Friday, July 29, 2011

Data Breach Fines Racking Up in Massachusetts

Under Mass ePrivacy Law 200 CMR 17.00, Belmont Savings Bank has agreed to pay a $7,500 fine in a settlement announced in July with the Mass State Attorney General’s Office. InfoSecurity reports that the Massachusetts based bank lost 13,000 client records after an employee left an unencrypted back-up tape of the records on their company desk overnight. Bank staff theorized that the tape was dropped in the trash by the night cleanup crew, and later incinerated. Belmont Savings is the second firm to settle with the Mass Attorney General’s Office after failing to comply with the new electronic privacy regulations.

Also under Mass ePrivacy Law 200 CMR 17.00, the Boston based restaurant chain, The Briar Group, agreed in March to pay a $110,000 fine after malware diverted credit-card data from their dinner guests over an 8-month span. Regulators charged that the chain allowed employees to share common passwords, and the chain continued to accept credit cards even after it knew of the breach. The Briar Group operates Boston’s Lenox Hotel, Ned Devine’s, Parris, The Anthem Kitchen & Bar, City Bar Waterfront, The Green Briar, and City Table. The chain maintains three locations at the popular Faneuil Hall Market Place on Boston’s historic waterfront. Reported in InfoSecurity.

Just in case you missed it, back in February, Massachusetts General Hospital was fined $1M by Health and Human Services after it lost records for 192 patients being treated for infectious disease most likely including HIV. The records were left by an employee on the MBTA. And they never returned and they never returned and their fate is still unlearned. They may ride forever beneath the streets of Boston, they’re the health records that never returned. Reported in InfoSecurity

Thursday, July 28, 2011

Game Changing Software Cracks Servers in 15 Minutes

Consider that the Russian firm Elcomsoft has developed what they dub ‘password recovery assistance' software that with a single beefed-up PC can accelerate a brute force or rainbow password attack routine by up to 20,000 times. At this level of brute-force attack, according to reporting in InfoSecurity, it only takes around 15 minutes to crack an admin password on a typical server. So when did Elcomsoft release this game changing approach? Answer: 2009.

Keep all that in mind and consider that earlier this year, cloud security firm, Trend Micro, commissioned a survey of 1200 enterprise IT decision makers (in the U.S., UK, Germany, India, Canada and Japan) and found that 43% experienced security lapses in the cloud within the last 12 months. 10% of respondents had active cloud based projects in production, nearly half had cloud based projects in the works. But the same survey, according to InfoSecurity, forecasts a 5X growth in cloud computing over the next few years. Trend Micro produces security software designed for cloud server management to prevent data theft, business disruptions, and compliance violations with server security for virtualized datacenters. Conclusion: either the cloud will need this new level of security software, or it's already out of date.