posted
The rate at which personal data is being compromised, lost, or stolen at major institutions has become disturbing. It seems that no week passes without a new report of such incidents.
quote:By EMILY FREDRIX, Associated Press Writer
OMAHA, Neb. - Leading online discount broker Ameritrade Holding Corp. said Tuesday it has informed about 200,000 current and former customers that a backup computer tape containing their personal information has been lost.
The Omaha-based company mailed the notices to its clients last week, spokeswoman Donna Kush said.
The company realized the tape was missing in February, when the package it was in was damaged during shipping between vendors, Kush said. Of the four backup tapes in the package, three were found, but the fourth is still missing, she said.
Information on the tape was for people nationwide who may have been Ameritrade customers from 2000-2003, she said. The data was different for each client and may have included their Social Security numbers, among other information, Kush said.
The tapes were not marked and unless special equipment was used, the compressed data could not be extracted.
Kush said she has not heard of any misuse of the information.
"We are very confident that no harm has been done to any clients, to their accounts, to their information," Kush said.
Kush said Ameritrade did not lose the information, but rather, a third party vendor did.
The news comes as several companies have experienced their own database violations, and some thefts.
Database giant LexisNexis on Monday announced it had started alerting about 280,000 people that their personal information may have been accessed by unauthorized individuals who were using stolen passwords and IDs.
On Monday, Columbus, Ohio-based DSW Shoe Warehouse said that thieves had accessed a database with credit card records on about 1.4 million customers. The company said it has contact information for about half of those people and started sending letters notifying them of the thefts, which happened at 108 stores in 25 states between November and February.
Data broker ChoicePoint Inc., based in suburban Atlanta, said in February that information on some 145,000 consumers nationwide was taken by thieves who opened up dozens of accounts and went undetected for more than a year.
If these institutions cannot protect the their customers' personal information, perhaps, they should stop collecting such data.
Posts: 84 | Registered: Mar 2001
| IP: Logged
The problem is more pervasive than a few isolated computer networks. Even the vaunted CISCO system is not spared. Check out this New York Times article:
quote:Internet Attack Called Broad and Long Lasting by Investigators
By JOHN MARKOFF and LOWELL BERGMAN
Published: May 10, 2005
SAN FRANCISCO, May 9 - The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet.
Now federal officials and computer security investigators have acknowledged that the Cisco break-in last year was only part of a more extensive operation - involving a single intruder or a small band, apparently based in Europe - in which thousands of computer systems were similarly penetrated.
Investigators in the United States and Europe say they have spent almost a year pursuing the case involving attacks on computer systems serving the American military, NASA and research laboratories.
The break-ins exploited security holes on those systems that the authorities say have now been plugged, and beyond the Cisco theft, it is not clear how much data was taken or destroyed. Still, the case illustrates the ease with which Internet-connected computers - even those of sophisticated corporate and government networks - can be penetrated, and also the difficulty in tracing those responsible.
Government investigators and other computer experts sometimes watched helplessly while monitoring the activity, unable to secure some systems as quickly as others were found compromised.
The case remains under investigation. But attention is focused on a 16-year-old in Uppsala, Sweden, who was charged in March with breaking into university computers in his hometown. Investigators in the American break-ins ultimately traced the intrusions back to the Uppsala university network.
The F.B.I. and the Swedish police said they were working together on the case, and one F.B.I. official said efforts in Britain and other countries were aimed at identifying accomplices. "As a result of recent actions" by law enforcement, an F.B.I. statement said, "the criminal activity appears to have stopped."
The Swedish authorities are examining computer equipment confiscated from the teenager, who was released to his parents' care. The matter is being treated as a juvenile case.
Investigators who described the break-ins did so on condition that they not be identified, saying that their continuing efforts could be jeopardized if their names, or in some cases their organizations, were disclosed.
Computer experts said the break-ins did not represent a fundamentally new kind of attack. Rather, they said, the primary intruder was particularly clever in the way he organized a system for automating the theft of computer log-ins and passwords, conducting attacks through a complicated maze of computers connected to the Internet in as many as seven countries.
The intrusions were first publicly reported in April 2004 when several of the nation's supercomputer laboratories acknowledged break-ins into computers connected to the TeraGrid, a high-speed data network serving those labs, which conduct unclassified research into a range of scientific problems.
The theft of the Cisco software was discovered last May when a small team of security specialists at the supercomputer laboratories, trying to investigate the intrusions there, watched electronically as passwords to Cisco's computers were compromised.
After discovering the passwords' theft, the security officials notified Cisco officials of the potential threat. But the company's software was taken almost immediately, before the company could respond.
Shortly after being stolen last May, a portion of the Cisco programming instructions appeared on a Russian Web site. With such information, sophisticated intruders would potentially be able to compromise security on router computers of Cisco customers running the affected programs.
There is no evidence that such use has occurred. "Cisco believes that the improper publication of this information does not create increased risk to customers' networks," the company said last week.
The crucial element in the password thefts that provided access at Cisco and elsewhere was the intruder's use of a corrupted version of a standard software program, SSH. The program is used in many computer research centers for a variety of tasks, ranging from administration of remote computers to data transfer over the Internet.
The intruder probed computers for vulnerabilities that allowed the installation of the corrupted program, known as a Trojan horse, in place of the legitimate program.
The ChoicePoint incident is child's play compared with the threat to networks such as Cisco.
___________________ AJ Posts: 44 | Registered: May 2003
| IP: Logged
quote:Monday, Columbus, Ohio-based DSW Shoe Warehouse said that thieves had accessed a database with credit card records on about 1.4 million customers. The company said it has contact information for about half of those people and started sending letters notifying them of the thefts, which happened at 108 stores in 25 states between November and February
As a regular shopper and a DSW card carring member that is their 'Reward your style' card, I am worried about this development. I am yet to get any notice from them but I plan on contacting the manager of my primary store on this.
___________________ Feel me? Ofu onye ana asi unu abia go. - Ednut Igbo-American . www.airamericaradio.com visit her. Posts: 2503 | From: Mother Earth | Registered: Mar 2001
| IP: Logged
UBBFriend: Email this page to someone!
Printer-friendly view of this topic
