Category Archives: Data Breach

Top 10 Overlooked Security Risks: 3 of 10

Data Destruction and Disposal

Companies often forget about data once they stop using it day-to-day. Leaving outdated data on sunsetted systems increases your potential exposure in the event of a data breach. Ensure that data no longer actively used is properly disposed of and devices that contain data, such as laptops, old hard drives and USB drives are properly DoD data wiped or destroyed. Retired company laptops may still retain recoverable data on their hard drives even after formatting. A policy-driven culture enforcing proper destruction and disposal of retired equipment is best practice.

Breach Exposes Sensitive California State Employee Data

Data Breaches occur almost on a daily basis. You may not know that your IT Security problem is. We will find it and we’ll develop and implement real-world solutions.  Read on to learn more about the data breach that leaked state government material.

News has surfaced of a breach of sensitive data of California state employees.

As reported by The Sacramento Bee, it appears thousands of Social Security numbers have been exposed at the Department of Fish and Wildlife, with the department confirming so in a memo sent to its staff.

It is alleged the breach was discovered in December last year but was only disclosed to employees this week. The California Highway Patrol is thought to be investigating the incident, which is believed to have been brought about as a result of a former state employee downloading data to a personal device before taking the device outside of the state’s network. Read more »

The most common type of data breach in hospitals? Paper records, study suggests

Our HIPAA risk assessment includes a comprehensive review of your current IT and data security policies, procedures, networks, systems, and configurations. Adsero Security can help your company or practice improve its security and HIPAA compliance. Read on to discover what type of data breach is most likely to happen in a hospital and how this could lead to a HIPAA disaster.  Read more »

FedEx data breach: 119,000 passports or photo IDs found on unsecured server

We are solutions, builders who provide comprehensive, complete, IT security management programs. In an IT security solutions initiative involving many vendors, we are the project managers who pull it all together and make sure it works as planned- for the long term. Breaches such as the one afflicting FedEx could have been avoided if Adsero Security were involved. Read on to find out how this happened.

Thousands of FedEx (FDX) customers’ private information was exposed after the company left scanned passports, driver’s licenses and other personal documentation on a publicly accessible server.

The incident was first discovered by researchers at a German-based security center called Kromtech earlier this month.

According to the security firm, the server belonged to Bongo International, a company that helped customers with shipping calculations and currency translations. FedEx purchased Bongo in 2014 but renamed the company FedEx Cross-Border International a year later before discontinuing the service in April 2017.

FedEx said on Thursday that it has secured some of the customer identification records that were exposed earlier this month and added that so far it has found no evidence that private data were “misappropriated.” The company, however, said it continues to investigate.

“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation,” a spokesman confirmed to FOX Business on Friday.

The data breach could affect anyone who might have used Bongo’s services anytime from 2009 to 2012, and it’s possible the data were exposed online for several years,” according to Bob Diachenko, Kromtech’s head of communications.

Viewpoint: Equifax breach is a reminder of society’s larger cybersecurity problems

Our society is faced with an array of opportunities of being hacked. This is why Adsero Security’s specialty in writing IT security policies and training your staff on policy adherence thus developing a culture of compliance is so important. Read on to discover why cybersecurity issues affect society as a whole.

The Equifax data breach was yet another cybersecurity incident involving the theft of significant personal data from a large company. Moreover, it is another reminder that the modern world depends on critical systems, networks and data repositories that are not as secure as they should be. And it signals that these data breaches will continue until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures.

Although this specific incident is still under investigation, the fact that breaches like this have been happening – and getting bigger – for more than a decade provides cybersecurity researchers another opportunity to examine why these events keep happening. Unfortunately, there is plenty of responsibility for everyone.

Several major problems need to be addressed before people can live in a truly secure society: For example, companies must find and hire the right people to actually solve the overall problems and think innovatively rather than just fixing the day-to-day issues. Companies must be made to get serious about cybersecurity – at a time when many firms have financial incentives not to, also. Until then, major breaches will keep happening and may get even worse.

Finding the right people

Data breaches are commonplace now, and have widespread effects. The Equifax(NYSE: EFX) breach affected more than 143 million people– far more than than the 110 million victims in 2013 at Target, the 45 million TJX customers hit in 2007, and significantly more than the 20 million or so current and former government employees in the 2015 U.S. Office of Personnel Management incidentYahoo’s 2016 loss of user records, with a purported one billion victims, likely holds the dubious record for most victims in a single incident.

Read more »

Uber says hackers behind data breach were in Canada, Florida

Hackers can strike from anywhere. This means that any organization is vulnerable. Adero’s penetration testing allows clients to detect their areas of vulnerability. Read on to discover how easy it was for two people to hack into Uber’s system.

The two people behind a 2016 data breach at Uber Technologies Inc. were found to be in Canada and Florida, an Uber cyber security executive told the U.S. Congress on Tuesday.

About 25 million users affected by the breach are users located in the United States, John Flynn, chief information security officer at Uber, said in written testimony to a Senate Commerce Committee panel.

Uber announced the breach of 57 million worldwide users last November. Of those impacted in the United States, 4.1 million were drivers, according to the testimony.

Uber Canada announced late last year that 815,000 Canadian riders and drivers may have been affected.

The testimony from Flynn is the most comprehensive public account to date of the Uber hack, the handling of which prompted newly appointed Uber chief executive Dara Khosrowshahi to fire two of the company’s top security officials.

Reuters reported in December that a 20-year-old man was primarily behind the massive data breach, and that he was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities.

Flynn confirmed the man who obtained data from Uber was in Florida and that his partner, who first contacted the company on Nov. 14, 2016, to demand a six-figure payment, was located in Canada.

The company’s security team made contact with both people and received assurances the pilfered data had been destroyed before paying the intruders $100,000, Flynn said.

Read more »

How a Sneaky Data Hack Increases Liability Risks for Corporate Directors

Adsero Security develops long-term solutions that are supported by written policies. Issues arise such as hacking. This can be prevented via penetration testing. Check out this article about how easy it is for organizations to be hacked.

Directors Facing Increased Liability for Data Breaches

Because two of my clients – 360 Advanced and Adsero Security – provide IT data breach auditing and remediation services, I was especially interested when I learned of how a major corporation had been so easily hacked recently.

The hackers got inside the corporation’s accounts payable department and had a pretty hefty check sent to them, which was cashed and cleared. The corporation’s vice president for information technology (IT) and his team reported to the board at its monthly directors and management meeting that “everything’s OK now.”

Is it? Could the hackers still be inside, or worse, inside the company’s vendor and partner IT systems?

“Duty of care” Demands Auditing Risks as Hacks Increase

Statistics show that once data thieves are in, they can hide for months undiscovered until they strike again – this time at an even greater cost to the victim and their vendors and partners. Data thieves got inside Target through an air conditioning/heating vendor and loitered at their leisure, and Yahoo! and Equifax still aren’t certain who or how they were breached.

Which brings me back to the corporate board of directors. The corporation victimized by the hackers in this instance has not had an outside, third-party audit of its IT systems and data security processes and protocols by a QSR – Qualified Security Assessor. Could that failure lead to a lawsuit against its officers and directors for failure to exercise the concept of duty of care when there is another future hack? With news of major hacks every day now, should boards be more diligent in ordering management to have such audits? Read more »