October 27, 2006
Strathclyde Police in Scotland today claimed that at least one in ten call centers in and around Glasgow has been infiltrated by criminal gangs seeking access to personal and financial data records. The call center industry is one of Glasgow’s biggest employers, with around 18,000 employees.
Detective Chief Inspector Dere Robertson told the BBC: “We know of organised crime groups who are placing people within the call centres so that they can steal customers’ data and carry out fraud and money laundering… And of course you have the disgruntled employee who may turn their hand to fraud just to benefit themselves.”
Unions have cited poor wages and high staff turnovers as the major security risks to call centers - prompting fears that with an average salary of £14,000 / $26,400, staff are more likely to be tempted to earn extra cash by selling-on information.
The FBI is investigating a worker from the Los Alamos National Laboratory as the possible source of classified information from the nuclear-weapons facility discovered during the arrest of a New Mexico man on drug charges. Jessica Quintana was questioned after Los Alamos police found classified nuclear data on three USB flash drives during a search of the trailer she shares with another man who was being investigated for drug charges.
The information is believed to be classified as Secret Restricted Data which indicates it involves nuclear weapons data and may have concerned detection of underground nuclear weapons testing. Some reports are claiming that Jessica Quintana worked either in Technical Area 55 where all of the Lab’s plutonium is stored or in the X Division which handles nuclear weapons design data for a maintenance subcontractor of the Lab.
Flash drives have been banned from the Los Alamos laboratory for the past two years, yet one must wonder how this policy is actually being enforced.
In 2004 two computer disks containing confidential data went missing and one year later Los Alamos claims the disks never existed. In 1998 Wen Ho Lee was accused of stealing nuclear secrets for China, only to have the 59 counts dropped, yet Mr. Lee confessed to improper handling of restricted data.
Sources
BBC
Washington Times
Los Alamos Police Report
October 26, 2006
In the Northwest, when it rains it poors, this appears to be true with data theft as well. In addition to Federal Homeland Security employee data being stolen in Portland, recently the Port of Seattle is reporting that six computer disks containing personal information for almost 7,000 people who work at the Seattle-Tacoma Airport are now missing.
At this time they do not know if the disks were “misplace” or if they have been removed from Port property. No mention of encryption or other endpoint security measures and/or policies.
More Information
October 24, 2006
In the ongoing saga of data theft, a Sisters of St. Francis Health Services who operates 12 hospitals in Indiana and Illinois notified mre than a quarter million patients tha their Social Security number and other personal information went missing. The rhetoric is the same as usual ” we don’t think any of the 260,000 records have been improperly accessed”. An employee of a medical billing contractor copied the data onto several CDs (unencrypted of course) in July and put them in a new laptop bag to work from home, the worker exchanged to bag for a new one at the store, but forgot to remove the discs. The discs were later returned to Sisters of St. Francis Health Services three days later and they do not believe any data was stolen.
On the positive side this has led the hospital to reexamine their employee training and data handling procedures. One wonders why it takes close calls such as this for institutions and companies to reevaluate their procedures and policies. I also wonder patients were not notified until October 9th when the incident occured in July.
New research released by the Ponemon Institute suggests that the average cost of a single stolen or compromised data record now stands at $182, up from $138 in 2005. Of that total figure, around $128 is indirect cost, such as lost customers, compensation and the price of investigating the incident.
The Institute calculates that an average company suffers around $660,000 per data breach, with total costs of around $4.7 million per year for each of the 56 companies it interviewed.
