A UK local council has lost the personal details of hundreds of residents when a memory stick fell out of an employee’s pocket. Details lost include names, addresses, national insurance numbers, ethnicity and more.
Read More »

We saw in 2008 and 2009 how worms came back to prominence, thanks to the wide spread of Conficker and its variants. A timely reminder that the threat is still high was given last week, when Google revealed a highly sophisticated series of cyberattacks originating from China that stole some of its intellectual property and affected about 30 other Silicon Valley companies.

This recent attack shows how malicious software has evolved into an advanced weapon that can specifically target companies – even companies as advanced as Google – with the aim of gaining a financial or competitive advantage.

Attackers will try any method available to seed the malware onto a company network, including infecting USB flash drives and distributing them at events, or “losing” them in car parks for unwitting employees to find. That’s why latest-generation secure flash drives, such as our own Cruzer Enterprise range, can also feature onboard anti-malware scanning to nullify this threat.

The personal health records of over 83,000 Canadians have been lost on an unencrypted USB memory stick.

The device was lost by a member of staff from a centre in Ontario State, and contained data collected from everyone who attended H1N1 or seasonal flu vaccination clinics in the region over a period of nearly two months. The information included personal information such as names, addresses, phone numbers, dates of birth, health card numbers, doctor’s names and so on. Read More »

We’ve all lost things at some time in our lives – car keys, wallet, mobile phone – and have experienced the frustrations this can cause.  Some might have lost things like laptops, and had to suffer the problems of paying for a replacement, and the loss of useful information that was on the device. 

These problems are irritating, but usually don’t cause much more than minor inconvenience.  If only it was the same in the business world.  That laptop loss, or loss of a USB flash drive, could be just the first of many problems.  Does the business know what data was on that PC or thumb drive?  Did the user remember to encrypt the data?  What are the ramifications if the data falls into the wrong hands?

This article from Jon Collins, head of research company Freeform Dynamics, looks at practical, good-practice steps companies can take to minimise the fallout from device losses. 

It maps closely onto the benefits our secure USB flash drives and data management solution deliver to users – automated, transparent protection of data, the ability to track and audit what data has been copied to devices, and remote device termination.  With the right equipment, small problems will stay small.

Last week’s episode of the British satirical comedy, The Thick of It, showed how the concept of a major public-sector data loss has become so mainstream that it can be the subject of an entire programme.

The story was based around the accidental wiping of a large volume of citizen data within a Government department, with no backup available, and follows the frantic efforts of the department to stop the news leaking to the press. Read More »

More UK companies and Government departments than ever are reporting data losses to the Information Commissioner’s Office, the UK data watchdog, according to recent data.

Reported incidents grew nearly 100% to 356 data losses in the period between November 2008 and September 2009, compared to 190 incidents between October 2007 and November 2008.

The most common type of loss was due to stolen hardware, usually laptops, with 127 such cases.  Another 71 were due to lost hardware – usually USB flash drives – and 78 due to misaddressed discs or memory sticks. 

It’s hard to say whether the number of losses has increased, or if organisations are simply reporting more losses than in previous years.  But it’s reasonable to assume that many of these losses would not have caused problems if the data had been stored on a secure USB flash drive.

As you may have seen in the news, there’s a widespread email phishing scam going on that has so far affected over 30,000 users of Hotmail, Google and Yahoo’s web mail services.  Username and password details for these accounts were posted briefly online. 

But there’s also an underlying security issue that needs attention.  Many people often use one password for multiple online applications, such as their webmail, online banking and more.  Which means if a hacker can crack one password, they may have access to many other aspects of your online life.

So it’s worth having a different, and complex, password for every online application that you want to protect.  This is easy to do with our Usecure USB flash drives, as the user interface requires that you use a complex alphanumeric password (it also gives you a handy reminder, just in case you should forget).  But it’s good practice to not use that password again!

The UK Government Information Commissioner’s Office (ICO) continues to be firm with public sector organisations that have had data losses.

This week, a Council in central England has agreed to comply with data protection principles, and signed an undertaking to assure the ICO that personal data will be kept securely in future.  A council employee lost an unencrypted memory stick which contained highly sensitive personal information on four families.

As part of the commitment, the council has agreed to ensure that portable and mobile devices, including laptops, USB flash drives etc are encrypted.  Staff will also be trained and made aware of policies for storage and use of personal information.

It’s good to see that these measures are being taken over losses of personal data, even when the actual volume of lost data is small.  Let’s hope that other countries take an equally firm stance on this issue.

The UK Government’s data protection watchdog has recently criticised another health organisation for two incidences of data loss in early 2008, one of which involved the loss of an unencrypted USB flash drive. 

While this can seem negative, it’s an example of how attitudes to data security in the UK public sector are changing.  As a result of the Government’s data watchdog’s vigilance and willingness of organisations that have suffered losses to change, the English National Health Service is one of the most advanced in successfully rolling out DLP systems, including mandatory hardware-encrypted USB drives.

An excellent example of how this can be done is given by NHS Dumfries and Galloway, which earlier this year deployed 1100 SanDisk Cruzer Enterprise secure flash drives to protect confidential patient data.

An interesting point was that NHS Dumfries & Galloway didn’t just hand the secure drives to users:  they held an amnesty so that staff could bring in old USB pen drives containing confidential information for orderly disposal.

The organisation arranged distribution days where they travelled to its various different office locations to give out the new drives.  This helped to ensure that all staff knew about the amnesty, and had a chance to familiarise themselves with the organisation’s updated polices – an example of good practice for anyone planning a similar roll-out.

One of the largest thefts of credit card details was revealed last week by web services provider Network Solutions, when it disclosed that hackers broke into its servers and stole details of over 573,000 debit and credit card accounts from its customers.

The company discovered in early June that its servers had been hacked into by unknown parties.  The servers provide e-commerce services such as Web site hosting and payment processing to nearly 4,500 small to mid-size online stores.

Worse, the hackers left behind malicious code, which allowed them to intercept financial information from people who made purchases at the online stores hosted on those servers from March to June 09.

While we often focus on data losses and leaks through lost or stolen portable storage devices, it’s a useful reminder that there are other attack vectors too.