gov.uk

A former gambling industry worker who unlawfully obtained and sold personal data relating to over 65,000 online bingo players has pleaded guilty to committing three offences under section 55 of the Data Protection Act. Marc Ben-Ezra, of Finchley, was given a three year conditional discharge and ordered to pay £1,700 to Cashcade Limited as well as £830.80 costs at Hendon Magistrates Court today. Information Commissioner, Christopher Graham, said: “This case shows that the unlawful trade in personal information is unfortunately still...

Added: 12/12/2011

MoD: "MoD helpline how may I help you?"
Foreign state: "I was wondering if you could help me?"
MoD: "Yes?"
Foreign state: "We are doing some research and were wondering if you would email us a list of all employees in the army, air force and navy?"

e likely answer from the MoD would be a polite "Clear off". This may sound daft and, in reality, it would never happen.

Added: 9/12/2011

How Facebook and LinkedIn have replaced the need for international spy networks... Anyone watching James Bond or 1950's war documentaries may be led to believe that in order to receive useful intelligence, a foreign agency or home-grown threat needs a network of all-charming, ever-discreet spies. Well, you'd be wrong. The chances are – you're already feeding them all of the information they need via your social media profiles. Foreign Governments and terrorist cells no longer have a need to hack into secure systems for information.

Added: 7/12/2011
Taken from ico.gov.uk

Rochdale Metropolitan Borough Council breached the Data Protection Act by losing an unencrypted memory stick containing the details of over 18,000 residents, the Information Commissioner’s Office (ICO) said today. The ICO has required the council to put changes in place and will check to ensure the improvements have been made. The memory stick – which was lost in May and has not been recovered – included, in some cases, residents’ names and addresses, along with details of payments to and by the council. The device did not include any bank account.

Added: 5/12/2011

Hacking, what hacking? This is what a lot of IT security professionals like myself have probably been saying for the last few months. When someone says hacking, we think of Gary McKinnon hacking into the US military and NASA computer systems or websites being drained of information or defaced. To call the NOTW phone hacking scandal 'hacking' is almost an offence to the word hacking. Really it is so simple that a ten-year-old could have done what the private investigators did. If it’s not really hacking then what is it?

Added: 25/11/2011
Taken from cbc.ca

Elections Alberta is trying to locate two enumeration binders containing names, addresses and, in some cases, phone numbers and birthdates of 381 voters. Elections Alberta is investigating the loss of two binders containing personal data of almost 400 voters. Canadian Press. The binders were lost by two enumerators; one working in electoral division of Edmonton-Strathcona, the second working in Lesser Slave Lake. Each binder contains enumeration records relating to a single polling subdivision within each electoral division.

Added: 23/11/2011
Taken from freshbusinessthinking.com

NHS staff are using Facebook to openly discuss patients resulting in confidential information being shared, and even lost, a report finds. Published by privacy campaigners, Big Brother Watch, the report NHS Breaches of Data Protection Law: How patient confidentiality was compromised five times every week. “This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected,” said Nick Pickles.

Added: 21/11/2011
Taken from ico.gov.uk

A private housing group based in Dorset breached the Data Protection Act by sending the personal data of 200 employees to the wrong email address, the Information Commissioner’s Office (ICO) said today. In March of this year, an employee of Spectrum Housing Group accidentally emailed a non-secure excel spreadsheet containing employees’ data, including details of their pension contributions, to the wrong external email address.

Added: 18/11/2011 - taken from ico.gov.uk

Two organisations have taken action after they breached the Data Protection Act by failing to encrypt personal information on laptops that were later stolen, the Information Commissioner’s Office (ICO) said today. The Association of School and College Leaders (ASCL) breached the Data Protection Act in May 2011 when a laptop - containing sensitive personal data - was stolen from an employee’s home in Yorkshire.

Added: 16/11/2011 - taken from ico.gov.uk

Newcastle Youth Offending Team breached the Data Protection Act by failing to encrypt a laptop containing personal data which was later stolen, the Information Commissioner’s Office (ICO) said today. The laptop - which contained personal data relating to 100 young people - was reported stolen from a contractor’s home in the Northumbria area in January. The contractor had been working on a youth inclusion programme on behalf of the Team.

Added: 14/11/2011 - taken from ico.gov.uk

University Hospitals Coventry & Warwickshire NHS Trust breached the Data Protection Act by losing patients’ medical information on two separate occasions, the Information Commissioner’s Office (ICO) said today. In February, records relating to the treatment of 18 patients were found in a communal waste bin at a residential apartment block. The information had been taken home by a member of staff and accidentally disposed of in a public bin along with other rubbish.

Added: 11/11/2011 - taken from ico.gov.uk

Four out of ten students online (42%) are concerned that personal information available about them online might affect their future employment prospects, the Information Commissioner’s Office (ICO) said today, as it launched its 2011 Student Brand Ambassador campaign. New figures published today also show that many students are not adequately protecting themselves against the risk of identity theft. 1 in 3 (33%) students who have lived at a previous address while at university still haven’t arranged the redirection of all their important post to their current university address. Over three quarters (76%) haven’t checked their credit rating in the last year, and two thirds (66%) have never checked it, allowing suspicious credit applications to go unnoticed.

Added: 9/11/2011 - taken from ico.gov.uk

Businesses may be ‘waking up’ to their obligations under the Data Protection Act (DPA) but public confidence in how personal information is being handled continues to decline, the Information Commissioner’s Office (ICO) said today. New figures published today show that nearly three quarters of businesses surveyed now know that the DPA requires them to keep personal information secure – up 26% on last year’s figure.

Added: 7/11/2011

Research suggests that 1 in 3 businesses close due to human error as staff remain unaware of even basic IT security, a data protection specialist has said. The recent survey also revealed that 64% of UK workers have received no training on IT security issues, including prevention of malware and loss of sensitive data. Misinterpretation of data protection laws, using weak passwords, falling foul to social engineering, opening infected emails and following through phishing emails are all causes of major IT failures at many businesses across the UK.

Added: 4/11/2011 - taken from ico.gov.uk

Dumfries and Galloway Council breached the Data Protection Act by accidentally publishing a spreadsheet containing the names, salaries and dates of birth of nearly 900 current and former employees on their website, the Information Commissioner’s Office (ICO) said today. The personal information – which was mistakenly disclosed as part of a response to a Freedom of Information Act (Scotland) response – was available online for over two months, between 23 March and 1 June 2011. It was removed after the council received a complaint from a trade union. The ICO also received a number of complaints from affected individuals.

Added: 2/11/2011

Staff are often the weak link when it comes to IT security breaches, according to recent research. Figures from Data Defender show that businesses invest in all manner of technologies to protect their important information but then fail to take into account the problems human error can cause. A recent survey highlighted that two thirds of workers have received no training on IT security issues, meaning that they often make simple mistakes such as using easy-to-crack passwords and opening emails from unknown contacts.

Added: 31/10/2011 - taken from ico.gov.uk

Dartford and Gravesham NHS Trust breached the Data Protection Act by accidentally destroying 10,000 archived records, the Information Commissioner’s Office (ICO) said today. The records – which should have been kept in a dedicated storage area – were put in a disposal room due to lack of space. The records were then mistakenly removed from the room and destroyed between the 28 and 31 December 2010. The hospital failed to realise that the information was missing for three months.

Added: 28/10/2011

A third of all SME closures are down to human error, warns IT specialist.

A leading data protection specialist is encouraging businesses to ensure staff understand the basics of IT security, as new research shows that one third of all SME closures are due to human error.

A recent survey also revealed that 64% of UK workers have received no training on IT security issues, including prevention of malware and loss of sensitive data.

Added: 24/10/2011

In an era where data is digital and business is conducted online, cyber-attacks are potentially the greatest threat to any modern business and the consequences from loss of data can be particularly devastating. Many companies spend thousands or even tens of thousands (though many more don’t) on the digital equivalent of ten-foot security fences; including biometrics, firewalls, antivirus scanners and encryption, but fail where it matters most; human error. Paradoxically advanced security software can often lead to a lax attitude towards security among staff, but as the old maxim goes, “security is only as strong as its weakest link.”

Added: 21/10/2011 - taken from delawareonline.com

The Nemours Foundation's Wilmington-area offices have lost three computer backup tapes containing sensitive personal and financial information on about 1.6 million patients, employees and other people associated with the four-state children's health care provider. The lost tapes do not contain detailed medical records, and patients' treatment information is stored on the tapes in a coded format, according to John Grabusky, spokesman for the foundation that operates the Alfred I. duPont Hospital for Children north of the city. The tapes do include patient billing and employee payroll data, including name, address, date of birth, Social Security number, insurance information and direct-deposit bank account information.

Added: 19/10/2011 - taken from bbc.co.uk

A memory stick containing the personal details of more than 100 mental health patients and staff has been lost on the Isle of Man. The device, lost by a worker from Praxis Care, contained names, addresses and in some cases care records. The company is contracted by the Department of Social Care to help people with learning disabilities and mental health conditions. It said 99 out of the 107 people affected had so far been informed. Five more people were expected to have been informed by the end of Friday. Changes in place'The remaining three individuals will be notified when circumstances allow or when they are available, the company added.

Added: 17/10/2011 - taken from gcn.com

The theft last month of backup computer tapes containing the medical records of nearly 5 million military personnel was not reported to the public for more than two weeks, and active and retired personnel will have to wait another four to six weeks before finding out if their records are at risk. The Tricare Management Activity, which runs the Defense Department health care program for millions of active-duty, reserve and retired military members. Their dependents and survivors, said it waited because.

Added: 14/10/2011 - taken from scmagazineuk.com

The Information Commissioner's Office (ICO) has reported that a school and a school union breached the Data Protection Act following the loss of laptops. It reported that the Association of School and College Leaders (ASCL) breached the act in May 2011 when a laptop was stolen from an employee's home. Enquires found that while the laptop had encryption software installed on it, the decision on whether or not to encrypt individual documents was left to the employee.

Added: 12/10/2011 - taken from thinq.co.uk

Digital bookmaker Betfair has been forced to confess that personal details of around three million of its punters have been leaked in an attack which occurred a shocking eighteen months ago.

In a reported dubbed 'Project Brazil,' Betfair officials confirmed that usernames and security questions belonging to more than three million customers, usernames with addresses belonging to just shy of three million customers, and - most shockingly - nearly 90,000 usernames with bank account details have been accessed by attackers unknown.

Added: 10/10/2011 - taken from eweekeurope.co.uk

The Surrey and Sussex Healthcare NHS Trust lost the records of 800 patients and did not inform them. People may trust the NHS with their health, but they should seriously reconsider its ability to safeguard their personal data, after yet another embarrassing data breach. It has emerged that Surrey and Sussex Healthcare NHS Trust, which runs East Surrey Hospital lost the confidential records of 800 patients on an unencrypted memory stick.

The data breach happened way back in September 2010, and according to the Crawley Observer, the lost details included patient names, operation details, and dates of birth. The lost memory stick was never recovered. Patients Not Informed. The NHS has a long track record with losing people’s confidential data, but what makes matters worse in this particular case is that the 800 affected people were never informed their details had been misplaced.

Added: 7/10/2011 - taken from startribune.com

The theft of a consultant's laptop computer from a car in July may have exposed thousands of Twin Cities patients to the risk of identity theft, hospital officials disclosed Tuesday.

The laptop, containing private information on about 14,000 patients of Fairview Health Services and 2,800 patients at North Memorial Medical Center, was stolen from a locked car in the parking lot of a Minneapolis restaurant.

Added: 5/10/2011 - taken from ihealthbeat.org

The theft of a laptop might have exposed health data on more than 16,000 patients at Fairview Health Services and North Memorial Medical Center, two Minnesota-based health care systems, the Minneapolis Star Tribune reports (Lerner/Kennedy, Minneapolis Star Tribune, 9/28). The theft occurred after an employee of Accretive Health -- a revenue cycle management company working with Fairview and North Memorial -- left the laptop in a locked car on July 25 (Goedert, Health Data Management, 9/28).

Hospital officials said they waited until now to begin notifying patients about the data breach because it took time for investigators to determine what information was compromised. Officials said the laptop was unencrypted and included data on about 14,000 Fairview patients, including:

Added: 3/10/2011 - taken from canadaeast.com

SAINT JOHN - A new policy regulating the storage of electronic personal health information will be in place within the next two weeks as a result of the disappearance of a USB memory stick last November at the Saint John Regional Hospital. The memory stick contained personal patient information, including Medicare numbers, of about 1,500 patients of a hospital pediatric endocrinologist over the past six years, Nancy Lindsay, chief privacy officer for Horizon Health, confirmed Tuesday.

Lindsay said she was made aware that the memory stick - used as backup to the main system - was missing on Aug. 8, after extensive searching failed to locate it. "We don't have the sense that it was stolen," Lindsay said. "They think it has been accidentally misplaced." Affected patients were notified via letter earlier this month. "We've tried to be as open as we could be with people about this," Lindsay said.

Added: 30/9/2011 - taken from ico.gov.uk

Walsall Council breached the Data Protection Act by accidentally dumping hundreds of local residents’ postal vote statements in a skip, the Information Commissioner’s Office (ICO) said today.

The statements – which were disposed of in March 2011 by an external contractor on the council’s behalf – included people’s names, addresses, dates of birth and signatures. Despite the council’s best efforts, 951 statements have not been recovered and are believed to have ended up in landfill or been destroyed.

Added: 28/9/2011 - taken from ico.gov.uk

The University Hospital of South Manchester NHS Foundation Trust breached the Data Protection Act by losing sensitive personal information relating to the treatment of 87 patients, the Information Commissioner’s Office (ICO) said today.

The information was lost after a medical student – who had been on a placement at the hospital’s Burns and Plastics Department – copied data onto a personal, unencrypted memory stick for research purposes. The memory stick was then lost by the student during a subsequent placement in December last year.

Added: 26/9/2011

I’m sure everyone who reads this will be bored (all of us at Data Defender are) and shocked by the constant revelations about the News of The World phone scandal. Every day we here about new victims, Milly Dowler, Jessica Wells, Holly Chapman, 7/7 terrorist victims, soldiers killed in Iraq and Afghanistan and so on.

The media likes to make stories 'sexy', to sell them but sometimes they do not understand the terminology or simply exaggerate. One example is the alleged Essex-based hacker Ryan Cleary of Lulzsec. He is accused of hacking into various companies’ networks and websites, as well as SOCA, the Brazilian Government and the CIA.

Added: 16/9/2011

Click to read the full newsletter

Added: 9/9/2011 - taken from wwmt.com

The Kalamazoo County Sheriff's Office is looking for a stolen laptop that contains important medical information related to a sick child.

Deputies say the Dell laptop was stolen during a breaking and entering that took place Monday morning in the 5000 block of West W Avenue in Schoolcraft.

Deputies say the laptop was allegedly sold in the area of Walnut Trails Apartments sometime that same Monday, August 29th.

The victim in the incident is asking anyone with information regarding the whereabouts of that laptop to contact Silent Observer or the Kalamazoo County Sheriff's Office with no questions asked.

Added: 7/9/2011 - taken from thebureauinvestigates.com

Local councils have lost data relating to personal details of more than 160,000 people in the last five years, a Bureau investigation can reveal. More than 26,000 individuals have had their personal details lost in the first half of 2011 alone.

The losses include personal details of more than 5,000 children.CVs, housing benefit information, passport numbers, information on vulnerable people and an encrypted version of a local electoral register were amongst the various losses that councils admitted.

One council, Worcestershire, even admitted losing people’s bank details, in an incident that involved the loss of a contractor’s laptop that contained information relating to 16,200 staff in 2007. In many cases councils have also failed to inform people affected by the loss.

Added: 5/9/2011 - taken from publicservice.co.uk

The Scottish Children's Reporter Administration has broken data laws after failing to secure sensitive records on the welfare of children on more than one occasion, the Information Commissioner's Office has found.

In two "concerning" incidents, the SCRA was said to have mishandled sensitive information, with documents being emailed to the wrong people and even showing up in a furniture shop.

First, nine case files were left in a filing cabinet which was removed during an office refurbishment in September 2010. Instead of being destroyed as planned, the cabinet was sold to a second-hand furniture shop. Files, which contained names, dates of birth, social reports and referral decisions on children were returned by the person who bought the cabinet after they were found inside.

Added: 19/8/2011 - taken from infosecurity-us.com

Thieves made off with personal information of 92,408 Citigroup Inc. credit card customers in Japan and sold the data to third parties, the bank said Friday. It is the second data theft for Citi in three months and the latest sign of the vulnerability of banks and their clients.

Customer account numbers, names, addresses, phone numbers, birth dates, account-opening dates and gender information were stolen, Citi said. The most sensitive data, including personal identification numbers and card security codes, weren't taken, reducing the possibility that fraud will occur, Citi said.

Added: 17/8/2011 - taken from infosecurity-us.com

Nearly half of organizations have lost sensitive or confidential information on USB drives in just the past two years, according to a survey by the Ponemon Institute and Kingston Digital. In addition, malware-infected USB drives likely caused theft of confidential information in 55% of respondents. The Ponemon Institute surveyed 743 IT and IT security practitioners.

More than 40% of organizations surveyed report having more than 50,000 USB drives in use in their organizations, with nearly 20% having more than 100,000 drives in circulation. The majority of those organizations (67%) confirmed that they had multiple loss events – in some cases, more than 10 separate events.

Added: 15/8/2011 - taken from camdennewjournal.com

ROYAL Free officials were urgently dispatched to the New Journal last night (Wednesday) after a lost memory stick believed to contain confidential patient data was handed in to our offices.

An investigation has been launched into concerns of a major security breach at the Hampstead hospital following the arrival of the small device in a brown paper envelope yesterday. The plug-in stick – which is used for swift transfer of digital files between computers – was reportedly found on the ground near St Stephen’s Church in Pond Street.

Added: 12/8/2011 - taken from inspiresme.co.uk

Small businesses operating in online retail markets are taking data security more seriously, according to a new report by CyberSource. The global payment management company pointed to the high potential penalties of a data breach as a significant reason for the emerging trend. Aside from the hit to reputation and productivity, a data breach can result in fines of up to £500,000 from the Information Commissioner’s Office.

Dr Akif Khan, director of products and services at CyberSource, said that given the size of the penalties "it is no surprise that data security is an increasingly hot topic.” "An upcoming security report by CyberSource has shown that the primary driver for online retailers to invest in payment security is to protect the brand or revenues (69 percent) rather than to avoid bank fines (26 percent)," he explained.

Added: 10/8/2011 - taken from indiatimes.com

LUDHIANA: Two doctors of a private medical college and hospital, who lost their laptops, other accessories and a few important documents from their hostel rooms on Tuesday, filed a complaint with the police against the hospital authorities for lack of security.

Abhishek Shankar, a student of MD in radiation and oncology and Anish, a student of MD in paediatrics were at the hospital when the theft happened. Shankar said the incident came to light when Anish returned to the hostel room in the afternoon and found the locks of both their rooms broken and informed him.

Added: 8/8/2011 - taken from boston.com

A doctor who works at Brigham and Women’s and Faulkner hospitals lost an external hard drive in June, and the computer device may have contained medical information for 638 patients, the hospitals said yesterday. The Brigham has sent letters to those patients describing the problem. Patients who have questions can call toll-free at 877-694-3367.

Information related to inpatient hospital stays from July 10, 2009, to Jan. 28, 2011, may have been on the device, including patient names, medical record numbers, dates of admission, medications, and information about diagnosis and treatment. The device did not contain Social Security numbers, insurance numbers, or other financial account information.

Added: 5/8/2011 - taken from lfpress.com

A huge privacy breach involving thousands of Ontarians' sensitive cancer reports could have been avoided if they'd been sent electronically, rather than on paper, Ontario's privacy commissioner and opposition critics say. The personal records of at least 6,490 Ontarians, including the results of colon cancer tests, couldn't be accounted for after they were sent by courier to doctors' offices, Cancer Care Ontario disclosed Tuesday.

The records of another 5,440 Ontarians -- for a total of about 12,000 -- might also be missing. The missing reports include patient names, birth dates, gender, health card numbers and colorectal cancer test results. Information Commissioner Ann Cavoukian called the situation "astounding," especially the decision by Cancer Care Ontario, the provincial agency that co-ordinates cancer treatment, to put the information on paper and mail it.

Added: 3/8/2011 - taken from inquirer.net

Cebu City Hall’s need for security cameras was highlighted yesterday with the loss of a portable computer over the weekend from the office of Councilor Alvin Dizon on the third floor of the legislative building. Dizon lost his City Hall-issued Fujitsu laptop. No other valuables were taken.

The laptop contained files on the ongoing review of the city’s socialized housing project and proposals on the donation of hospital equipment for the Cebu City Medical Center from Fortrij, Belgium, among other data. “The robber was daring for choosing my office, which is near the lobby and the stairs,” Dizon said in Cebuano.

Added: 1/8/2011 - taken from itpro.co.uk

The Greater Manchester Police has admitted to the loss of a USB stick containing data relating to an investigation. The removable drive was stolen from an officer's home and the device is not thought to be password protected, the BBC reported. That officer has now been suspended as the police carry out an investigation into the incident, whilst the Independent Police Complaints Commission and the Information Commissioner’s Office (ICO) have been informed.

Just a single member of the public has been told their personal data was stolen. “I want to reassure residents across Greater Manchester that we are taking this incredibly seriously and we are working hard to both identify who was responsible for the burglary and recover the stolen memory stick,” said Assistant Chief Constable Garry Shewan. "I want to stress that we do not believe the officer's home was deliberately targeted, but that this was an opportunistic burglary.

Added: 22/7/2011 - taken from examiner.co.uk

CONFIDENTIAL files on 25 people were on a computer stolen from the home of a Kirklees Council employee. The laptop theft was one of several incidents in which private data was lost by the authority. The council also lost a paper file containing children’s social services information, it emerged in new details revealed by the authority.

But the worst case uncovered by a Freedom of Information request was the incident in which the laptop was stolen. In all, 25 people had information lost including names, addresses and long term health needs in the theft at an employee’s home in March 2011. In a further breach, details of a person’s name, address, date of birth, and phone number were faxed to the wrong recipient. The incidents were all logged over the last two years.

Added: 21/7/2011 - taken from troymessenger.com

Troy Regional Medical Center is notifying 880 of its former patients that some of their personal information was illegally accessed and removed from the hospital’s records earlier this year.

The data theft is part of an ongoing criminal investigation and appears to be connected to similar crimes in Georgia and other Alabama locations. The theft does not involve medical information and appears to be limited to patients born between 1988 and 1992, administrators said.

Added: 20/7/2011 - taken from AFP

WASHINGTON — A foreign intelligence service swiped 24,000 computer files from a US defense contractor in March in one of the largest ever cyberattacks on a Pentagon supplier, a top Defense Department official revealed on Thursday. "It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies," Deputy Defense Secretary William Lynn said.

"In a single intrusion this March, 24,000 files were taken," Lynn said in a speech at National Defense University here outlining the Pentagon's strategy in cyberspace. Speaking to reporters after his speech, Lynn described the theft of data from the unidentified defense contractor as "significant" and one of the largest ever.

Added: 19/7/2011 - taken from thehindu.com

There may be high fences and security cameras around the building site in Berlin, but that wasn't enough to prevent the blueprints for one of the city's biggest construction projects from going missing. The site is that of a new headquarters for Germany's intelligence service, making the loss all the more embarrassing.

The spy agency is facing difficult questions after it emerged that it could not even keep the plans for its new hi-tech offices from going astray. According to a report in Focus magazine, the blueprints contained sensitive information relating to the security of the Berlin headquarters.

Added: 18/7/2011 - taken from ndtv.com

Belfast: Cricket Ireland has issued an appeal after three laptops and two external hard drives went missing at the end of a game in Belfast last week. A bag containing the equipment was stolen at the end of Ireland's one-day game against Namibia at the Civil Service club in Stormont on July 5. The equipment belonged to Ireland assistant coach and video analyst Pete Johnston and he fears crucial tactical information will be lost.

"The external hard drives contain footage of our matches, with game plans for the opposition and tactics which we employ as well as our own key performance indicators," he said. "I had everything with me as I was preparing for our ongoing tri-series with Sri Lanka and Scotland. The footage contained on these hard drives is crucial to our success and preparation for games. It's an accumulation of work over the past four years, and is irreplaceable. I'm appealing to anyone that finds these or is offered them for sale to get in touch with Cricket Ireland immediately.

Added: 15/5/2011

Many employees within a company, some even within the IT department, believe their laptops to be secure because of the Windows password. I you ask the question, ‘how do you protect your laptop against physical threats?’ some will respond with the Windows password prompt. This doesn’t offer much security at all. Dr. Hugh Thompson put it very succinctly: “Without properly-implemented encryption, a password is just a polite request for an attacker to not access data.”

Below are just some of the ways round a Windows password:

• Open source (usually free) password crackers such as Ophcrack.
• Proprietary (not free) ‘password recovery’ software that can reset the password to blank
• Mount the hard drive as secondary and you can view files and folders without a password

How do you protect your hard drive from prying eyes? Simple, full disc encryption. A one-off setup that protects ALL data.

Added: 14/7/2011 - taken from wsj.com

Brokerage Morgan Stanley Smith Barney says two CDscontaining personal information belonging to 34,000 investment clients was lost in transit to a government office. The information included clients' names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and some clients' Social Security numbers, company spokesman Jim Wiggins said. The company, a Morgan Stanley (MS) joint venture with Citigroup Inc. (C), told clients about the loss in a letter mailed last month.

The CDs, which were password protected but not encrypted, were lost after the company mailed them to the New York State Department of Taxation and Finance. The package appeared to be intact when it reached the department, but the CDs were gone by the time the package reached the intended recipient, Wiggins says.

Added: 13/7/2011 - taken from ico.gov.uk

Businesses should be more willing to undergo data protection audits, the Information Commissioner, Christopher Graham, said today. The warning comes as figures published in the ICO’s annual report show that private companies reported the most data security breaches of any sector in 2010/11.

A data security breach is an incident that results in the loss, release or corruption of personal data. In the absence of a legal obligation on data controllers to report them, the Information Commissioner operates a voluntary scheme under which serious breaches are brought to his office’s attention.

Figures from the annual report show that of the 603 data security breaches reported to the ICO in 2010/11, 186 – almost a third – occurred in the private sector. Despite this, just 19% of businesses contacted by the ICO accepted the offer to undergo free data protection audits. In contrast, 71% of public sector organisations who were contacted voluntarily agreed to be audited.

Added: 12/7/2011 - taken from finextra.com

The recent spate of high profile data losses aptly demonstrates the many ways in which data can go astray and reinforces the need to have every potential leakage point protected. Whether it is Wikileak-style insider activity, cyber-attacks from external hackers or careless unintentional loss of discs containing sensitive information, organisations need to have robust security policies in place along with measures to ensure that those policies are actively managed and enforced.

The threats are many and diverse, so organisations need to constantly review their policies, defences and controls, and to perform regular risk assessments to identify where there is potential for data loss and where additional protection needs to be put in place.

Added: 11/7/2011 - taken from go.com

Personal information of almost 2,000 Hurley Medical Center patients may be in the wrong hands this afternoon because the hospital says it is missing a laptop. While the computer does not contain sensitive information like social security numbers and insurance information, it does have on it other private medical history for 1,938 patients. "I also want to publicly apologize on behalf of Hurley for this breach," said Patrick Wardell, Hurley President and CEO.

Wardell says an employee noticed it was missing from a locked room on the 6th floor, the Pulmonary Unit, back in May. "On the laptop is information from 2007 to the present. It had their name, their height, their weight, their birthday, their medical record number, and test results," Wardell said. The computer stored the results of tests that monitors the lung functions.

Added: 8/7/2011 - taken from guardian.co.uk

The health service needs to do more to keep patient's personal data more secure, the information commissioner has warned. Christopher Graham said procedures to protect patients' personal information are "not being followed on the ground" and that effective measures are needed to ensure data laws do not become a "day-to-day burden". "The health service holds some of the most sensitive personal information of any sector in the UK," he said. "Millions of records are constantly being accessed and we appreciate that there will be occasions where human error occurs.

"But recent incidents such as the loss of laptops at NHS North Central London (containing the medical records of over 8 million people) - which we are currently investigating - suggest that the security of data remains a systemic problem." The warning comes after the Information Commissioner's Office revealed that five further health organisations had breached the Data Protection Act in recent months.

Added: 7/7/2011 - taken from tennessean.com

A laptop containing more than 1,500 patient names and their personal information was stolen from a medical billing company employee’s car last month. PhyData LLC, a medical billing and management company in Goodlettsville, reported the laptop stolen from the trunk of the worker’s vehicle at RiverGate Mall on May 7, said Joy Sweeney of PhyData. The theft was reported to local law enforcement and the company’s privacy officer.

There is no indication that the information on the laptop was accessed or misused, Sweeney said in a news release. The companies associated with PhyData that were affected are Advanced Diagnostic Imaging, Premier Radiology and Anesthesia Services Associates. The majority of the names contained in the computer were patients between January 2009 and December 2010.

Added: 6/7/2011 - taken from thisislondon.co.uk

London hospitals were responsible for nearly 1,000 cases involving the theft or loss of confidential patient details over the past three years, figures show today. They include medical notes left in a bin near a busy ward, the theft of a doctor's laptop containing patient names and addresses and the loss of a memory stick. Barnet has the worst record with nearly 187 breaches from 2008 to last year. Chelsea and Westminster foundation trust, Camden and Islington, and Barking, Havering and Redbridge also had a high number of incidents.

It comes days after it was revealed that the Met is investigating the theft of a laptop containing the records of more than eight million patients. Scotland Yard was alerted after more than 20 computers went missing from North Central London Strategic Health Authority three weeks ago. The NHS is already under attack for its poor record on protecting personal information of patients including names, addresses and medical records.

Added: 5/7/2011 - taken from topnews.us

While addressing the issue of a missing laptop, Information Commissioner Christopher Graham has warned the NHS trust hospitals and said they may face a fine of up to £500,000 in case they lose a patient’s personal records. At present, he is in middle of a process to investigate how NHS North Central London Trust had misplaced a laptop containing approximately 8.3 million patients’ records. Further, Mr. Graham has notified that five more health organizations, including Ipswich Hospital NHS Trust, East Midlands Ambulance Service, Basildon & Thurrock NHS Trusts and Lancashire Teaching Hospitals NHS Foundation Trust had agreed to take some essential steps to improve security following major data breaches, which can be prosecuted under section 55 of the Data Protection Act.

"But recent incidents such as the loss of laptops at NHS North Central London (containing the medical records of over 8 million people) - which we are currently investigating - suggest that the security of data remains a systemic problem”, he added. In February, Ipswich Hospital NHS Trust lost 29 patients’ records and East Midlands Ambulance Service NHS Trust misplaced an unencrypted memory stick with sensitive data relating to a number of hospital patients.

Added: 4/7/2011 - taken from scmagazineuk.com

With every data breach there is a victim. While it may often ‘just' be a username, password or email address that is leaked, someone is bound to be affected. The announcement of a potential compromise of data could scare some more than others. That said, some people are blase about data breaches so probably don't really care. So in an 'anonymous henchman' style, does anyone really care about the victim?

Well maybe a recent class action suite could cause someone to take action. In a report I read recently, around 80,000 people are seeking $40 million in compensation for their data lost by the Canadian Durham region on an unencrypted USB flash drive. According to durhamregion.com, the data was personal information about people who had been vaccinated against the H1N1 flu virus. The class action suit was given the go-ahead by Justice Peter Lauwers of the Ontario Superior Court of Justice in late April, with Bowmanville resident John Sherlock Rowlands appointed as the 'representative' of the class.

Added: 1/7/2011 - taken from hindustantimes.com

The rising number of cyber crime and data theft cases in the Millennium City is posing a threat to its image of a global IT and software industry hub. The city has already reported 98 such cases in the first four months this year as compared to 150 cases last year. Since most data thefts are not reported and the pace of investigation remains slow, the trend has created a challenge for the IT industry, which is the breeding ground for most cases. According to a survey carried out by the Centre for Transforming India, an NGO, the city witnesses around 20 to 30 cases of data theft on a daily basis.

However, interestingly, the National Crime Research Bureau’s 2009 report on national cyber crime figures (including cases registered under the IT Act 2000 and the IPC 1860) does not report any significant increase in the number of cyber crime cases registered in Gurgaon, while a remarkable increase has been observed in other IT hubs like Pune and Bangalore and even in non-IT destinations like Chhattisgarh. “Data thefts are the biggest challenge for an IT or BPO company and lack of action on part of law enforcement agencies is contrary to the interests of IT and BPO companies in the city. The issue is likely to be taken up by US politicians soon and the IT industry will face a growing dissent on the issue,” said Pankaj Sharma, chief trustee, Centre for Transforming India.

Added: 30/6/2011 - taken from northlondon-today.co.uk

POLICE officers have launched an investigation after 12 NHS laptops, one of which was used to analyse information about Enfield patients, were stolen earlier this month. The laptops were reported stolen by health chiefs at NHS North Central London, which manages healthcare across Barnet, Enfield, Haringey, Camden and Islington. According to officials the laptops were password-protected and the data, which did not include patients’ names, was deleted before the theft took place.

NHS NCL refused to reveal where the laptops were stolen from and would not say whether the data was encrypted. A Department Of Health spokeswoman said all NHS laptops are expected to be encrypted. She added: “We have set clear standards for NHS organisations to adhere to on data handling, and have issued guidance that sets out the steps they must take to ensure records are kept secure and confidential. “Local NHS organisations are responsible for implementing these processes.

Added: 29/6/2011 - taken from prleap.com

LOS ANGELES/LONDON A new survey shows that when given the choice of a tool to perform a data breach, 60% of employees opt for the USB Flash drive. It also showed that over 25% of men in a management position think that it is OK to take information with you when you end employment. Women have a higher sense of morality when it comes to company data and are less likely offenders.

Survey Prompted by a Data Breach of 500,000 Customers Records Following an insider breach exposing 500,000 customer records at T-Mobile in the United Kingdom, a survey "A View on Company Data" was conducted in the United States by BlockMaster to point out the global trends within USB usage and how employees regard company information. The money the T-Mobile employee in London made on the side from the data theft prompted SC Magazine’s Dan Raywood to conclude "there is a thriving market for data."

Added: 28/6/2011 - taken from news.cnet.com

Canadian Staples stores are failing to fully wipe customer data off returned laptops and storage devices before reselling them, thus violating Canada's privacy laws, the CBC News reports. More than a third of the 149 storage devices tested by the Office of the Privacy Commissioner of Canada, including laptops and USB hard drives, still had customer data on them--despite undergoing a wipe and restore process to be readied for resale. Some of the lingering information was reportedly pretty sensitive, including things like tax and ID records and passport numbers.

"Our findings are particularly disappointing given we had already investigated two complaints against Staples involving returned data storage devices and the company had committed to taking corrective action," commissioner Jennifer Stoddart said in a press release. "While Staples did improve procedures and control mechanisms after our investigations, the audit showed those procedures and controls were not consistently applied, nor were they always effective, leaving customers' personal information at serious risk." The commissioner's office is following up its initial slap on the wrist with another slap on the wrist. It recommended that the office supply chain "implement enhanced controls to eliminate any risk of personal information being disclosed." The commissioner's office did not elaborate on those measures.

Added: 27/6/2011 - taken from scotlandonsunday.scotsman.com

Graeme Batsman managing director of Data Defender was quoted in Scotland on Sunday (Scotsman), in a article relating to the recent hacking scandals and arrest of Ryan Cleary. Graeme was asked for input in the article and was quoted four times.

FOR weeks the net had been buzzing with rumours about Ryan Cleary. After he allegedly infiltrated the hackers' collective Anonymous, extracting and publishing details of its members online, he became the source of both animosity and admiration. Who was this cyber mastermind who could launch such attacks with both arrogance and impunity?

Today we know Cleary is, in fact, a troubled 19-year-old who lives in his family home in Wickford in Essex. According to his mother Rita, Cleary, who is agoraphobic and suffers from ADHD, has spent most of the past 18 months holed up in his bedroom, stepping out only to collect his dinner from a tray at his door or go to the toilet.

Added: 24/5/2011

Everyone has heard the saying “Rules are meant to be broken”. Everyone has free will, he or she can choice. Take the example, you are driving down a road and you see a sign saying 40MPH limit. If you chose you can do 60MPH or 39MPH. Nothing is physically stopping you unless there is a police car behind or bad traffic. You may get a speeding ticket or fine but at the exact time very little stops you. Cars today do not automatically shut off if you exceed the limit.

You are probably wondering, what has this got to do with data? Well, give someone a choice and they may not obey your policy saying encryption on CD’s or DVD’s. Hey pesto, a lost cd, loss of customers, bad media coverage and fines. A policy can state encryption on all removable media but what stops staff not following this? Staff can be the weakest link in any company.

Added: 23/6/2011 - taken from chicagotribune.com

The Illinois Department of Education reports two laptop computers containing information on 7,800 special education students and 2,600 teachers from 42 suburban Chicago school districts have been stolen. Department spokesman Matt Vanover said Friday the laptops, owned by an employee of a state contractor, were stolen June 8 from a car at a Palatine hotel.

Vanover said the theft was reported to local police. No arrests have been made but the department doesn't believe the information on the computers has been used by the thieves. Vanover said the contractor has mailed letters to those whose names and information is on the computers, which are password protected. The information included Social Security numbers for some employees and a handful of students.

Added: 22/6/2011 - taken from smartcompany.com.au

We’re all at risk of privacy breaches, because we all store personal information of some kind – about staff, clients, prospects, patients or others. So long as we are storing personal information, we must be aware that we are at risk of creating a privacy breach. I could discuss the security in place on PCs and servers in the SME sector but I’ll leave that for another day. Instead, I want to focus on how to go about disposing your data storage devices. Just look around your office and think about how many hard drives are around; CDs, DVDs, USB sticks, tapes, removable hard drives… the list goes on.

The legitimacy of the following video is questionable but it does serve as food for thought regarding how pervasive personal data can be in our systems, and how seldom we stop to think about this data as the machine leaves our office doors. Okay, so it’s about scanned documents being found on the hard drives of photocopiers, yet it serves as a warning to all of us about the places we mindlessly store our private data and how we should go about ensuring it is removed responsibly.

Added: 21/6/2011 - taken from au.ibtimes.com

Some 66,000 Australian Institute of Company Directors members and clients had their information stolen after a computer was stolen with their personal information stored inside. The theft of the computer last weekend included personal information of members such as names, addresses, phone numbers and the members numbers. Police are investigating the theft which occurred during a power outage. AICD chief executive John Colvin reassured members in a letter that the stolen computer did not contain data about credit cards, e-mail addresses or passwords or banking details.

Members of the organization include some of Australia's largest public and private companies as well as private family businesses. The stolen machine was part of the organization's customer relationship management (CRM) upgrade and was used as test machine. Unfortunately it used real personal data. AICD is confident that the computer can't be compromised as the machine is protected although the data isn't encrypted.

Added: 20/6/2011 - taken from inspiresme.co.uk

Half of UK SME owners are ignoring the potential impact data loss or theft could have on their business. A new survey by confidential waste disposal company Shred-It examined 1,000 UK businesses and found the 68 percent of small businesses in the UK either do not train their staff on information security procedures (30 percent) or only do so as and when required (38 percent). The Information Commissioner’s Office (ICO) introduced new rules in 2010, allowing companies to be fined up to £500,000 for breaching the Data Protection Act – a ruling that should have encouraged businesses to take action against data loss.

However, only four percent of respondents said that they had done anything to change their information management procedures in response to the new ICO rules. Over half (58 percent) of businesses admitted that they were completely unaware of the ICO’s increased power. Robert Guice, executive vice president of Shred-it, said; “Ignorance is no defence in the eyes of the law and UK businesses need to wake up quickly to the fact that failures to store and dispose of confidential information in a secure manner could have far-reaching and potentially financially damaging impacts upon their operations."

Added: 16/6/2011 - taken from computerworld.com

A laptop containing unencrypted medical data for 8.63 million people has reportedly gone missing from a storeroom of a health authority in London, potentially the biggest data loss disaster ever to befall the NHS. Details of the loss, reported in The Sun newspaper, are sparse so far but it appears that the machine was one of 20 that disappeared from a store used by NHS medical research organization London Health Programmes, run by the North Central London health authority.

Information on the laptop included details on 18 million hospital visits over an unknown period of time, including the postcode, age, ethnic origin of the patients concerned, but not their names. Harder to explain is that the machine seems not to have been encrypted which suggests the data might not be current. The health authority concerned has yet to make any statement on the matter with the Information Commissioner's Office (ICO), whose job it will be to investigate the incident, keeping its comments to a bare minimum.

Added: 9/6/2011 - taken from baltimoresun.com

Time is money, so today I'm going to save you both by telling you what happens when your Facebook and Gmail accounts get hacked and how to avoid that fate, which is especially important for travelers. Until this happened to me, I thought strong passwords were for other people. Now a hacker knows where I went to school, where I bank and the names of my cats. Using free Wi-Fi hotspots while traveling and having weak passwords may have made me more vulnerable. I've spent countless hours trying to explain to everyone in my contact list that I am not stranded in London and those emails asking for money weren't from me.

"Passwords should be long and strong," said Michael Kaiser, executive director of the National Cyber Security Alliance, a nonprofit public-private partnership focused on cyber security awareness and education. He recommends using a variety of letters (upper and lower case), numbers and symbols. Rob Calvert, a business technology security expert and president of Second Son Consulting Inc. in Sherman Oaks, reminds travelers that they have some unique concerns if they access email or other personal information using free Wi-Fi or public computers on the road.

Added: 8/6/2011 - taken from thestar.com

Some Toronto clients of Scotiabank are concerned about the possible misuse of their personal information after being informed by the bank that three CD-ROMs listing clients’ names, SIN numbers and registered account type and account numbers have gone missing. Michael Binetti, a lawyer who specializes in commercial litigation and competition law with Affleck Greene McMurtry LLP, received a call telling him about the missing information on Saturday. The 31-year-old was concerned when he heard the news that his personal information might no longer be confidential and could potentially be used by someone to get fraudulent credit cards or establish a fake identity.

“It’s disheartening to know that a company that big can’t keep track of a CD-ROM with confidential information on it,” he told the Star. “I don’t want to be in some situation where some rogue is applying for credit in my name . . . And then I have to prove he’s the imposter.” “With big organizations there is a certain risk anyway. But it’s disappointing to hear that some courier somewhere has these CD-ROMs and they (the bank) can’t find them.” Binetti said he was told by a Scotiabank representative the CD-ROMs were mislaid Wednesday and that the bank thought they had been lost internally.

Added: 7/6/2011 - taken from wspa.com

The laptop had a password-protected file with Social Security numbers, as well as names, addresses, dates of birth and medical billing codes. An Upstate hospital--warning potentially thousands of patients--their medical and personal information could be in the hands of a thief. Spartanburg Regional Hospital has taken steps to protect their patients after they say someone swiped a company laptop from an employee's car this past March.

We're only hearing about it now. It contained patient social security numbers--addresses and more. It's important to note, the hospital says they have no reason to believe that any information has been misused. They sent out a notice however, to be proactive and have hired Kroll, Inc. to provide those affected with free credit monitoring for a year. Many of our viewers and readers have emailed and called to ask if these warning letters were a scam or legitimate. They are legitimate.

Added: 6/6/2011

Data Defender is pleased to announce we are now offering tracking services for laptops, mobiles and desktops. See http://www.datadefender.co.uk/business-services/asset-tracking-a-reporting.html for more details.

Added: 10/6/2011 - taken from hindustantimes.com/

With the US already joining the China-Google slugfest over hacking of email accounts, New Delhi too — albeit unintentionally — got caught in the crossfire. Two senior Indian diplomats in Beijing have found their gmail accounts — Googles’ email service — hacked and some others suspect. Diplomats who have served in China said there had been such “instances” in the past too. According to official sources, the hackers broke into the accounts, changed the passwords and forwarded mails from the accounts. They also changed the email settings.

Google said on Wednesday that hundreds of its email service users had been targeted by stealth attacks originating in China. The victims included government officials, military personnel, political activists and journalists. Promptly denying the charge, Chinese foreign ministry spokesman Hong Lei said, “The so-called statement that the Chinese government supports the hacking attacks is a total fabrication. It has ulterior motives.” Terming the allegations “very serious”, US secretary of state Hilary Clinton said on Thursday that the FBI would investigate the breaches.

Added: 9/6/2011 - taken from dailymail.co.uk

Fears of a 'cyber war' with China intensified today as it emerged White House employees are among hundreds of U.S. officials who have had their passwords stolen by Chinese hackers. The security threat, which is likely to have been an attempt by the Chinese to spy on official U.S. correspondence, comes as Hillary Clinton warned the allegations were 'very serious'. Experts suspect Chinese hackers are capable of reducing the U.S. to stone-age conditions at the press of a button – by crippling the computers running everything from banks and supermarkets to power stations and water plants.

The security breach was revealed by Google which said victims had been carefully targeted in a scam to steal passwords traced to the city of Jinan in the Communist state’ s Shangdong province. The U.S. government will not reveal who has been targeted by the 'phishing' attacks but admitted they included senior administration officials. President Obama's administration insists no official email accounts were hacked into by the Chinese but there remains the possibility that official business was being discussed on employees' personal emails. The FBI and Department of Homeland Security are now investigating with Google's help.

Added: 8/6/2011 - taken from realwire.com

A worrying number of UK office workers admit to putting work-related data at risk whilst working off-site, according to research released today by Fasthosts Internet Ltd, (www.fasthosts.co.uk), a leading web hosting provider. The study of 1000 British office workers(1) finds that 37 per cent have taken risks with work-related data or documents, such as using personal or home computers, or taking a slack approach to data security whilst outside of the office. 1 in 4 office workers admit to committing at least one ‘data security sin’ such as losing a USB device, leaving laptops unattended in public (such as on a train), or keeping work-related files in a car overnight. The study reveals that very few UK office workers use a secure online method of transferring work data to and from their workplace.

Fasthosts’ 'Bad Data Habits Audit' reveals that many British office workers may be putting their companies at risk by transferring or saving work-related materials off-site without sufficient care. The study reveals that whilst only 15 per cent of workers know they have lost data, 37 per cent admit they have cut-corners and put data at unnecessary risk whilst away from the office. 1 in 4 office workers take significant risks with their behaviour, such as losing a storage device or papers, or leaving laptops unsecured in public or in their cars. Worryingly, 1 in 4 respondents keep work-related data from the past stored on their home computers. 1 in 5 workers admit to frequently risking important documents by failing to make any back-up copy.