Information security analytics

The theft of two laptops containing private details from a Verizon office has left the telecom firm's employees open to identity theft. The company has stressed that the theft was a random act and poses no danger, though that may be wishful thinking. Two laptop computers containing the private details of Verizon employees were stolen from one of the telecom company's offices in early March. The number of staff affected was not disclosed.

A recent survey has revealed that directors from around the world are afraid of making mistakes and falling foul of the Sarbanes-Oxley Act. Furthermore, the fear of being held personally responsible for violating Sarbanes-Oxley has led to directors declining board seats where they feel the risks are too great.

A college in Denver believes it may have lost the private data of 93,000 students after a laptop computer was stolen from the home of a college employee in late February. The Metropolitan State College recently announced the theft of a laptop which the organization believes could contain the private details of more than 93,000 students. The computer was stolen from the home of a school employee late last month.

Various respected sources have reported that the cost of complying with corporate regulations has doubled in the last three years, with the largest single expenditure (22% of the total) arising from the Sarbanes-Oxley Act. The U.S. Securities Industry Association (SIA) recently published the results of a survey showing that the amount a company has to spend on compliance with industry regulations and legislative acts has increased from $13 billion in 2002 to $25 billion in 2005. The costs wiped out 5% of the industry's annual net revenues, the SIA said.

A laptop computer with the private details of 4,000 patients at a Houston hospital has been stolen from the home of a PricewaterhouseCoopers auditor. However, the data was encrypted and no reports of fraud have been reported as yet, suggesting the auditing firm has an effective IT security policy in place.

NCsoft, the creator of the computer games Lineage and Lineage 2, faces a lawsuit from thousands of identity theft victims in South Korea. It is believed 230,000 stolen identification numbers were used to register for the online games. Lawyers involved in the case said they will claim damages of $1,000 for each plaintiff. The maker of some of online gaming's most popular products, NCsoft, faces a possible

Ernst & Young, whose services include advising its clients on how to protect confidential information, lost 5 laptops last month compromising data that included social security numbers. One of those affected was Sun Microsystems CEO Scott McNealy. Only after Ernst & Young was confronted by the press did they publicly acknowledge the losses.

For almost a year a database containing the passport details of 16.5 million current and former residents of the Russian capital has been on sale. Under the current laws, those selling the data cannot be prosecuted, though serious questions remain as to where the information came from in the first place. Despite claims by the Interior Ministry that the database could have been compiled from several other sources available on the market, the InfoWatch analytical center is convinced that the data was leaked from state agencies.

A proposal by a subcommittee of the Securities and Exchange Commission to ease auditing checks of smaller businesses' internal controls has met with opposition from a former Federal Reserve chairman and a former SEC chairman. Experts from the InfoWatch analytical center, however, point out that the proposal would help ease the crippling costs that the requirements of the Sarbanes-Oxley Act impose on small businesses.

The problems of protecting private data are felt even by those companies which specialise in the field. Despite McAfee's area of work, the company recently lost sensitive data of 10,000 current and former workers with a little help from a Deloitte & Touche employee who left a data disk in an aeroplane. The U.S. developer of anti-virus solutions, McAfee, recently announced the loss of private data belonging to 10,000 current and former employees.