03 October 2014, 16:56
During the attack on the American bank JPMorgan, which came to light in late August, attackers have stolen the data of 83 million customers. This stolen data includes data of 76 million households and 7 million small businesses. The stolen information includes name, address, telephone number and email address, as the bank acknowledges in an 8-K Form of the Securities and Exchange Commission.
According to JPMorgan, there are no indications that they have acquired account numbers, passwords, user names, birth dates or Social Security numbers. In addition, there would be no detection of unusual fraud in relation to the incident. During the attack, which remained undetected for months and only came to light during a routine check, gigabytes of data were stolen.
In the second quarter of this year, the attack traffic on port 80 (HTTP) nearly doubled, reports Internet giant Akamai in a new report. The attack traffic increased from 8% in the first quarter to 15% in the second quarter. The reason for this increase is, however, not given.
Nevertheless, the increase in attack traffic on port 80 ensures that port 445 is no longer in the first place of most attacked ports. Port 445 is used by Microsoft Directory Services and has been the most attacked port on the Internet until recently. The infamous Confickerworm is one of the threats that is spread via this port.
It is only the third time since Akamai started measuring, that port 445 is not at the first place. In the second quarter the attack traffic remained unchanged at 14%. The remaining ports in the top 10 experienced an increase in attack traffic as well.
News release: 25 October 2012 Source: ICO.gov.uk
The Information Commissioner’s Office (ICO) is reminding organisations that sensitive personal information should be encrypted when being stored and sent electronically.
The news comes as Stoke-on-Trent City Council receives a monetary penalty of £120,000 following a serious breach of the Data Protection Act that led to sensitive information about a child protection legal case being emailed to the wrong person.
Stephen Eckersley, Head of Enforcement at the ICO, said:
“If this data had been encrypted then the information would have stayed secure. Instead, the authority has received a significant penalty for failing to adopt what is a simple and widely used security measure.
“It is particularly worrying that a breach in 2010 highlighted similar concerns around encryption at the authority, but the issue was not properly resolved.
“The council has now introduced new measures to improve the security of information sent electronically, as well as signing a legal notice to improve the data protection training provided to their staff. This should limit the chances of further personal information being lost.”
The breach happened on 14 December 2011 when 11 emails were sent by a solicitor at the authority to the wrong address. The emails included highly sensitive information relating to the care of a child and further information about the health of two adults and two other children. The emails should have been sent to Counsel instructed on a child protection case.
While the authority was able to establish that the email address used was valid, the recipient failed to respond when asked to delete the emails.
The ICO’s investigation found the solicitor was in breach of the council’s own guidance which confirmed that sensitive data should be sent over a secure network or encrypted. However, the council had failed to provide the legal department with encryption software and knew that the team had to send emails to unsecure networks. The council also provided no relevant training.
When reaching today’s decision, the ICO also took account of the undertaking previously signed by the authority in early 2010. During this incident sensitive data relating to a childcare case was lost after being stored on an unencrypted memory stick. At the time the council agreed to introduce improvements to keep people’s data secure, including the introduction of encryption for portable devices used to store personal data.
News release :2012-08-26 15:27:30 Source: Frost & Sullivan
ID Control, specialist in strong authentication and One Time Passwords (OTP) has been added to the Frost & Sullivan analyses of the worldwide OTP market as a market contender.
ID Control differentiates itself from the market by offering one platform with a wide range of authentication and OTP solutions and enabling their customers to choose which solution suits their personal requirements.
The platform consists of hard- and software solutions such as:
Hardware: USB Token based OTP with PKI, OTP hardware keys, credit card sized OTP keys.
Software: SMS OTP (MessageID), OTP mobile app (HandyID), ID Control gives its customers the option to send OTPs via an encrypted email message through its MailID product. Before entering the internet bank, a MaillD PDF with an OTP inside which is PIN protected is sent to the user’s email address This avoids the cost associated with hardware and SMS OTP’s
Attractive pricing. By offering their products either in an on-premise model or a monthly / yearly subscription model ID Control is able to serve every company or organisation a solution for their security needs no matter what the budget is.
ID Control has a strong focus in the financial vertical but also develops their solutions to be user-friendly for all vertical types.
“Online banking fraud losses totalled £21.6 million during January to June 2012 – a 28 per cent increase on the 2011 half-year figure. This has been driven by a huge increase in the number of phishing websites set up by criminals as part of a scam to trick customers into visiting these fake websites and disclosing their online banking login details. Losses in this area also reflect the trend in card fraud, with deception scams resulting in increases. Online banking customers are being tricked into divulging their online login details and passwords over the phone to someone they believe is from their bank but is actually a fraudster.”
The complete UK Cards Association report can be found here.