	home \| site map

links 1

BBC News Technology Report from Infosecurity 2009

NEWS - NHS trusts warned on patient data

Top 10 Data Security Breaches by removable devices

This is a short list of the top 10 most severe data security breaches envolving removable storage devices. The list highlights the inherent risks with these types of devices where proper encryption is not employed.

Two computer disks contaning personal details of upto 25 million individuals and 7.25 million familys in the UK, were lost after being sent via unregistered post. The password protected disks contain names, addresses, dates of birth, national insurance numbers and in some cases bank details. The unencrypted disks do not appear to have fallen in to the worng hands, MP's urge people to watch for suspicious bank transactions.
UK Policeman loses memory stick containing terrorist cell information. 'The black 4GB stick was lost after being taken out of Castle Vale police station by an officer on patrol. It was reported that the memory stick contains details of terror cells being tracked by police but the force refused to comment.' Article
UK Prison inmate information loss. 'a consultant for PA Consulting copied files containing records on all 84,000 prisoners in England and Wales onto a USB drive, which then got lost.' Article
Sumitomo Bank Heist. This incident is still the largest attempted bank robbery in history. A PS2 hardware keystroke logger was used to capture information used to attempt SWIFT wire transfers from the London Branch of Sumitomo Mitsui. More details are trickling out from the trial of the some members of the gang this month. Questions on Sumitomo
Apple ships iPods infected with a windows virus. It turns out that manufacturers of removable media have to ensure antiseptic environments when they pre-load software and data on their devices. Also worth mentioning is Sony's inclusion of hidden files on USB devices that could prove useful to virus and worm writers.
US Military spy incident. A former U.S. military contractor has pleaded guilty to exceeding authorized access to a computer and aggravated identity theft after he was accused of selling names and Social Security numbers of 17,000 military employees, the U.S. Department of Justice said. Price $500.
USB Candy Drop. A Security investigator dropped 20 Trojan carrying USB thumb drives in a Credit Union Parking Lot. According to his report 'Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers' within three days.
New Zealand man buys MP3 player with US military data. ONE News has gained access to the personal files of American soldiers, uncovering military secrets from the most powerful nation in the world.
Indian Spy Incident. A CIA operative 'Rosanne Minchew, third secretary in the US embassy in Delhi' reportedly paid $50,000 for a USB device loaded with Indian secret information. Note that the CIA pays considerably more for information than other agencies (see above).
Countrywide theft of 2 million records. 'For more than two years, the employee was able to steal up to 20,000 records a time by copying files from the corporate network to a USB flash drive.' Article.

Source: Information Security Resources - Last Updated March 2009


	contact us \| sponsorship \| careers \| terms & conditions Origin Storage Limited © 2008 All trademarks & registered trademarks are property of there respective owners. (O&OE)