Tag Archives: data breach

Security

NY Health Provider Excellus Discloses Data Breach Dating to 2013

Leave a comment

Excellus BlueCross BlueShield, a large health care provider in New York state, says it was hit by an attack that began in 2013 and wasn’t discovered until last month, resulting in the compromise of members’ personal information, including Social Security numbers, addresses, financial and account information. The company did not specify how many people potentially […]

AVG

A London NHS clinic leaks 780 patients’ details.

Leave a comment

The 56 Dean Street clinic in London accidentally released the names and email addresses of 780 patients who have attended HIV clinics.

In a statement released on their website, a spokesperson for Chelsea and Westminster Hospital NHS Foundation Trust stated:

“We can confirm that due to an administrative error, a newsletter about services at 56 Dean Street was sent to an email group rather than individual recipients.

“We have immediately contacted all the email recipients to inform them of the error and apologise. Any concerned patients can call  020 3315 9555 and 020 3315 9594.”

In an interview with BBC Dr. Alan McOwan has said that, “Not everybody on the list is HIV positive.”

This data breach comes on the heels of a similar incident that occurred earlier last month to UK based holiday company Thomson. The 56 Dean Street clinic data breach, while unfortunate, again underscores the importance of having appropriate data security policies and procedures in place, as well as the need for employee training on the handling and protection of sensitive data.

The cost of a data breach can affect more than your bottom line, it can affect lives too. So if you’re in doubt about the security of your own IT infrastructure, download AVG’s Small Business IT Security Guide or take the AVG Small Business IT Security Health Check now to find out what you can do to help prevent security and data breaches.

If you need comprehensive protection against online threats for your business PCs, network and email, take a look at AVG Internet Security Business Edition.

AVG

Thomson data breach exposes passenger details

Leave a comment

Thomson, a UK based holiday company, apologized to their customers this weekend about a small but rather significant data breach. This comes on the back of much larger breaches such Ashley Madison in the US within the last few weeks.

My attention was grabbed by the depth of what data was breached and also the method in which it was distributed, rather than the quantity of what was mistakenly disclosed. Just 458 people have been effected, all of them UK based.

In a statement, Thomson apologized and said “We are aware of an email that was sent in error, which shared a small number of customers’ information. The error was identified very quickly and the email was recalled, which was successful in a significant number of cases”.

The interesting element to this story is that regardless of the perimeter security that Thomson has in place to avert hackers and cybercriminals, a simple human error of attaching data to an email has caused concern for a number of customers.

The data included in the breach includes: name, home address, telephone number, flight dates, email address and the outstanding balance due. The data was shared with all the people on the list itself, so 458 people have the data.

There are technologies available that allow companies to limit the data that is sent out in emails or other communications. These are termed ‘data leakage prevention’ technologies and I am sure that the Thomson IT team will be evaluating a solution of this type.

In the BBC article that covered this breach the people effected are talking about cancelling holidays and are of course worried about being burgled.

What advice can be offered in this instance? An obvious one is to change the dates of your holiday and insist that Thomson cover the costs. In reality though many people have probably scheduled time off work, and its not easy to change plans. I think if this happened to me, the option I would take is to have someone house sit for me while I am away.

Follow me on Twitter @TonyatAVG

AVG

Ashley Madison hack – the importance of securing your personal data

Leave a comment

I have just read the informative blog written by my colleague Michael McKinnon, detailing the extent of the data breach that AshleyMadison.com suffered earlier this month.

As with all data breaches, the first thing people ask themselves is, “does it affect me and what precautions can I take?”  When a large amount of data is stolen that includes personal details such as credit card numbers and date of birth, you can take measures now to minimize the risk of your data being misused in the future.

What can we do to protect ourselves after a data breach?

  • Ensure your online accounts are not using the email address and a password that could be guessed from personal information, if you are then change the password.
  • Keep a close watch on your credit reports. This will help you identify if someone is using your identity to take a line of credit in your name. Most credit scoring agencies allow you to run a report for free at least once.
  • Spammers may send emails that look like they are coming from valid sources. Make sure to carefully scrutinize these emails – don’t click on links that look suspicious – and if in doubt contact the sending organization directly to ensure it’s an official communication.
  • Avoid using the same email address or profile name across multiple online accounts. For example, have a primary email address used for recovery of forgotten passwords and account information. Have a secondary email address for offline and online retail transactions. Have a third for financial accounts and sensitive information.
  • Set privacy settings.  Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.
  • Check electronic statements and correspondence.  Receipts for transactions that you don’t recognize could show up in your mail.
  • Use strong passwords and two-factor authentication: See my previous blog post on how to create complex passwords that are easy to remember.
  • Have updated security software.  Updated antivirus software will block access to many phishing sites that ask for your personal data.

Lastly, you may want to consider enlisting an identity monitoring service.  Commercial companies that have been breached often offer this reactively to the victims but understanding where or if your identity is being abused in real-time will give you the ability to manage issues as they happen.

Follow me on Twitter @TonyatAVG

AVG

Ashley Madison Hack – what has been leaked?

Leave a comment

As with all privacy breaches there are multiple victims here. The customers whose personal data has been leaked, as well as the company trusted to keep it secure; a trust that may never be regained.

However, what makes this case highly significant is the collateral damage that will likely spread beyond just the direct privacy breach.  Family ‘secrets’ are revealed and victims are ‘ousted’ – seemingly at the hands of anonymous hackers with a point to prove.

Another oddity in this case is that AshleyMadison.com charges only men for their subscriptions and message credits, while female users are able to use the site free of charge.  This has resulted in the victims consisting mostly of men, connected by way of their credit card transaction histories, causing an asymmetry rarely seen in data breaches made public.

While the hackers have released the data in what could best be described as a harsh and judgmental way, they do offer some clues about how trustworthy the data may or may not be, “Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles.”

On that note, remember that the information obtained and released by hackers in data breaches by their very definition is never verified by the companies who are breached, and so this brings into question the integrity of all the data, regardless of how authentic it might seem.  For example, there may be deliberately false information inserted by the hackers designed to damage reputations or serve another agenda.

Accordingly, as already reported the hackers also provided this disclaimer of sorts, “Chances are your man signed up on the world’s biggest affair site, but never had one.”  In short, make sure you have all the facts before a potentially dangerous and damaging real-life Internet hoax unfolds in your own backyard.

Here’s a summary of the exact data that was breached:

  • Full names and addresses
  • Birthdates
  • Email addresses
  • Credit card transactions
  • GPS Coordinates
  • User Names & Passwords
  • Sexual Preference
  • Height, Weight, physical characteristics
  • Smoking and drinking habits

Lastly, while it may be easy to fall into the trap of victim-blaming and judging based on your own set of moral or ethical standards in this case – as social media opinions begin to rush forth in the coming days and beyond, it’s important to keep sight of the broader picture of what is transpiring.

Today’s breach may well affect nearly 30 million victims, and maybe you don’t know any of them… this time.  Next time, in another context, it could be you.

In the meantime, let’s hope that the active investigation into the perpetrators behind this hack are brought to justice, because as the statement from Avid Life Media rightly asserts, this is an act of criminality.

Until next time, stay safe out there.