Data breaches are making headlines – how can you protect your customer’s information?

Forty-six states have now enacted data breach notification laws, whereby businesses must contact consumers to advise when personal data is lost or stolen. Laws also exist in the District of Columbia, Puerto Rico and the Virgin Islands. The remaining states are expected to also enact such laws.

But why are they necessary? Because breaches happen, and because those who are affected have a right to know that their sensitive data has been breached so that they can take action to protect themselves.

The number of incidents of data breach seems to be on the rise. Why is this? Being that most of them originate with human error, it seems likely that a combination of lack of awareness, lack of education, sloppiness and poor decisions are the reasons.

High profile breaches seem to happen on a constant basis. Among the new ideas in data protection is the banning of physical transfer of data. But it all seems to come down to one thing: training people in the proper handling of data and subsequent exercise of care. In other words, employees must show constant awareness of what they are doing, what they are putting where, why, when and how.

The culture of your organization will help you determine how to protect your customer’s information. It all boils down to electronic culture – knowing what you’re doing with electronic data and what that electronic data produces, such as paper and other physical records and repositories, or anything that can store and transport data. Policy, education and training can all lead to control.

Does your company conduct regular training sessions? You may want to include, on a regular basis, training on protecting the personal information of your client base.

Don’t let your company’s good standing be mauled by a data breach. The fallout – loss of trust, loss of reputation and reparations – can be huge.

The internet is buzzing with news stories of iPad owners being affected by a recent data breach. The data of owners of this AT&T device was hacked into and over 100,000 email addresses are at risk. It is reported that this data alone won’t give thieves access to the devices, but it will make it much easier for them to be able to access sensitive information.

The most recent news stories reflect that influential individuals, such as the Mayor of New York City and the White House Chief of Staff were affected by this recent data breach.

The breach is a result of a flaw with a web site owned by AT&T, not with the iPad itself. This breach was found by a private security expert who personally owns an iPad and was toying around with the device. By Tuesday of this week, AT&T reported that the issue had been fixed.

“AT&T was informed by a business customer on Monday of the potential exposure of their iPad,” AT&T spokeswoman Susan Bell said. “The only information that can be derived from the ICC IDS [customer identification system] is the e-mail address attached to that device. This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.”

Both the FBI and the FCC have responded to this recent data breach by increasing their investigation into any threat this might pose.

The ABC News website has recently released an article that summarized the top 10 data breaches of the decade. When adding the total number affected together, along with the fact that these are only the top 10, it is easy to see why it is so critical to regularly monitor your credit and question or refute ANY discrepancies that you see.

1)    Heartland Payment Systems
Year: 2009
Number Affected: undetermined
Description:     Hackers were able to access millions of credit card transactions via     computer.

2)    TJX Companies
Year: 2007
Number Affected: 45 million
Description:    Affected several companies, such as T.J. Maxx and Marshalls. 45 million customer records were stolen from years 2003-2004, however, the breach was reported in 2007.

3)    U.S. Department of Veterans Affairs
Year: 2009
Number Affected: 76 million
Description: A defective data drive containing data of veterans was sent for repair.

4)    Card systems
Year: 2005
Number Affected: 40 million
Description: This credit card processor exposed cards to potential fraud and it was reported that hackers did use many of those card numbers.

5)    U.S. Veterans Affairs
Year: 2006
Number Affected: 17.5 million
Description: A laptop containing personal information of veterans was stolen from an employee’s home. FBI did report that the laptop was found and the data was not compromised.

6)    Bank of New York Mellon
Year: 2008
Number Affected: 12.5 million
Description: A box of data tapes with personal information was lost while being transported to a storage facility. Those affected were offered credit monitoring services for 36 months, among other service.

7)    Certegy
Year: 2007
Number Affected: 8.5 million
Description: An employee of this financial services firm, based in Florida, stole customer financial records. They did later plead guilty and were sentenced to a fine and jail time.

8)    TD Ameritrade
Year: 2007
Number Affected: 6.3 million
Description: The database of this investment company was hacked and customer records stolen. Information stolen included names and email addresses, resulting in spam to customers.

9)    CheckFree
Year: 2008
Number Affected: 5 million
Description: This online bill payment company, out of Atlanta, was also hacked into. The company domain name was redirected to a Ukranian hosted website that tried to install malware on the computers of site visitors.

10)    Hannaford Bros. Chain
Year: 2009
Number Affected: 4.2 million
Description: This is a supermarket chain based out of Maine. Stores affected were throughout the northeast and Florida. Over 1,500 cases of alleged fraud were reported as a result of this breach.

PC World has recently reported that over 10,000 Hotmail account usernames and passwords were posted online by hackers who wanted to show that they could gain access to sensitive information. The accounts posted included those that started with ‘A’ and ‘B’ in alphabetical order. The total number of accounts hacked could be upwords of 100,000 that were not posted, but are compromised. (more…)

It is now October and the year has almost come to an end. How fast this year has gone by and unfortunately, many thousands have been involved in countless identity theft scams and data breaches, including the following reported last week…
(more…)

Last week, a news stories published by CompterWorld was posted that the University of North Carolina at Chapel Hill began notifying over 100,000 women about the possible exposure of their social security numbers and other personal information. A computer hacker has breached the university computer system and it has been found that these records were accessed. It is not believed at this time that the data has been downloaded or modified. (more…)

According to their corporate website, Radisson Hotels & Resorts have had a recent data breach of credit card numbers between November 2008 and May 2009. They are working closely with law enforcement and other authorities to analyze the situation, however,  the number of names and credit card numbers affected has not yet been released. They are reporting that no social security numbers were accessed in this breach. (more…)

Recently, the media has reported that an identity thief, said to be associated with the largest case of identity theft to date, has been caught. Albert Gonzalez, 28, ran an operation in which he hacked into over 100 million credit card accounts. Gonzalez (residing in Miami, FL) was charged on Monday for credit and debit card theft. He is reported to have stolen 40 million card numbers in the past, so this is at least his second offense. He was able to obtain the numbers by hacking into retail store computer networks. If convicted, Gonzalez faces up to 20 years in prison. Gonzalez was involved in the following data breaches (reported earlier): Heartland Payment Systems; 7-Eleven Inc, TJX Companies, Dave & Busters, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21, DSW and others. There are also unidentified company breaches that Gonzalez, and his conspirators, were involved with. (more…)

According to a Sacramento news website, Sutter Health workers will soon be receiving a letter that their personal data has been compromised. The social security numbers’ of approximately 6,000 personnel was saved to a laptop that was reported missing back in 2007. The laptop recently was turned in to a repair shop. Once technicians at the repair shop realized what the file contained, they returned the hard drive to Sutter Health. They also wrote a certified letter stating that they did not retain any of the information contained on the hard drive.
(more…)

There are literally hundreds of thousands of people who have been exposed to a data breach in recent months. Data breach protection is on the minds of many. Even though you may protect your own data, you might be concerned with protecting yourself in the event that your data was involved in a company data breach.

(more…)