Verizon releases its Data Breach Investigations Report

Posted by Caitlin on June 24th, 2008

Thanks for visiting the NextAdvisor Daily blog. You may want to subscribe to our RSS feed.

Verizon’s 2008 Data Breach Investigations Report, which analyzed 500 data breaches over the past four years, including three of the largest ever reported, offers some surprising and informative statistics.

• 73% of data breaches resulted from external sources
• 18% were caused by outsiders
• 39% implicated business partners
• 30% involved multiple parties
• 66% involved data the victim did not know was on the system
• 75% of breaches were not discovered by the victim
• 87% were considered avoidable through reasonable controls
• 62% were attributed to a significant human error
• 59% resulted from hacking and intrusions
• 31% incorporated malicious code
• 22% exploited a vulnerability
• 15% were due to physical threats

Although Verizon’s study indicated that far fewer data breaches resulted from insider sources, in the cases where the culprit was an insider, the size and consequences of the breach were significantly greater. The time it took to conduct an attack ranged from minutes to hours, but it generally took organizations months or years to discover the breach, and once they did discover the breach they were slow to respond. The average breach involved about 1.2 million records.

If you would like to know more about how you can protect yourself from identity theft, visit our identity theft protection service comparison guide.

• Traditional phone service losing ground to VoIP
• Data Breach Alert: Seven years of government medical data exposed
• Data Breach Alert: 70,000 impacted in OSU server breach
• 25 million identities left unprotected in the UK
• Data Breach Alert: Utah hospital loses thousands of patient records

Data Breach Alert: Laptop containing records for 62,000 current and former Stanford employees’ is stolen

Posted by Caitlin on June 24th, 2008

A laptop containing records for 62,000 current and former Stanford employees was stolen early this month. On June 5, Stanford discovered that the stolen laptop contained restricted information, and immediately began notifying the affected individuals. Anyone who received a paycheck from Stanford prior to September 28, 2007 is likely to be among those whose information was compromised. While Stanford attempted to reach all of these individuals, they do not necessarily have current contact information for every person affected.

The data on the laptop included:

• Name, gender, date of birth
• Social security number
• Salary, business title, office location, office phone number and Stanford e-mail address
• Home address and phone number
• Stanford ID card number and Stanford employee number

Stanford is working with law enforcement to recover the laptop. If you believe that you may be one of the affected individuals and have not yet been contacted by Stanford, you can call 1-888-200-8799 between 6:00 a.m. and 3:00 p.m. Pacific Time to speak with a Kroll customer service representative who can confirm if your records were compromised.

Learn more about identity theft protection options by visiting our reviews and comparison of identity theft protection services.

• Data Breach Alert: Stolen laptop impacts Virginia school employees
• Data Breach Alert: Stolen laptop exposes identities of 20,000 Kraft employees
• Data Breach Alert: Utah hospital loses thousands of patient records
• Data Breach Alert: Theft puts 13,000 Pfizer employees at risk
• Data Breach Alert: Stolen laptop leaves thousands of Connecticut State students exposed

Celebrity data breach! Lindsay and Paris’s private MySpace profiles compromised

Posted by Caitlin on June 20th, 2008

A glitch in the program Yahoo uses to make MySpace content accessible on cell phones caused pictures from Paris Hilton and Lindsay Lohan’s private MySpace profiles to become public. (MySpace has disabled the flawed software until the error can be fixed.) It’s too bad they hadn’t read our MySpace Identity Theft Protection Guide. This should serve as a reminder that if you’d like something to remain private, you probably shouldn’t post it on the Internet! Even when you think that access to your personal information is safely restricted, data breaches, glitches, and hackers will always be a risk. So if you are concerned about preventing identity theft, take a look at our reviews and comparisons. And if you are interested in preventing your online security from being compromised in other ways, consider internet security software.

• Data Breach Alert: Nevada government agency loses personal data of job seekers
• Facebook moves to protect users in partnership with 49 states
• Facebook security flaw exposes personal information
• Is your state putting your identity at risk?
• Is online data storage the secret to eliminating many data breaches?

Data Breach Alert: Names, addresses, and social security numbers of current and former University of Florida students compromised

Posted by Caitlin on June 18th, 2008

University of Florida officials are in the process of notifying more than 11,300 current and former students of a privacy breach in which the names, addresses and social security numbers of students who attended CLAS between 2003 and 2005 were temporarily posted online. Former student employees of the Office for Academic Support and Institutional Service, or OASIS, created online records of students participating in the program. The employees posted the information online so they could work with it remotely, but they did not install security measures to keep others from accessing it as well. The information has been removed and is no longer accessible. University officials sent letters of notification to those students whose information is believed to potentially have been compromised but were unable to find contact information for about 570 people.

We strongly suggest that anyone involved in this or other similar data breach consider using an identity theft protection service. Read our guide to identity theft protection services to learn more.

• Data Breach Alert: College students receive social security numbers of classmates over email
• Data Breach Alert: Western Carolina University exposes hundreds of social security numbers
• Data Breach Alert: Stolen laptop leaves thousands of Connecticut State students exposed
• Data Breach Alert: Tens of thousands impacted in Antioch College data breach
• Data Breach Alert: Thousands of Dominican University students impacted in secure file breach

Security breach at DivShare

Posted by Caitlin on June 17th, 2008

DivShare, a free, ad-supported online backup and file sharing service, experienced a security breach yesterday. Last night the company announced on its blog that user e-mail addresses and other basic information had been accessed by a “malicious user,” and advised users to change their passwords. Some stored files were unavailable for up to 18 hours as DivShare rolled out new security measures following the breach. While DivShare stated that no financial information had been compromised, this breach demonstrates the importance of security in online backup services. In order to safeguard important files, it is crucial to choose a secure and trustworthy online backup service.

DivShare is not one of the online backup services we have reviewed and recommended. As we posted a couple of weeks ago, Mozy and Carbonite, two of the services that we do recommend, were recently found to be the two most secure online backup services according to Heise, a German computer security publication. Both successfully thwarted attempts by all testers to gain unauthorized data stored on either service. To learn more about Mozy, Carbonite and other online backup services we have reviewed, view our online backup service comparison.

• Mozy and Carbonite receive high marks in security
• Mozy Mac support moves out of Beta
• Wake up and backup!
• 5 reasons why online backup services are superior to offline home storage solutions
• Carbonite agrees- online backup services are good for the environment

Data Breach Alert: Stolen laptop impacts Virginia school employees

Posted by Joe on May 15th, 2008

A laptop containing the the personal information of several Harrisonburg City Schools employees in Virginia was stolen earlier this month. The laptop belonged to BB&T insurance, a company contracted by the school district to administer their dental pan.

It is unclear exactly how many employees have been impacted by the data breach, but it has been confirmed that names, dates of birth, social security numbers and some medical history of school district employees was present on the laptop. A BB&T spokesperson confirmed the presence of the sensitive data on the stolen laptop and added that there are several security methods employed on the laptop to prevent access by criminals including passwords.

Learn more about identity theft protection options by visiting our reviews and comparison of identity theft protection services.

• Data Breach Alert: Stolen laptop exposes identities of 20,000 Kraft employees
• Data Breach Alert: Theft puts 13,000 Pfizer employees at risk
• Data Breach Alert: Utah hospital loses thousands of patient records
• Data Breach Alert: Stolen laptop leaves thousands of Connecticut State students exposed
• Data Breach Alert: Student hacker puts 35,000 teachers and staff on alert

Data Breach Alert: Thousands of Dominican University students impacted in secure file breach

Posted by Joe on May 15th, 2008

About 5,000 current and former students of Dominican University in Chicago were alerted late last month due that their personal information may have been breached as a result of a digital break-in of secure files by two current students. The school had held off on publicly announcing the breach until now in order to help minimize the overall impact of the breach but all impacted individuals were notified of the identity theft risk immediately.

School officials believe it was an isolated incident and there have been no reports of the compromised data being misused in any way. The school recommended that impacted individuals contact the three major credit bureaus and place fraud alerts on their credit reports. We discussed the difference between fraud alerts and credit freezes in our recent guide to fraud alerts and credit freezes.

Learn more by visiting our guide to identity theft protection services.

• Data Breach Alert: College students receive social security numbers of classmates over email
• Data Breach Alert: Stolen laptop leaves thousands of Connecticut State students exposed
• Data Breach Alert: Thousands of California students at risk for identity theft
• Data Breach Alert: Harvard hack exposed more data than initially thought
• Data Breach Alert: Western Carolina University exposes hundreds of social security numbers

Data Breach Alert: Theft puts 13,000 Pfizer employees at risk

Posted by Joe on May 12th, 2008

In what is becoming an alarming trend for Pfizer, the multi-national pharmaceutical company, about 13,000 employees have been notified that their personal information is at risk for identity theft after a company laptop and flash drive were stolen last month.

Pfizer has had six separate data breach incidents in the last year which have resulted in over 65,000 data breach notifications being sent to impacted employees and consumers. Those impacted by corporate data breaches should consider an identity theft protection service. Learn more by visiting our identity theft protection service reviews and comparison.

• Data Breach Alert: Stolen laptop exposes identities of 20,000 Kraft employees
• Data Breach Alert: Stolen laptop impacts Virginia school employees
• Data Breach Alert: MTV exposes personal data of 5,000 employees
• Data Breach Alert: Utah hospital loses thousands of patient records
• Data Breach Alert: Tens of thousands impacted in Antioch College data breach

Is online data storage the secret to eliminating many data breaches?

Posted by Joe on May 6th, 2008

We cover many different types of service providers at NextAdvisor which gives us a unique insight into how some of them may intersect to provide even more consumer value than an individual service may provide as a standalone product. One such trend may be the use of online file storage to help prevent the impact of data breaches and identity theft.

There is an alarming trend in the data breaches of personal information that we cover. A significant portion of these data breaches are caused by the loss of some sort of computer storage device, whether it is a USB drive or a laptop hard drive.

We have previously written about the many benefits of online file storage for backing up important files on your computer. We are now starting to wonder whether or not online file storage could be a major step that consumers and corporations could take to prevent the impact of data breaches involving the loss of laptops or other offline file storage devices.

The primary function of online backup services such as Mozy or Carbonite is to securely store a copy of important files you also store on your computer. However, these services also provide direct access over the Internet to files that are stored secure on these services. It would be possible for an individual to store all of their sensitive files, such as those that contain personally identifiable information, remotely and only access files from the Internet as they need them.

This would likely prevent many of the issues associated with losing a laptop or a portable file storage device because it would eliminate the need to store large amounts of personal data or financial data locally on your hard drive or storage device.

There are some logistical issues, such as the fact that you would need to be connected to the Internet in order to access files. However, it seems like there may be something to this given advances in online storage technology coupled with the increasing risks of identity theft.

Have any thoughts on the use of online file storage to help prevent identity theft? Let us know in the comments below.

• Wake up and backup!
• NextAdvisor launches new detailed online backup service FAQs
• 5 reasons why online backup services are superior to offline home storage solutions
• NextAdvisor reviews new online backup service ElephantDrive
• Users report bugs on Apple’s backup solution

Data Breach Alert: Poor website security puts untold number of Oklahomans at identity theft risk

Posted by Joe on April 17th, 2008

A major security flaw in the Oklahoma Department of Corrections website reportedly exposed the personal information of tens of thousands of Oklahoma residents for a period of at least three years.

Because the publicly available website lacked basic security protocols anyone with basic programming knowledge, an Internet connection and a web browser could easily access detailed information within the Oklahoma DOC’s database. It is also possible that information could have been changed within the database without the departments knowledge.

One recent investigator was able to extract over ten thousand records, including social security numbers, from the website.

The security issue appears to be fixed, although the Oklahoma Department of Corrections has made no official announcements about the data breach itself.

We strongly suggest that any Oklahomans that believe they may have been impacted by this data breach should learn more about identity theft protection options. View our identity theft protection service guide to learn more.

• Data Breach Alert: 70,000 impacted in OSU server breach
• Data Breach Alert: Registration website exposes presidential primary voters to identity theft
• Is your state putting your identity at risk?
• Data Breach Alert: City website exposes firefighters personal information
• Data Breach Alert: Health insurer exposes personal information of 128,000 customers