AT&T is about to pay heavily for a data breach which saw a wealth of personal data stolen and sold from some of its call centers last year. The FCC has fined the network $25 million for the breach, and said it would “not stand idly by when a carrier’s lax data security practices expose personal information.” The breaches in question happened at AT&T’s call centers located in Mexico, Colombia, and the Philippines, and involved personal data related to nearly 280,000 people. The information accessed included Social Security numbers, names, and other account data.According to the FCC’s report, the primary breach was a lengthy operation spanning 168 days at AT&T’s Mexico call center, where three employees illegally accessed nearly 70,000 accounts. What did they want with all this information? Apparently, two of the employees confessed they were selling the data to a shadowy group or person known only as El Pelon, which is apparently slang for … [Read more...] about How stolen data sold to a bald guy landed AT&T with record-breaking $25 million FCC fine
Data security compliance
With online sales surpassing US$100 billion last year and continuing to grow at double-digit rates, retailers are seeing greater profitability with their online operations. With this good fortune comes the added burden of protecting the personal data of customers.As the list of regulations coming from federal and state agencies grows, companies are struggling with compliance. The importance of compliance with online standards to avoid litigation, brand erosion and negative publicity cannot be underestimated.Protection from fraud and the misuse of confidential data are at the forefront everyone's mind when it comes to shopping online. According to a recent InformationWeek survey, four out of five business and technology executives said that regulatory compliance is a distraction and that just tracking whether their organizations have met compliance goals is a big challenge.So just how well are the top retailers doing in handling the personal information of online users?I scanned the top … [Read more...] about INDUSTRY ANALYSIS Retail Sites, Personal Information and Data Security
When it comes to properly managing and protecting critical enterprise data and information resources, Corporate America is stuck between two strongly opposing forces.The U.S. is world "cyber-crime" headquarters (followed closely by the UK), according to the Internet Crime Complaint Center (IC3) 2007 Internet Crime Report. The term cyber-crime refers to criminal activity in which computers and networks like the public Internet play an essential part in the lawbreaking. Americans reported losses of US$240 million from global cyber-crime in 2007, a $40 million increase from 2006, the April 2008 IC3 report states.The IC3 received 206,884 complaints of online fraud in 2007. Cyber-criminal activities include accounting fraud, identity theft, malicious software, data breaches, espionage, sabotage and newly minted esoteric misdeeds such as thumbsucking, podslurping, bluesnarfing and much, much more.In an effort to stem the tide of cyber-crime -- or at least compel the business world to be more … [Read more...] about The Art of Data Management Compliance, Part 1: Keeping Pace
The recent data breach at Premera Blue Cross -- in which the personal information of some 11 million customers was compromised -- raises questions about how effective government regulators are at ensuring that healthcare providers adequately protect their patients' data.There have been abundant warnings that compliance with government regulations alone would not be adequate to protect companies from the kinds of cyberthreats the world faces today. However, Premera learned that lesson the hard way.Auditors with the U.S. Office of Personal Management in January 2014 recommended that Premera address two areas of system administration: more timely installation of software patches and upgrades; and creation of configuration baselines so it could effectively audit its server and database security settings.However, those weren't very serious deficiencies in the minds of the auditors, who wrote in their final report released in November, that "nothing came to our attention that caused us to … [Read more...] about SPOTLIGHT ON SECURITY Compliance Mindset Can Lead to Epic Security Fail
In an effort to beef up internal controls and data security, service organizations have sought out SAS 70 reports to demonstrate their level of compliance. When businesses choose to outsource critical processes, the SAS 70 (Statement of Auditing Standards No. 70) helps them assess and select potential providers. This assessment tool can help users identify risks related to financial fraud and data security.At one point, having these audits done was thought of as a differentiator; now, acquiring them is almost essential.The focus on internal controls isn't new. The first standard, SAS 55, ("Consideration of the Internal Control Structure in a Financial Statement Audit") was issued in 1988 and required that financial statement auditors assess the internal controls related to any process that might have an impact on their client's financial reporting.This created a nightmare for third-party providers. It meant that an outsourcing company providing payroll services to hundreds of … [Read more...] about EXPERT ADVICE Data Security in an Outsourced World: Who Needs a SAS 70?
2009 was the first year since 2005 that the number of data breach incidents recorded actually dropped. If that makes you feel a little more secure -- there is a counter side. The same site reports on personal records that have been exposed: 220 million records in 2009 as compared with 35 million in 2008.There are two important trends to note here. First, technology advancements (and simplifications) have made breaches increasingly difficult. Second, there is the people side of the equation. In some cases, the small entry errors involved in large-scale breaches are more difficult to manage than the technology issues.With a poor economic state and online shopping becoming a necessary tool for tough times, merchant readiness for handling confidential data -- both on the technology and people front -- is critical for a successful online presence.As the new year unfolds, it is important to review the lessons learned from 2009 and reflect on how we can use past trends to correct and innovate … [Read more...] about EXPERT ADVICE E-Commerce Data Security 2010: Learning From 2009’s Debacles
In the wake of a string of high profile data breaches reported by banks, retailers and credit card companies, a U.S. House panel on Thursday approved a bill drafted to protect consumers from identity theft and credit card fraud.The House Financial Services Committee cleared the Financial Data Protect Act of 2005, which spells out requirements for companies to investigate breaches and notify law enforcement and consumers. The law seeks to ease compliance for the financial industry by setting a national standard for data security that overrides state notification and credit freeze laws.Democrats are criticizing the bill, claiming it erodes essential protections that allow consumers to prevent identity thieves from opening credit accounts in their names and require companies to inform consumers when their personal data have become compromised. Meanwhile, privacy lawyers and information security companies are beginning to weigh in on the potential ramifications of this pending … [Read more...] about Data Security Bill Sparks Privacy, Technological Concerns
In today's Internet-driven world of business, customer data -- traditionally the lifeblood of any enterprise -- takes on a new and frightening importance.On the one hand, businesses have to provide partners, staff and contractors access to data; on the other, they have to ensure that data does not get lost by accident -- or stolen.Meanwhile, they have to also cope with the threat of data breaches by organized gangs of cybercriminals who target data in the enterprise.The computer industry has come up with various proposed solutions, all around one main theme: identity management. Know who's in your network and why they're in there. Then you can control access to your applications and data.From January through May 19 of this year, almost 262 million records containing personal information were allowed to be compromised by U.S. firms, according to Privacy Rights Clearinghouse. In reality, though, that number could be higher -- the Privacy Rights Clearinghouse admits its list is not … [Read more...] about Data Security’s $64 Billion Question: Who Are You?
Identity theft, a cyber-crime causing inestimable damage for scores of ordinary citizens, has prompted passage of the federal FACT Act Identity Theft Red Flags Rule, issued this year. Part of the 2003 Fair and Accurate Credit Transactions Act, the rule aims to combat the scourge of identity theft, which each year victimizes 8.3 million Americans for a total of US$15.6 billion in losses, according to the Federal Trade Commission.The impact of the rule is broad, impacting banks, credit unions, mortgage lenders, auto dealers, credit card lenders, payday lenders, landlords, utility companies, phone companies and any consumer or small business lender in the country. By Nov. 1 -- the compliance deadline -- each affected entity must perform a risk assessment and take numerous steps to develop and implement a written identity theft prevention program."The rule requires millions of businesses to perform a risk assessment, map red flags to detection and response procedures, implement an identity … [Read more...] about The Art of Data Management Compliance, Part 2: Guarding Against Theft
Data management rules and regulations have become a major concern for businesses, due in large part to increasing oversight that often requires organizations to invest in new technologies in order to address compliance issues.However, the promise of enterprise technologies as a solution to the demands of data management compliance will go unmet absent a context of sound policy and strategic planning.Part 1 of this three-part series discusses the major challenges associated with the extensive web of rules and regulations affecting data management. Part 2 discusses current security threats and outlines how companies can safeguard their networks against them."The biggest challenge for managing data is that data and processes are 'invisible' -- they're not things you can see and hold and move around in a way that you viscerally know you are managing them," Gwen Thomas, president of the Data Governance Institute (DGI), told the E-Commerce Times. "And so, we have to respond to this … [Read more...] about The Art of Data Management Compliance, Part 3: Executing Processes