August 7, 2008
US home mortgage lender Countrywide has reportedly suffered insider data loss when an employee copied up to two million confidential records onto a flash drive.
For more than two years, the employee was able to steal up to 20,000 records a time by copying files from the corporate network to a USB flash drive. It is thought that target customers for the data, which included mortgage application rejects, could have included other mortgage suppliers, as well as identity theft fraudsters needing social security numbers to open bank accounts.
The suspect, who had worked as a senior financial analyst at Full Spectrum Lending, Countrywide’s subprime lending division, was arrested by the FBI on Friday, more than two years since his data theft efforts began.
February 25, 2008
Research carried out with 21 companies in the UK has revealed that the average cost of a data security breach in 2007 was £1.4 ($2.75 US) million. That equates to around £47 ($92 US) for every single record stolen or exposed.
Companies in the financial sector, which are at a higher risk of a breach, have a cost per stolen record of £55.
The Ponemon Institute, which conducted the research, estimates customer churn rates to go up by an average of 2.5 per cent after a data loss, but the worst example in the UK saw churn rates go up by seven per cent. The size of the losses examined ranged from 2,500 records to more than 125,000 and costs ranged from £84,000 to £3.8m.
January 28, 2008
Buckinghamshire Hospitals NHS Trust has suspended some methods of sending data after admitting the details of patients and staff had been copied to removable media such as CDs without encryption. The security clampdown comes after the trust reviewed more than 30 bulk transfers (50 records or more) of data.
The trust acknowledges in a report that “there is no single security measure that can be adopted to ensure that adequate control is assured”.
December 17, 2007
CSOOnline.com has released its top ten security breaches of 2007, which makes for slightly funny, hugely scary reading:
10. Monster.com and its 1.3 million customers
9. Commerce Bank of Wichita and the alleged security breach PR scam
8. Indianapolis Power and Light and 3,000 customer names, social security numbers etc
7. TSA and the case of the missing laptops
6. Shaw’s Supermarket and the social security passwords
5. Swedish Urology Group and the hard drives containing personal information (excuse the pun)
4. The Nature Conservancy and the polluted websites
3. TSA (part II), another 100,000 records lost
2. HM Revenue and Customs, 25 million records ‘in the mail’
1. TJX Maxx. No need to say more…
Get the full low-down on csoonline.com
October 26, 2007
When it comes to security fears, a new survey suggests that only a terrorist attack causes more concern than misuse of an individual’s personal data. According to the research, UK citizens are more worried about having their credit card details exposed or identities stolen than they are about being mugged or attacked.
