Tuesday, February 7, 2006

All Your Data Belong to Us

Man, have the reports of data leakage been crazy the last couple of weeks. Here are some of the highlights...

1) Guardian Unlimited (Feb 7th) - Russian thieves have stolen more than €1m (£680,000) from personal bank accounts in France using "sleeper bugs" to infect computers. French authorities claim the thieves can take control of and empty a bank account in seconds. In one hit, a bank customer lost €40,000.

Police say the virus is embedded in emails or websites and remains dormant until the user contacts their bank online. When that happens, the bug becomes active and records passwords and bank codes which are then forwarded to the thieves. They then use the information to check the victim has money in the bank before transferring funds to the accounts of third parties, known as mules, who may have agreed to allow money to pass through their accounts in return for a commission of between 5% and 10%.

2a) Boston Globe - It has come to our attention that consumers are receiving telephone calls from companies offering to assist them prevent credit card fraud. These companies, including one calling itself the “National Verification Office”, are asking consumers to provide the credit card or bank card information the consumer used to pay his or her Boston Globe or the Worcester Telegram & Gazette subscription. These companies are NOT AFFILIATED with the Boston Globe or the Worcester Telegram & Gazette.

2b) Boston.com (Feb 1st) - Credit and bank card numbers of as many as 240,000 subscribers of The Boston Globe and Worcester Telegram & Gazette were inadvertently distributed with bundles of T&G newspapers on Sunday, officials of the newspapers said yesterday.

3) Networkworld.com (Feb 6th) - A small Lockport, Manitoba-based distributor of herbal remedies has for the past 15 months been mistakenly receiving faxes containing confidential information belonging to hundreds of patients with Prudential Financial's insurance group. The data exposed in the breach -- and faxed to the company by doctors and clinics across the U.S. -- included the patients' Social Security numbers, bank details and health care information.

4) InfoWorld.com (Feb 6th) - Honeywell International Inc. says a former employee has disclosed sensitive information relating to 19,000 of the company's U.S. employees. Honeywell discovered the information being published on the Web on Jan. 20 and immediately had the Web site in question pulled down, said company spokesman Robert Ferris.

5) Networkworld.com (Jan 27th) - About 365,000 hospice and home health care patients in Oregon and Washington are being notified about the theft of computer backup data disks and tapes late last month that included personal information and confidential medical records.

-----------------------------------------------

As you can tell, data loss comes in many forms.

Thieves stealing backup tapes, normal people making mistakes, old employees taking some anger out for kicks, and organized groups of hackers (perhaps even foot soldiers of Russian organized crime group).

Now just think about all the cases that are not reported....yeah - exactly.

No comments:

Post a Comment