Information security analytics

Monster.com recently posted a PSA on their site notifying users that their database was illegally accessed and certain contact and account data were taken, “including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data.” The information accessed does not include resumes. Monster says they initiated an investigation and took corrective steps, and so far, have not detected misuse of the information.

The breach year 2009 starts slowly. Lame January seems no so quiet as it seemed before – the overall data loss increases. And not only data loss is the case, rather the growing number of intentional breaches. 2 out of 5 this week’s breaches were intentional (one breach brought 300 thousand dollars of financial damage). The largest breach of the week happened in Japan. Nearly 100 thousand students were affected by the leak of the personal data to the Internet. Breaches of the week:

The year 2008 was marked by the highest number of the breaches in the history of Mankind. And the situation doesn’t seem to be improving so far. With every passing year, number and volume of the breaches increase. Their economic damage rises as well. Although, if you believe in the saying „The way you meet New Year – the way you spend it”, 2009 is not gonna be that bad. During the holidays break only minor breaches prevailed. Let’s see, if the coming year will be as quiet as first days. Breaches of the period:

Computer tapes holding private customer information including names, addresses, driver's license numbers and financial account numbers were stolen from a Pulte Homes office in Las Vegas last month. So far, there is no indication that any of the information has been used for identity theft, Pulte spokeswoman Jacque Petroulakis said Wednesday. Information on both home buyers and employees was on the tapes.

The last week of December didn’t bring peace to the world of breaches. This week’s largest incident happened at the RBS Worldpay. The breach has been discovered pretty late – about 100 of vote fraud cases has been initiated. Another two incidents also brought serious financial damage: one breach at the Federal Emergency Management Agency and the one at the Cedars-Sinai medical center. Breaches of the week:

A sophisticated computer hacker was able to breach the security system of two Lorain County Community College servers in an attack during the Thanksgiving holiday break. One of the servers contained records of approximately 22,000 students, community users, and employees and their Social Security numbers. The breach is being investigated by forensic experts and the FBI.

There were numerous breaches but no accidents could be called serious this week. 3 out of 7 breaches were accidental, while intentional breaches didn’t aim personal data (rather than hardware). The data-leaking organization list was also common: universities, governmental and medical services. Breaches of the week:

The New Hampshire health department mistakenly released 9,300 names and Social Security numbers of Medicare recipients. The clients’ information was mistakenly attached to a Dec. 1 e-mail sent to 61 providers and health-related organizations, such as nursing homes and home health care agencies. The attachment contained names, addresses, Medicare Part D plan information, Social Security numbers and the amount of each person's monthly premiums.

Black market criminals are offering to sell details on 21 million German bank accounts for €12 million (US$15.3 million), according to an investigative report published Saturday. Reporters for WirtschaftsWoche (Economic Week) managed to obtain a CD containing 1.2 million accounts after a November face-to-face meeting with criminals in a Hamburg hotel, according to the magazine.

The Agency for Workforce Innovation (Florida, US) accidentally posted the sensitive information (including Names, social security numbers and employment information) for 250000 people looking for work. All those numbers were left online for at least 19 days. The Washington DC based Liberty Coalition spotted the error.