The Information Commissioner’s Office (ICO) has found Zurich Insurance plc in breach of the Data Protection Act after it lost an unencrypted back-up tape containing financial personal information belonging to 46,000 policy holders of Zurich Private Client, Zurich Special Risk and Zurich Business Client, which are all part of Zurich Insurance plc.
The back-up tape, which also included personal details of 1,800 third parties, was lost by a sister company, Zurich Insurance Company South Africa, during a routine transfer to a data storage centre in South Africa. The data loss occurred on 11 August 2008 although the sister company did not inform Zurich Insurance plc until over a year later. Subsequent internal investigations revealed failings in the management of security procedures involving data tapes in South Africa.
On Wednesday, Reuters reported that a new password stealing virus is working its way through the Internet targetting Facebook users.
Hackers flooded the ‘net with spam messages that are targetting Facebook’s estimated 400 million users in an attempt to steal your personal information.
The email message tells its recipients that the passwords on their Facebook account have been reset, urging them to open an attachment to obtain new login details. Consider IT warns all readers NEVER to open unknown attachments!
A Facebook spokesman said the company could not comment on the specific case, but pointed to a status update the company posted on its website earlier on Wednesday. This update warned users about the illicit email and advises users to delete it immediately.
The Information Commissioner’s Office (ICO) has found that the Royal London Mutual Insurance Society breached the Data Protection Act (DPA) after eight laptops, two of which contained the personal details of 2,135 people, were stolen from the company’s Edinburgh offices. The individuals affected were employees of various firms which had sought pension scheme illustrations.
The two laptops containing personal information were unencrypted but were password protected. An internal report established that the company was uncertain about the precise location of the laptops at any given time and that physical security measures were inadequate. The report also revealed that managers were not aware that personal information was stored on any of the laptops, which meant no additional precautions to control and secure the data had been taken.
Facebook users have been warned that a “who viewed my profile” application is indeed a scam and does not genuinely show you who has looked at your profile at all.
Rik Ferguson, a senior security consultant at Trend Micro, warns he has already identified 25 different copies of the same rogue app but using different monikers such as peeppeep-pro, profile-check-online and stalk-my-profile.
Some of the Facebook Applications even offer a photo montage of the aleged visitors to your profile – these are fake and it simply randomly selects a group of your known friends and shows them in the image.
“The app itself is designed to look convincing enough, but none of the many ‘Continue’ buttons it offers will activate some under-the-counter profile checking functionality – they will just push you into another Facebook app earning the scammer advertising revenue in the process,” Ferguson explains in a blog post containing screenshots illustrating the scam, which resurfaced over the weekend.
WordPress were alerted to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2.
If you use our WordPress Management service, your WordPress website will be updated this week. If not, simply log in to your wp-admin login area and click Upgrade WordPress.
The Information Commissioner’s Office (ICO) is reminding charities that personal information must be handled securely after finding the Alzheimer’s Society in breach of the Data Protection Act.
One of the unencrypted laptops contained personal details including names, addresses, national insurance numbers and salary details for about 1,000 staff across England, Wales and Northern Ireland.
Sally-anne Poole, Head of Investigations at the ICO, said: “A thousand staff members’ details were stored on unencrypted laptops. This is unacceptable; portable devices must be encrypted if they are used to store personal information. It is vital that all organisations ensure personal information is handled securely and that appropriate staff have adequate training in this area.”
Are your laptops encrypted? Find out more about encryption services.
The Information Commissioner’s Office (ICO) has found Northern Ireland’s Department of Finance and Personnel in breach of the Data Protection Act after approximately 37,000 people’s personal details were stolen. Stephen Peover, the Permanent Secretary at the Department of Finance and Personnel, has signed a formal Undertaking to improve data security.
The ICO, the UK’s privacy watchdog, understands that some of the 37,000 records contained sensitive personal information. The details included payroll, employment and health data, although not all records contained these categories of information. Approximately 900 records contained bank details. The Department of Finance and Personnel informed the ICO that 12 of its laptops had been stolen and that two of these contained personal information. The laptops were secured to desks or stored in locked cabinets.
The Information Commissioner’s Office (ICO) has found Shropshire Council in breach of the Data Protection Act following the loss of an unencrypted memory stick containing sensitive information relating to a large number of adult social care clients and members of staff.
The memory stick, which contained a social care management database including sensitive health information, was lost during a postal transfer from the council’s office to a contractor in Cardiff. The ICO has established that the memory stick also contained records that were excessive for their purpose and out of date.
Mick Gorrill, Assistant Information Commissioner, said: “It is essential that organisations ensure the correct safeguards are in place when storing and transferring personal information, especially when it relates to such sensitive issues Information must be kept safe, secure and up to date – these are important”
If your business uses sensitive data (Clients or employees), then you need to be sure your data is safe.
Christmas is a fantastic time of the year, but it’s also a fantastic time of the year for fraudsters and criminals. Websites spring up online enticing you to buy products at extremely low prices, they look too good to be true, and they usually are! Last year, between 1st October and 31st December a record £15.2bn was spent online.
Follow our 7 tips to keep safe this Christmas:
1. Check the company’s telephone number
Not all online retailers will have one, but most reputable ones will have a telephone number visible on their site. If they don’t, be suspicous.
