Newsletter

Redemtech in the News

Data Security News

E-waste News

Regulatory News

Social Responsibility News

Press Releases

Security News

Follow on Twitter

	Infoworld
Oil Spill Prompts Visions of Data Spills The British Petroleum offshore oil leak disaster still unfolding in the Gulf of Mexico prompts one columnist to wonder what a data leakage disaster of similar proportions would be like. “Unfortunately, the lure of potential profits in the information economy, combined with the apparent ease with which data can be gathered and a lack of regulation, creates a climate of recklessness in which a ‘data spill’ of the scale of the Deepwater Horizon incident seems not just likely, but inevitable,” he concludes.

	Federal Computer Week
VA Forced to Defend its Data Protection Practices The U.S. Veterans Administration came under verbal attack by a House of Representatives committee for failing to take the proper steps to prevent two recent breaches in Texas of veterans’ medical data. To prevent similar future breaches, told the VA’s assistant secretary for information and technology, Roger Baker, told the subcommittee that the agency is auditing all other contracts involving private patient data.

	Enterprise Networking Planet
Don’t Forget to Protect Your End Points In this column about ten ways to protect your network against insider threats, we especially liked this one: “Implement end point data leak protection. Fifty-nine percent of staff that lose their jobs take confidential corporate information with them on a DVD or USB drive, according to the Ponemon Institute. End point security systems aim to restrict what portable storage devices can be used, and by whom, and to monitor what information is copied. Such systems can be useful in making it harder to copy information maliciously without being detected, but can't prevent a trusted insider with authority to copy data from doing so maliciously.”

	Search Security
Growing Angst Over Security of Cloud Computing IT professionals are fearful that sensitive data might fall into the wrong hands if cloud-based services are used by their organizations, even as the risks are being ignored by some employees who are already using cloud computing. That’s according to a new survey by the Ponemon Institute. Among the key findings: More than half of those surveyed in the U.S. said their organization is unaware of all the cloud services deployed in their enterprise.

	Infoworld
More Malicious Attacks Come From Within Than From Outside While most of the emphasis on preventing data breaches tends to focus on foiling outsiders, the majority of such malicious attacks actually come from within an organization. Says this writer: “To be honest, I had thought that disgruntled or fired admins pose more of a threat, but it turns out that regular employees are enjoying digital crime just as much.”

	Infosecurity
Laptop Users Need Better Encryption The steady stream of advances in brute force encryption techniques means laptop users need to continue to raise their game in protecting themselves through better encryption of data, according to one expert. As cybercriminals get smarter about cracking codes and gain access to increasing amounts of computing power to do so, those protecting against such threats must grow more sophisticated in their defenses.

	WLS
Patients' Medical Records Stolen at Suburban Chicago Company Patient healthcare records for 180,111 people were on a portable hard drive stolen in February from Millennium Medical Management Resources in Westmont, Ill., near Chicago, which manages emergency healthcare physician billing, it was reported this week. The breach affects patients who were treated between 2003 and 2006. The number of people impacted by the breach was reported by the Open Security Foundation.

	Dark Reading
Healthcare Not Up to Securing EMRs, Experts Say As the adoption of electronic medical records (EMR) accelerates, experts say healthcare organizations must effectively address data protection in the transition from paper to digital record-keeping. Industry observers say that larger healthcare organizations with already established databases tend to be far behind counterparts in other industries in regard to how they secure data. A poll recently released by Javelin Research found that fraud based on exposure to health data rose from 3% to 7% between 2008 and 2009.

	Orange County Register
St. Jude Patients' Data Stolen on Computers Five computers containing personal health data on 22,000 patients were stolen from St. Jude Heritage Medical Group in Fullerton, Calif. Unencrypted patient information included Social Security numbers, birth dates and diagnoses, according to the healthcare provider. Police officials said 22 computers were stolen, with five containing patient health records.

	Help Net Security
Perception of Data Security at Odds with Reality According to findings of an Accenture global study, nearly three-quarters of organizations believe they have adequate policies in place to protect sensitive, personal information, yet more than half have lost sensitive data within the past two years and nearly 60% of those organizations acknowledge data loss as a recurring problem. While 70% of survey respondents agreed that organizations have an obligation to take reasonable steps to secure consumers’ personal information, there are discrepancies in their commitments for doing so.

	Dark Reading
Costs of Data Breaches Much Higher in U.S. Than in Other Countries, Study Says A data breach in the U.S. could cost a business twice as much as the same breach costs companies in other countries with less stringent disclosure and notification laws, according to a study published Wednesday by the Ponemon Institute. The study examined data breach costs from the U.S., the UK, Germany, France and Australia by components such as detection, escalation, notification, post-breach response and customer churn. The loss of customers and the scramble to replace them following a breach was found to be typically the highest cost, accounting for 44% of breach costs worldwide, but accounted for 66% of U.S. breach costs.

	Information Week
Medical Records Continue to Be Dumped Even in the face of new federal guidelines tightening security on confidential medical records, crude breaches continue to occur at an alarming rate. A physical therapy practice in Monticello, New York that had been evicted from its offices dumped 15 boxes of medical records containing private patient information in the trash. A clerk in a nearby retail store noticed them and apparently alerted officials.

	OneMedPlace
Providers May Be Overconfident in Data Security, Report Finds Healthcare organizations may fret over hackers stealing electronic health information, but a new report reveals that the majority of data breaches actually result from theft and carelessness. A stolen laptop, a forgotten mobile device, or improperly disposed documents can be as devastating to data security as an unprotected network. Since January 2008, more than 110 healthcare organizations have reported data loss incidents, with 46% of the incidents caused by theft and 24% resulting from loss or negligence.

	Honolulu Advertiser
Blood Donor ID Data Stolen A laptop computer containing confidential personal information for nearly 40,000 blood donors was stolen in a burglary last month from the Blood Bank of Hawaii headquarters in Honolulu. Data on the laptop included names, birth dates, partial Social Security numbers and donation information. The laptop also included "deferred donor" data, which covers people who cannot donate blood because of medical issues and those who are temporarily prohibited from donating.

	Newswise
Massachusetts Eye and Ear Alerts Patients to Laptop Theft and Data Breach A laptop computer containing health and demographic information of more than 3,500 patients was stolen in February from a neurologist affiliated with the Massachusetts Eye and Ear Infirmary, the healthcare group revealed this week. Additional information on the laptop included names, addresses, birth dates, medical record numbers, email addresses and some pharmacy insurance account numbers.

	Databreaches.net
Yet Another Laptop Stolen from a Car Puts Employee Data at Risk A laptop computer containing names and Social Security numbers of Lam Research North America employees was stolen from an employee’s car in March, according to a letter sent to the New Hampshire Attorney General’s Office that was obtained by Databreaches.net. There was no indication in the letter as to whether the employee who left the laptop in the vehicle had violated company policy or was disciplined for the breach, according to the website.

	Security Management
Ponemon Study Finds Cost of Data Breaches Rose Again The cost of a data breach rose again in 2009, according to an annual U.S. Cost of a Data Breach Study from the Ponemon Institute, which found that the average lost record cost companies $204 last year, while the total average cost of a breach to a business was $6.75 million. The year’s cost is about 60% higher than five years ago, according to the study, which looked at 45 companies that suffered a data breach.

	Chattanooga Times Free Press
BlueCross BlueShield of Tennessee Theft Alert Widens Personal information for nearly 1 million BlueCross BlueShield of Tennessee members was included on 57 computer hard drives stolen last October, according to a new company report. The Chattanooga-based health insurer said it is contacting another 447,549 customers to alert them that their identities may have been jeopardized by the data theft, nearly doubling the number of BlueCross members already notified.

	San Francisco Chronicle
Laptops with Medical Data Stolen Two unencrypted laptop computers containing sensitive patient health information regarding 5,450 people recently were reported stolen from the John Muir Physician Network Perinatal Office in Walnut Creek, Calif. Laptops are increasingly viewed as inviting targets for thieves, according to the Ponemon Institute, which studies data security issues.

	Network World
Data Loss a Mystery for Many Businesses According to new research, many security executives admit that they are only able to determine if personally identifiable information was compromised in a data security breach if they had full disk encryption on all laptops. A total of 59% of study respondents said they could not determine if data was lost in cases of missing laptops. Despite increased awareness of penalties and the damage that losing personal data can do to corporate reputations, executives apparently are becoming less certain that they can figure out if personal data has been compromised when corporate laptops are lost or stolen, the TheInfoPro study found.

	MarketWatch
Healthcare Industry Continues to Overlook Critical Gaps in Data Security Healthcare providers are having difficulty adequately securing patient data in a rapidly changing landscape, a new report claims. Healthcare organizations are demonstrating increased awareness of the state of patient data security as a result of heightened regulatory activity and increased compliance, the study found, but appear to overlook the growing risk and escalating costs associated with a data breach. The number of healthcare organizations that reported a data breach increased by 6% in 2010 to 19% of total respondents.

	Macon Telegram
Reduce Harm Done by Data Breach Data breaches occurring in the business sector increased to 41% of all breaches in 2009 from the previous year, according to the Identity Theft Resource Center. Whether a breach is the result of an employee error or a malicious act, resolving a data incident can be costly to a business, not only because of the time and energy spent resolving the issue, but also due to the number of customers whose trust was lost. According to a Ponemon Institute study, data breach incidents cost U.S. companies $204 per compromised customer record.

	Minneapolis Star-Tribune
Portable Media Theft Hits 3.3 Million College Students ECMC, which processes federal student loans, reported that portable media containing personal data on about 3.3 million people nationwide was been stolen during a burglary at its Minnesota headquarters. The data includes names, addresses, Social Security numbers and birth dates, officials confirmed, amounting to what could be one of the biggest cases of student identity theft in the U.S., affecting 5% of all students with federal loans.

	ExecutiveGov
10 Health IT Security Breaches A hard drive theft at Blue Cross Blue Shield of Tennessee affecting 500,000 people and a laptop theft at AvMed, Inc., a Florida-based health plan, impacting 359,000 individuals, made the list of breaches of unsecured protected health information that were reported to the Health and Human Services secretary per accordance with the HITECH Act. The secretary must post a list of health information breaches affecting 500 or more. Also on the list were a Detroit Department of Health and Wellness Promotion theft of portable electronic devices that affected 10,000 people and a laptop theft affecting 7,300 individuals at the medical center at University of California in San Francisco.

	Internet Evolution
Data Protection Lands on Executives' Radar A new study from the Ponemon Institute found that 77% of C-level executives in the UK report experiencing some sort of data breach during the past year, demonstrating a shift in awareness and attitude among executives. They no longer view data protection as just a technical issue, but one that strikes at business reputation and brand, customer trust and compliance with laws for data handling and privacy, the survey said. "Today, C-level executives believe the cost savings from investing in a data protection program is substantially higher than the estimated value of recovering from a breach," said Larry Ponemon, chairman.

	eSecurity Planet
Purloined PC Results in Data Theft for Thousands of Students A desktop computer containing the names and Social Security numbers of 7,174 current and former Vanderbilt University undergraduate and graduate students reportedly was stolen from a professor's office last month. Vanderbilt officials have subsequently advised professors to discontinue the practice of storing linked student names and Social Security numbers on their computers.

	Beaufort Gazette and Island Packet
USCB Warns Alumni Personal Info Might Have Been Stolen with Laptop Personal information, including names and Social Security numbers, of 480 former University of South Carolina Beaufort students may have been on a university laptop stolen last month. University officials said the computer, which belonged to the Office of Housing and Residence Life, was stolen Feb. 6 from a staff member working from a relative's home in the Atlanta area.

	Tech News World
Why Stop With Laptop Encryption? An IT security consultant wonders why most of the attention on data encryption seems to be directed only toward laptops. “If you're going to the time and energy to deploy a data protection solution, and that same solution provides technology that will encrypt of data at rest in other contexts (for example, in servers, smartphones, jumpdrives, etc.), why not leverage the technology for the other areas in your enterprise where data could get lost/stolen?”

	Insurance Journal
Insurance Coverage for Data Leakage With the rise of data leakage incidents and the ever-more stringent regulatory requirements obligating companies to protect private data, it was inevitable: insurance coverage for data breaches. The magazines notes one insurance carrier that has begun offering such policies. Coverage of up to $20 million is now available, the publication reports.

	Federal Times
Possible New Data Breach at the VA The Veterans Affairs Department is investigating reports that a low-level employee in Atlanta seriously compromised data privacy regulations by storing private patient information on a personal laptop. Four years ago, a data analyst for the same agency downloaded 26.5 million records onto his laptop. It was later stolen, though eventually recovered.

	Help Net Security
Study Shows Laptop Encryption Has Severe Limitations The Ponemon Institute’s annual study on laptop encryption found that human resistance to the tools continues to be the biggest hurdle to securing data on laptops through encryption solutions.“ Despite the best efforts of IT departments, business managers continue to disengage, or turn off, their laptops' encryption solution - exposing company information to thieves should the computer go missing.” This year’s expanded study included input from six countries, including the U.S.

	eSecurityPlanet
Study Shows Cyber Attacks Are a Universal Concern An annual study on enterprise IT security found that 100% of the more than 2,000 companies and government agencies surveyed in 27 countries suffered some kind of malicious cyber attack in 2009. On average, the entities spent about $2 million on IT security. But not a word about the source of the majority of data loss–failures in off-network security.

	Tech News World
“Alarming Gap” Between Data Security & Vulnerability With the ever-mounting increase of sensitive data being shared around the globe and the always-increasing regulatory requirements that it be handled securely, “there is often a significant and alarming gap between perceived security and real vulnerability,” one software executive writes. He adds: “organizations that rely on the safe transfer of data can't make assumptions about the security or manageability of traditional vehicles, especially those that can't be easily tracked and audited.”

	Internet News
Missing Hard Drive Puts National Guardsmen Data at Risk Tens of thousands of Arkansas National Guard soldiers have become the latest victims of a data security breach at a military base after an unencrypted external hard drive was discovered missing last month. The single file contained information on all those who served in the unit over the last 19 years.

	Computer World
The Endless Search for Data Leakage Software Solutions A corporate IT security manager notes in his journal that despite his best efforts to police his company’s IT network to prevent data leakage, the number of possible access points foils him every time. “We don't have 100% coverage of every egress point in the organization.” And yet he continues to hope—vainly, in our view—that finding the right software from the right vendor will finally fix the problem.

	CNet
Study Quantifies Victims of Medically Related Identity Theft Just as a new federal law raises the bar on protecting private patient data, a new study helps quantify the number of Americans that have been hit with medically related identity theft. “About 9 percent of U.S. adults have been victims of identity fraud and, of those, nearly 6 percent are estimated to have been victims of medical-related identity fraud, which translates to 1.4 million people, according to survey results and population extrapolations from the National Study on Medical Identity Theft report from the Ponemon Institute.”

	E Security Planet
Large Financial Firms Still Too Casual About Data Security Even though they’re among the top targets of hackers, large financial firms are far too casual about their data security, according to a new report by the Ponemon Institute. The findings are from a survey of top security officials at 80 large firms. “According to the Ponemon study, many financial services firms, which are prime targets for cyber criminals, don't take some of the basic precautions to protect their information storehouses. For instance, 88 percent of the companies surveyed said they still use Social Security numbers as their primary identifier. Just 47 percent of the companies said they have intrusion detection systems in place, while only 56 percent said they implemented identity compliance procedures.”

	SC Magazine
Lots of Companies Still Hesitant to Report Data Breaches A U.S. Justice Department official responsible for prosecuting criminals involved in data breaches told the annual RSA security conference that too many corporate victims of data breaches still refuse to report the crimes to the proper officials. “Despite the importance of internal data to prosecutors, many companies are still hesitant to call in law enforcement after a breach. Peretti said that the amount of reports the DOJs receives over data breaches is believed to be a small fraction of all instances. ‘There is always the fear law enforcement is going to rush in and disrupt the business, but I've never seen that happen,’ she said.”

	Computer World
New Report on Widespread Medical Identity Theft A new study suggests that nearly 6% of Americans have, at one time or another, been victims of medical identity theft. The report, by the Ponemon Institute, puts the average cost per victim at just over $20,000.

	Network World
Report: Hackers Eclipsed Lost Laptops as Top Cause of Data Loss in ‘09 Hackers were the single biggest cause of publicly reported data breaches in 2009, according to a new report by the Identity Theft Resource Center. In the two previous years, the top cause was so-called “data on the move,” typically lost or stolen laptops. On the other hand, the number of data breaches reported publicly are widely believed to be just a small percentage of those that actually occurred.

	Tech News World
Making Security Data-Driven The magazine makes the perfectly logical argument that a good metrics program can give IT security professionals a different way to talk to senior management about the progress they're making on meeting internal business and security objectives. “Rather than talking about security like it's some dark art form, make it a data-driven science.”

	CIO Magazine
Five Mistakes in Locking Down Data The magazine outlines five key mistakes organizations tend to make in the rush to better secure their data and meet mounting compliance pressures. Among those it mentions: going overboard in banning removable storage devices. “In an effort to keep top-secret data from leaving the company on USB sticks, for example, a company may decide to block off every USB port in the path of employees. Jeffrey Barto, a bank security director based in New York, cited this example and said there are much more sensible measures to be had, like tightening the rules on what employees can store on USB sticks and closely monitoring usage to ensure the rules are being followed.”

	American Medical News
AMA Reminds Docs of Threat From Data Loss The American Medical Association’s main news organ reminds doctors that one of the chief threats to their practice comes from leakage of private patient information, and that it typically happens not because of a hacker, but due to simple forgetfulness. “As technology becomes smaller and more portable, it becomes easier to lose. Surveys from a data protection solutions company in 2009 found that in a six-month period, 12,500 mobile devices were left in taxis, and 4,500 USB memory sticks were left in pockets of pants sent to dry cleaners.”

	Information Week
Data-Centric Security Should be the Goal As the debate rages in the IT security community about the best way to crack down on mounting incidents of data leakage, the magazine’s reader survey suggests the most promising path. “We think the only sane response for IT is to adopt a security strategy that's focused on protecting both structured and unstructured data when it's in use by customers or employees, as it rests on network file systems, and as it traverses the LAN or leaves the corporate boundary.” Merely protecting devices, says one university data official, “doesn’t scale.”

	Wired
U.S. Military Revokes Ban on Thumb Drives The U.S. Central Command has removed an earlier ban on American military personnel using thumb drives, CDs and other removable data storage devices in the military data network. The prohibition was originally introduced in November 2008, amid concerns about the impact from a particularly bad computer virus. The revocation appears to be a bow to reality. “StratCom simply does not have the support to enforce such a ban indefinitely,” an anonymous insider told the magazine.

	New York Times
Added Caution is in Order While Traveling It’s hard enough to be adequately mindful of data security while working at home or the office, but too many people forget all about information security while traveling, the paper notes. Thefts of laptops at airports are a notorious source of data leakage among travelers, the paper adds, citing a 2008 study of more than a hundred airports by the Ponemon Institute.

	Info Security
One-Third of Laptops Stolen in the U.K. Are From Homes Though we often focus on laptop thefts in the workplace or while traveling, a new report suggests that the home front is also a leading venue for thefts of laptops bearing precious private information. At least that’s case in the United Kingdom, where, according to the study, 32% of stolen laptops happened at home. That compares to a rate of 17% in the U.S.


Redemtech Offers Free Regulatory Database Online library helps companies navigate the ever-changing legislative landscape – and guard against liabilities for data privacy, electronics disposal and financial transparency.

	Fierce Health IT
Healthcare Data Security Staffs Now on High Alert With state attorneys general newly empowered to enforce HIPAA privacy regulations and the healthcare industry being the target of a disproportionate share of data breaches, CIOs and others responsible for protecting data privacy have all the headaches they can handle these days. But some in the industry actually welcome the extra attention as a motivator.

	SC Magazine
Data Security Has Become Hot Political Topic As data security becomes an issue nearer the top of political concerns, some of the newer laws are leaving professionals scratching their heads on how best to comply. At least that was the position espoused by one British security consultant in a recent conference keynote speech. He noted that these laws are now in what might be called their third cycle since 2003, when California passed the world’s first data breach notification law.

	Lewiston Sun Journal
Paper Says Maine Needs to do Better on Breach Notifications After its own staff investigation found that more than 24,000 Mainers have had their personal e-information compromised in more than 200 corporate security breaches since April 2008, the Lewiston Sun Journal editorial board called for increased state attention to wider breach notifications. “We were struck by how inaccessible this information is in the digital age. Consumers who are the subject of an e-breach are alerted, but there is no general public alarm about how widespread or creative these breaches can be, which makes it difficult for others to respond to protect their own personal information.”

	Inside Tucson Business
Better Business Bureau Helps Small Biz Secure Data In an apparent sign of the times, data security has become such a common concern even at the grassroots level, that the Better Business Bureau has begun offering guidance to small businesses on how to better secure their information. The national program, mounted in conjunction with two security experts, comes in the wake of a recent report by Visa, which found that 85% of data breaches take place in smaller organizations.

	Government Technology
Reward Offered for Missing National Archives Data The National Archives and Records Administration is offering a $50,000 reward for information leading to the recovery of a missing external drive containing copies of personal data -- including Social Security numbers -- of former Bill Clinton administration staffers and people who contacted or visited the White House during the Clinton era. One of former Vice President Al Gore's three daughters is among those affected. The drive was being used as a copy of the originals.

	Information Week
House Passes Bill on Tougher Cybersecurity The U.S. House of Representatives has passed the Cybersecurity Enhancement Act of 2009, the first major cybersecurity legislation to pass a house of Congress. Among other provisions, it mandates standards for storing personal information on computers systems. Too bad the bill doesn’t seem to include any provisions for enhancing off-network security, which is one of the leading sources of data breaches, studies show.

	Forbes
Hotels are the New Favorite Target for Hackers A new report by a prominent data breach investigator and IT security firm says hotels are the hot new target for hackers looking to breached security. According to the report, their favorite way in is not through the central network, but by attacking less-secure point-of-sale venues.

	FindLaw Legal Technology
The Legal Costs of Data Breaches The Ponemon Institute’s fifth annual study on the cost of data breaches has some interesting implications for the legal profession, writes one columnist. “The study shows that companies are spending more on legal defense costs in the area of data security breaches. This has been attributed to fears of potential class actions, and other lawsuits resulting from consumer and employee data loss. In fact, companies that engage outside expertise to assist them during a data breach incident tended to have a lower $170 cost per victim than companies that do not seek outside help at $231 per victim.”

	eSecurityPlanet
Another Stolen Laptop, Another Security Breach Medical information on more than 4,000 patients has been compromised by the apparent theft of a laptop from the University of San Francisco medical school. Those whose information was compromised have been notified, since California is one of 45 states requiring such notification. This is the latest in a rash of recent security breaches at American colleges and universities.

	Smart Money
Anatomy of a Data Breach A writer for Smart Money receives a notification from her credit card provider that her personal information has been compromised in a data breach, and she wonders: how likely is it that that will lead to my identity being stolen. Her answer: not very. Still, she found the entire experience a tad unnerving.

	American Medical News
State Sues Health Insurer over Data Breach The State of Connecticut has sued California-based health insurer Health Net for a data breach that occurred as a result of missing data from a portable data drive. The January 13th lawsuit is the first action by an attorney general acting under the Health Information Technology for Economic and Clinical Health, or HITECH Act (part of the 2009 federal stimulus package) to enforce privacy laws under the Health Insurance Portability and Accountability Act.

	E-Week
New Stimulus-related Health Law Includes Breach Notifications The Health Information Technology for Economic and Clinical Health Act, passed last year as part of the federal government’s stimulus package, continues HIPAA movement toward mandating increased data privacy and encouraging electronic medical records. But it also includes new rules mandating that organizations that suffer data breaches notify the public. Until passage of this law, only 2 of the 48 states with breach notification laws included health information as a specified type of data. Now, federal law covers the entire country.

	e-Security Planet
Massive Data Leakage from Tennessee Blue Cross Up to a half million Blue Cross & Blue Shield members in Tennessee had their records compromised as the result of a theft of hard drives from a company storage locker. The bulk of the estimated 220,000 to 500,000 members affected by the data breach are Tennessee residents, but at least 500 members from another 32 states also had their data exposed in the heist. BlueCross is offering one year of free credit-monitoring services and other data management and security services from Kroll, a risk management and IT security consulting firm.

	Internet News
Hard Drive Missing from National Archives Has Data on Clintonites A hard drive either lost or stolen from the National Archives sometime in the last two years puts the personal information of more than 250,000 Clinton administration staffers, White House visitors and job applicants at risk. The data contains at least 100,000 Social Security numbers.

	Government Computer News
Nation‘s Toughest Data Security Law Soon Takes Effect The Massachusetts Data Breach Law has been labeled by security experts as the nation’s toughest. Passed in 2007, it won’t take effect until March of this year. Among other provisions, it requires that all personal information in networks be shielded by strong encryption. Unfortunately, it appears to be silent on one of the leading causes of data breaches: leakage from off-network sources.

	eWEEK
Acting Too Quickly After Data Breach Grows More Costly In its fifth-annual study of data breaches, the Ponemon Institute found that the cost of moving too quickly to repair damage from data breaches, and thus causing even more damage, is slowly rising. In its latest report, the organization found the average cost of a breach in 2009 rose to $204 per compromised record, up $2 from the previous year.

	Government Technology
Incomplete Reporting Makes Data Breaches Tougher to Stop The Identity Theft Resources Center is complaining that the lack of a single, centralized list of reported data breaches makes fighting hackers and getting a clear picture of the scope of the problem that much more difficult. The timing of their complaints seems a little strange, since a new law—the Health Information Technology for Economic and Clinical Health, or HITECH Act--for the first time makes it a federal requirement to notify the public of data breaches.

	TechNewsWorld
Are We Risking Our Digital Lives? Businesses and consumers are growing increasingly comfortable storing sensitive information on their laptop computers, external hard drives and USB flash drives, resulting in more cases of off-network data breaches. More than 600,000 laptop thefts occur annually in the U.S., resulting in an estimated $5.4 billion loss of proprietary information, according to the Ponemon Institute. That adds up to one laptop being stolen every 53 seconds.

	Government Technology
Incomplete Data Breach Reporting Makes Tracking Tough, Organization Says When businesses and organizations aren't up front about data security incidents, it makes it difficult to accurately track the number of people impacted by a breach, according to the Identity Theft Resource Center (ITRC), an organization that collects information about data breaches from media sources and government notification lists. "Breached entities, No. 1, are afraid of the consequences. They're afraid that their reputation will be damaged, of fines they might incur, of the repercussions of a trust issue," said the ITRC’s Linda Foley. She said this trend might change if laws intervened and forced organizations to report.

	E-Commerce Times
There’s Good & Bad News on Data Breach Trends While 2009 was the first year since ‘05 that the number of data breach incidents recorded actually dropped, there is also some bad news. While there are fewer incidents, on average they’re becoming much larger. According to one calculation, 220 million records were compromised as the result of some sort of data leakage in 2009, as compared with just 35 million the previous year.

	WWMT
Theft of Goodwill Safe Raises Identity Theft Concerns Data tapes containing personal information, including names, addresses, birthdates and Social Security numbers, of thousands of former Goodwill Industries employees and participants dating back 20 years were reportedly stolen from a Goodwill store in Grand Rapids, Mich. Some of the people whose information was compromised complained that it took Goodwill almost a month to notify victims and said they were concerned about identity theft.

	InfoSecurity
Mobile Security Demand Being Driven by Encryption The number of corporate mobile devices will soar to more than 77 million units worldwide by 2014, according to a new study from Juniper Research, which also says that demand for mobile security technology is being driven by encryption in all its various forms. The report notes that the increasing value of information held on a mobile device will be a significant factor in driving the uptake of security on the corporate mobile handset.

	eWeek
How to Use Data Encryption to Secure Mobile Business Data A staggering number of enterprise mobile devices are lost or stolen annually, at a high cost to the organizations that own them, industry experts say, but solutions are available to help secure data on portable devices. It is estimated that on a weekly basis, major corporations suffer losses of 640 laptops, 1,985 USB memory sticks, 1,075 smart phones and 1,324 other devices from theft. A 2009 survey estimated that 800,000 mobile devices are stolen each year and 97% are never recovered.

	Security Dark Reading
This May be the Year for New Twist in Security Outsourcing A new report by Forrester Research predicts that IT security outsourcing will increasingly morph into what it calls co-sourcing. "Some companies employ outsourcing vendors because they want to wipe their hands clean of regulatory compliance or hand over a messy environment in the hopes that the outsourcer will be able to fix it," the report observes. But since the client will remain responsible for any security breaches anyway, clients and vendors will increasingly share the security burden through new forms of collaboration.

	Information Week
Is It Really a Good Idea to Use Specter of Data Disaster as Budget Bargaining Chip? With governmental compliance mandates on the rise throughout corporate America, more IT managers are using the prospect of disastrous and expensive data breaches as a means to win budget increases. But a columnist for Information Week wonders if that trend won’t come back to haunt them. He writes: “Does doing so move the organizational goal from obtaining a secure IT infrastructure to merely being compliant?”

	Help Net Security
Data Breaches - The Insanity Continues The Identity Theft Resource Center (ITRC) reported 498 data breaches in 2009, but noted that in more than 52% of the publicly reported breaches, no statement of the number of records exposed was provided. Consequently, it remains uncertain exactly how many total records may have been exposed due to breaches last year. ITRC said of the total breaches, only six companies reported that they had either encryption or other strong security features protecting the exposed data.

	Federal Times
More Potential Victims of Identity Theft Notified of Hard-drive Loss The National Archives and Records Administration (NARA) recently warned 150,000 more people who interacted with the Clinton administration that their personal information may be at risk after a hard drive was lost last year. The external hard drive was last seen March 24 in a processing room at the Archives' College Park, Md., office, NARA said. Data on the drive included the names and Social Security numbers of White House employees, job applicants and visitors.

	Health News Digest
Medical-Healthcare Privacy and Fraud Outlook for 2010 Security experts say 2009 was another grim year for medical privacy and data breaches regarding personally identifiable information or protected health information of millions of Americans. Many large data breaches occurred at major hospitals, health insurance providers, pharmacy retailers and managed care programs, often resulting from improper disposal or lack of destruction of physical documents, but a growing number of incidents surrounded the loss or theft of laptop computers and storage devices. Overall, medical industry data breaches affected nearly 3 million confirmed individuals throughout the U.S. last year.

	Boston Globe
Data Breaches Affect Million State Residents One million Massachusetts residents have had their credit card numbers, medical records or other personal information stolen or leaked during the past two years, according to an analysis of state records by the Boston Globe. Thousands of the incidents were first reported between June and November, including confidential data on customers of Blue Cross Blue Shield of Massachusetts, Eastern Bank, JPMorgan Chase Bank and other major institutions, documents released by state regulators revealed. The breaches occurred in a variety of forms, including theft of laptop computers and the loss of computer data tapes.

	InfoSecurity
How to Stay Mobile Whilst Keeping Sensitive Data Safe Negative publicity hurts a company’s brand image and does not help win new customers, yet many businesses actively court a negative image by handling sensitive data poorly, industry observers say. The proliferation of highly portable data storage devices such as laptop computers and USB sticks has effectively eliminated any notion of a “fixed perimeter fortification” as a tool to prevent data leaking from an organization, yet many firms still stick with a half-hearted way of defending information assets. Steps in successful data security programs include encrypting all personal data on laptops and removable media.

	Info Security
No More ‘Fixed Perimeter Fortification’ Against Data Leakage An IT security expert argues that poor information security should be the most pressing issue for company boards, after controlling cost and meeting service delivery expectations. “The proliferation of highly portable data storage devices – laptops, USB sticks, PDAs, 3G handsets – has forever changed the boundaries of where we store our data. It has effectively eliminated any notion of a 'fixed perimeter fortification' as a tool for preventing data leaking out of your organisation.”

	PC World
2009's Top 5 Data Disasters The Health Net of the Northeast Inc. lost hard drive containing seven years worth of unencrypted personal, financial and medical data on 1.5 million customers was ranked on PC World’s top five data disasters for 2009. The hard drive contained names, addresses and Social Security numbers of Health Net customers from several states, and what made the loss worse was that the company did not disclose it for nearly six months after the drive went missing.

	WBNS
More Than 850 Ohioans Affected By BlueCross Data Theft Ohio Attorney General Richard Cordray has warned that personal information belonging to 860 Ohioans may have been stolen during the theft of a hard drive from insurance company BlueCross BlueShield. The hard drive was among more than 50 hard drives with customer information, including Social Security numbers and medical records, stolen Oct. 2 from a former call center in Chattanooga, Tenn., the company said.

	U.S. Army website
Laptop Containing Personal Information about MWR Customers Stolen A laptop computer containing names and other personally identifiable information for more than 42,000 people was stolen from a Family and Morale, Welfare and Recreation (MWR) Command employee at Fort Belvoir in Virginia on Nov. 28. The Family and MWR Command operates numerous facilities at Fort Belvoir, including childcare centers, restaurants and outdoor recreation facilities. Soldiers, family members, U.S. Department of Defense employees and other authorized patrons who used an MWR facility at Fort Belvoir since 2005 may be impacted by the stolen laptop, officials said.

	Detroit Free Press
Detroit Medical Data Stolen after 2 Security Breaches Personal medical information of an estimated 10,000 people was compromised by two security breaches, Detroit city officials said, including the theft of a flash drive and a desktop computer. In one incident, a thief broke into a vehicle of a health department employee in October, stealing a flash drive with birth certificate data. In a separate incident, thieves broke into an immunization program office at the department's Herman Kiefer Health Complex in November, stealing a desktop computer containing Medicare and Medicaid flu billing information.

	BBC
UK MoD Inquiry after Laptop Stolen from Headquarters An investigation is under way after a laptop computer containing secret data was stolen from the UK Ministry of Defence (MoD) headquarters in Whitehall in late November, along with a key used to decode encrypted files. The breach is the latest in a string of thefts involving MoD laptops, prompting Shadow Defence Secretary Liam Fox to say the most recent incident was "extremely worrying."

	Security Park
Most Organizations Unable to Monitor When Users Copied or Moved Data onto Portable Devices According to new research, 38% of UK organizations were not able to monitor when users copied or moved data from their firm's IT resource onto portable devices, while 35% noted that their firms also were unable to track how data was being saved to a mobile device. Most organizations admit they do not have security solutions in place which are totally effective and almost a fifth of interviewees for the research described their current security solutions as poor, officials said.

	Torrington Register-Citizen
Was Health Net Data Breach Theft? Connecticut Attorney General Richard Blumenthal this week said new details had emerged over Health Net’s loss of a hard drive containing private personal and financial information as well as Social Security numbers of 440,000 customers in Connecticut, Arizona, California, New Jersey and New York. According to Blumenthal, Health Net hired a risk consulting company that concluded that a disk may have been stolen with two laptop computers also reported missing. “The company’s own report contradicts its sanitized story and raised additional alarms that someone took the disk,” Blumenthal said, adding that the theft has national ramifications.

	Enterprise IT Planet
You Can’t Stop Data Leakage By Guarding a Lone Access Point The magazine takes a dim view of the insufficient effort too many organizations put into protecting against data leakage. It likens most companies’ attempts to “placing a security guard at your front door with a stack of 20 pictures and you telling him not to let these people out but assume everyone else is ok. Oh, and of course, there is no guard at the back door or side entrances. It's unreasonable to believe you are going to effectively stop data from leaking at a single egress point. Look around you — chances are you will see people with mobiles and myriad technologies and routes out of the brick and mortar walls of your organization, which means they can steal data all day long and pass it out of the enterprise out of band, and there is no way you're going to know.”

	Chicago Sun-Times
Authorities Look into Break-in at Blagojevich Lawyers' Office Authorities are investigating a break-in at the Chicago offices of former Illinois Gov. Rod Blagojevich’s lawyers, where eight laptop computers used in the ex-governor’s legal case were stolen. The laptops link to a main server where sensitive material, such as tapes and transcripts that are not public, is stored, but officials on the case were not completely certain the laptops did not contain temporary files with sensitive data.

	Government Technology
Many More U.S. Government Records Compromised in 2009 than Year Ago, Report Claims Although the combined number of reported data breaches in the U.S. government and military has dropped in 2009 compared to 2008, many more records have been compromised in those breaches, according to recent figures compiled by the nonprofit Identity Theft Resource Center (ITRC). As of Dec. 1, ITRC reported 82 breaches in U.S. government and military organizations thus far this year that have compromised more than 79 million records, compared to fewer than 3 million records in 2008.

	Philadelphia Inquirer
Hospital Laptop Stolen, Data May Be Breached A Children's Hospital of Philadelphia laptop computer containing Social Security numbers and other personal information for 943 people reportedly was stolen from an employee’s car outside a home in October. The billing information on the computer was password-protected, but an analysis found it was "possible to decode the security controls on the laptop and gain access to the personal information."

	WISN
Laptop with Personal Information Stolen from Aurora St. Luke's A laptop computer reported stolen in October from Aurora St. Luke's Medical Center in Milwaukee, Wis., contained names, Social Security numbers, birth dates, diagnosis codes, medical record numbers and other personal information on about 6,400 patients, hospital officials said. "The computer was stolen from a locked office in a secure physician office building that's located adjacent to the hospital, and the computer belongs to an employee of Cogent Healthcare of Wisconsin," said Anna Hancock of Cogent Healthcare.

	Forbes
The Year of the Mega Data Breach According to the Identity Theft Resource Center, businesses and government agencies have reported 435 breaches thus far this year. The number of personal records that were exposed, such as Social Security numbers, medical records and credit card information, has skyrocketed to 220 million records so far in 2009, compared with 35 million in 2008. That represents the largest collection of lost data on record. Larry Ponemon of the Ponemon Institute said: "There's no question that more companies are using DLP and encryption tools. But there's always a human factor, and many people simply don't take these technologies seriously."

	InternetNews
Many Enterprises Clueless on Mobile Data – Study A new survey of European IT executives found that two in three companies have no idea just how much sensitive data is shared and housed on employees' mobile devices. Only 15% of survey respondents said they are "completely confident" that they would be legally protected should an employee's mobile device be lost or stolen and whatever data contained on the devices fell into the wrong person's or organization's hands.

	Silicon.com
Is Losing a Mobile Device Really Such a Big Deal? To answer the headline’s question – Yes! The dangers of losing a device or having one stolen are tremendous. It's not the loss of the device itself that matters so much, despite the capital cost for replacing the hardware. Instead it's what is on it that matters: from a corporate perspective - the biggest IT-related risk involves the loss of business-critical information. Mobile devices are capable of storing huge quantities of data, so if information is lost, either it's going to prevent the business from making money, or it's going to cost the business money to deal with the impact.

	Hartford Courant
1.5 Million Medical Files at Risk in Health Net Data Breach A portable, external hard drive with seven years of personal and medical information for about 1.5 million customers of insurance company Health Net was lost six months ago, said company officials, who only reported the breach to Connecticut state government officials this week. The hard drive contained unencrypted files with Social Security numbers as well as medical records and health information dating to 2002 for current and former customers in Connecticut, New York, New Jersey and Arizona, the company said.

	Dark Reading
Only Half of CEOs Strongly Support Data Security Efforts According to a new Ponemon Institute report, more than half of IT and security professionals worldwide believe their company's laptops and other mobile devices pose security risks to their organizations, and only half of them have CEOs who are strong advocates and supporters of data security efforts. Security and IT pros in the U.S. tend to be more pessimistic about security than their counterparts in other parts of the world, as only 40% said their CEOs were strong supporters of data security efforts, compared to 57% of UK firms and 77% of German firms. The report found 44% of U.S. companies said regulations improved their endpoint security, versus 50% in the UK and 54% in Germany.

	WSMV
Customers' Information Stolen From Blue Cross Office Blue Cross Blue Shield of Tennessee said 68 computer hard drives that contained Social Security numbers and other sensitive information for about 2 million clients were stolen from a Chattanooga office in early October. The company initially announced publicly that no personal data was contained on the hard drives, but now it is sending letters to group administrators and brokers admitting that the hard drives contained member names, ID numbers, birth dates and Social Security numbers.

	BBC
'Unacceptable' Level of Data Loss The number of incidents of loss or theft of personal data has risen to an "unacceptable" level in the past year, according to the UK Information Commissioner's Office (ICO), which reported 434 organizations suffered data security breaches during the past year, up from 277 the year before. More than 200 hospitals and 200 companies reported breaches of the Data Protection Act in that period. "Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff. Far too much personal data is still being unnecessarily downloaded from secure servers on to unencrypted laptops, USB sticks and other portable media," said deputy information commissioner David Smith.

	CreditCards.com
Identity Theft Booms, Even as Thieves Rely on Old-fashioned Methods Identity thievery has gone old school, with thieves grabbing laptops rather than sifting through electronic information to snatch personal data, said insurance company Travelers in a recent report. Even though online security and data breaches often earn front-page news headlines with their high-priced casualties, identity theft most commonly results from computer theft, according to the report.

	Federal Computer Week
NARA Admits Violating Internal Policy on Personal Information The National Archives and Records Administration violated its information security policies on two occasions by returning to vendors failed hard drives from systems containing personally identifiable information of current government employees and military veterans, according to testimony before the U.S. House Oversight and Government Reform Committee's Information Policy, Census and the National Archives Subcommittee. By agency policy, NARA is supposed to destroy defective disk drives, according to a top NARA official, who said the drives contained files on employees from NARA, the General Services Administration and the Office of Personnel Management.

	IT Business
Average Cost of a Lost Business Laptop is $49,246 Years ago when computers were fairly new, businesses were more concerned about the machines than that data they contained. Today, companies don't sweat much over the loss of hardware; the real cost of a lost laptop is in the potential or actual exposure of the data on the PC, especially if it contains customer records. The Ponemon Institute estimates the average value of a lost laptop is $49,246, much of that amount attributed to the cost of a data breach.

	New Haven Register
Laptop Theft Reveals Chain of Tax Blunders The Connecticut Department of Revenue Services’ blunders were worse than originally reported when a laptop containing the Social Security numbers of 106,000 state taxpayers was stolen in 2007, according to this editorial. A tax official had taken the laptop on a family trip to a hockey tournament, where the device was stolen from a car. According to the opinion piece, the chain of blunders continued, according to a recent report by the state attorney general and state auditors. The laptop should not have been taken from the office and the data on the laptop was not encrypted.

	Herald Scotland
Personal Details Missing After UK Rural Payments Agency Mislays Tapes The UK Secretary of State for Environment, Food and Rural Affairs said the nation’s Rural Payments Agency (RPA) has been unable since May to locate two computer back-up tapes containing bank data, addresses, passwords and security questions for more than 100,000 farmers. Officials said inventory checks earlier this year had revealed that 38 backup tapes and one CD originally were unaccounted. Farm organizations are asking why the two tapes that remain missing were not reported until now.

	SC Magazine
Data Breach Alerts Linked to Increased Risk of ID Theft According to a survey released this week by Javelin Strategy and Research, people who have received a data breach notification letter are four times more likely than others to be the victim of identity theft. About 11% of U.S. consumers have received a data breach notification letter in the past 12 months with a third of the breaches involving Social Security numbers and 15% involving ATM PINs, the survey found.

	Computerworld
CalOptima Says Data on 68,000 Members May be Compromised Several disks containing unencrypted personally identifiable data on about 68,000 members of CalOptima, a Medicaid managed healthcare plan in California, was reported missing by a vendor earlier this month. The disks reportedly included member names, home addresses, birth dates, medical procedure codes, diagnosis codes and member ID numbers, as well as an unspecified number of Social Security numbers. The loss of the disks comes amid heightened concerns about data breaches involving healthcare information.

	Times of London
Zurich Insurance Loses Personal Data of Thousands of Customers Zurich Insurance, the UK subsidiary of the Swiss insurer, this week admitted that it lost a tape containing confidential personal details of 550,000 South African, 51,000 British and 40,000 Botswana customers more than a year ago. Zurich revealed that the tape had been lost while in transit in South Africa, but did not explain why the loss was announced so late. The lost data included bank sort codes and personal contact information, including addresses and telephone numbers.

	Knoxville News Sentinel
Roane State Data Device with Student, Worker Information Missing A data storage device containing the names and Social Security numbers of nearly 11,000 people reportedly was stolen from a Roane State Community College employee's car while it was parked off-campus, college officials confirmed. The device contained the names and Social Security numbers of 10,941 people, including 1,194 current or former employees and 9,747 current or former students, as well as 5,036 Social Security numbers only.

	Help Net Security
The Future of Information Security is Now By 2015, there will be 15 billion devices communicating via the Internet, including more fragmented workforces and a sea of mobile workers using social networking and collaborative technologies to do their work. With all the security troubles both organizations and end users are experiencing right now, one can only imagine how many data security threats will emerge in the next few years, experts said at a European conference this week.

	Enterprise IT Planet
Worldwide Spending for IT Security Likely to Increase A total of 63% of executives from 130 countries across all industries expect security spending to either increase or stay the same despite thee worst economic downturn in decades — or perhaps because of it, according to an annual PricewaterhouseCoopers survey. The results demonstrate that global leaders appear to be "protecting" the information function from budget cuts but at the same time are placing it under intensive pressure to "perform," the survey found.

	Central Florida News
Laptop Stolen from Halifax Health Employee’s Car Halifax Health in Florida just confirmed that a laptop computer containing billing information for 33,000 patients was stolen from a hospital employee’s car in August. Hospital officials stood by the now-common statement that they are “confident whoever stole the laptop will not be able to access the information” because it was password protected, but unless the data was encrypted, a talented criminal can likely access the files. According to Halifax Health, some employees are allowed to take their laptops home and there is no specific policy about employees leaving laptops unattended in a car.

	Hartford Courant
Long Island Laptop Still Not Found Connecticut Attorney General Richard Blumenthal released a 37-page report this week that says the state tax department failed to safeguard sensitive data when a state-owned laptop computer was stolen on Long Island in August 2007 and the confidential Social Security numbers of 106,000 citizens were lost. The report says the state tax department acted in a "cavalier and careless'' fashion in handling confidential information and "botched its initial response to the theft'' by not realizing for five days that the laptop contained important data and exposed taxpayers. The Connecticut Department of Revenue Services spent more than $1 million responding to the incident.

	Washington Post
Virginia Lost Data for More Than 100,000 Adult-Education Students A flash drive containing personal information, including names, Social Security numbers and demographic data for more than 103,000 former adult education students in Virginia reportedly was lost last month, Virginia Department of Education officials reported this week. A Virginia Education Department employee handed off an un-encrypted two-gigabyte flash drive during a Sept. 21 meeting in Richmond to a representative of Virginia Tech's Center for Assessment, Evaluation and Educational Programming. The information was to be used for federally mandated research. The flash drive was reported missing the next day.

	Computer Weekly
Top Data Security Travel Issues The growth of a globe-trotting mobile workforce equipped with laptop computers and other portable devices presents considerable risks to companies, particularly from loss or theft of equipment and data. While many large companies have policies to guard against off-network security risks, they often are ineffectively communicated or enforced, while smaller companies have little or no protection in place. When employees travel, there is an increased danger of equipment and data being stolen, so businesses should stress strict procedures for data transportation, storage and access, supported by appropriate technologies.

	American Medical News
850,000 Doctors Could be Hit by Potential Data Breach from Insurer's Stolen Laptop The file containing identifying information for every physician in the U.S. contracted with a Blue Cross and Blue Shield-affiliated insurance plan on a laptop computer stolen from an employee included the names, addresses, tax identification numbers and national provider identifier numbers for about 850,000 doctors, said Jeff Smokler, spokesperson for the association. That number represents every physician who is part of the BlueCard network, Smokler said. As many as 22% - roughly 187,000 - of those physicians used their Social Security numbers as a tax ID or NPI number, Smokler added.

	Boston Globe
Blue Cross Physicians Warned of Data Breach A laptop computer containing personal information on “tens of thousands” of physicians nationwide reportedly was stolen in August from an employee of the Blue Cross and Blue Shield Association’s national headquarters in Chicago. Blue Cross and Blue Shield officials blamed the long delay in reporting the data theft, which included information such as Social Security numbers, on not knowing at first what kind of data was stored on the stolen laptop. Jeff Smokler, national Blue Cross and Blue Shield spokesperson, said an employee who was authorized to have the information violated company rules by downloading an unencrypted version onto a personal laptop, which was stolen.

	Wired
Probe Targets Archives’ Handling of Data on 70 Million Veterans The inspector general of the National Archives and Records Administration (NARA) is investigating a potential data breach of tens of millions of records about U.S. military veterans, after the agency sent a defective hard drive back to a vendor for repair and recycling without first destroying the data. Hank Bellomy, a NARA IT manager, charges that the move put 70 million veterans at risk of identity theft, and that NARA’s practice of returning hard drives unsanitized was symptomatic of an irresponsible security mindset unbecoming to America’s record-keeping agency.

	Help Net Security
Data Leakage Plan of Action Tiny computing and storage devices have revolutionized the way people carry information as they can stow the equivalent of millions of pages of data, yet this benefit is also detrimental to an organization's data protection responsibilities. Mobile devices offer hostile agents an easily concealable package for carting off sensitive or classified information. No organization can afford to leave sensitive data in an unprotected state on devices that can easily fall into the wrong hands, experts warn.

	Ottawa Business Journal
Losses from High-tech Security Breaches Nearly Doubles in 2009: Study A new study indicates that IT security breaches cost the average Canadian organization an estimated $834,000 in 2009, nearly doubling from a year earlier. The survey of 600 IT security professionals from across Canada found annual losses related to high-tech security breaches rose by 97.2% from the $423,000 recorded by the study in 2008, with the average number of reported breaches per organization jumping to 11.3 from 3 in 2008. Private companies specifically saw a 174.5% spike in losses to $807,000.

	WSFA
Thousands of Dollars of Electronics Stolen from Troy University Thousands of dollars of computer equipment were reported stolen from the John M. Long School of Music at Troy University in Troy, Ala., but students and professors say they lost more than a few pieces of electronics. The computers contained irreplaceable music performances and other projects used for teaching and recording music.

	Yorkshire Evening Post
CCTV Clue in Hunt for Hospital Thief Police continue to investigate the theft of a laptop computer from the St. James Institute of Oncology in the UK in August that contained research into new cancer treatments. Vital research could be significantly delayed because of the theft, hospital officials said. According to the West Yorkshire Police, the stolen computer contained a unique type of developmental software that was being used as part of a research project into radiotherapy treatments for cancer sufferers.

	Newsday
Madoff Investors' Security May Have Been Breached Names, addresses, Social Security numbers and account information of 2,246 people who invested in a Ponzi scheme orchestrated by financier Bernard Madoff were listed in a laptop computer stolen in July from the car of an employee of AlixPartners, a consulting firm that has been processing victims' claims. Madoff victims already devastated by financial losses were angered that they are learning about the theft more than two months after the incident occurred in recent letters mailed by AlixPartners.

	St. Cloud Times
Laptops Stolen from Roosevelt Contain Student Information Two laptop computers stolen from Roosevelt Early Childhood Center in St. Cloud, Minn., contained private student information for 754 students, St. Cloud school officials said. The data on the laptops included information about student behavioral issues and include names, internal identification numbers and discipline referrals. The district is now reviewing protocol for storing non-public information on school laptops.

	MarketWatch
German Companies had Data Breaches in Past Twelve Months According to a new Ponemon Institute study, 53% of all German companies and organizations suffered at least one data loss incident during the past year, representing an increase of more than 55% from 2008. The study shows that the number of IT departments that strategically plan use of encryption technologies is growing, as 31% of respondents said their organizations have a company-wide strategy for consistent use of encryption applications.

	SC Magazine UK
Lost Laptops Becoming More of a Challenge for IT Managers as Employees Work Remotely As laptops increase in popularity among business people and criminals alike, a new survey has found that human carelessness or errors often occur, resulting in laptop losses and stressing the value of off-network data security. The survey found that 41% of respondents said they take their business laptop out of the office on a daily basis, while an additional 42% said they leave work with their laptop at least once a week.

	Biloxi Sun-Herald
French Organizations Hit By One or More Data Breach Incidents A new Ponemon Institute study has found that 67% of French organizations have been impacted by at least one data breach incident within the past year, with 18% having been hit by more than five incidents. A massive 92% of the data breaches were never disclosed because France has no regulatory requirements for reporting breach incidents. The study also found that only 9% of French businesses have an overall encryption strategy that is applied consistently across the entire enterprise, while 45% have no encryption plan.

	iStockAnalyst
Electronic Gadgets Common Targets Utah law enforcement officials say they are seeing more cases of thieves stealing electronic devices that contain personal information, usually when unattended or visible in vehicles. The statement follows the recent theft of a laptop computer belonging to a loan officer for Sun Valley Mortgage that contained sensitive and personal information on Utah homeowners. Weber County Sheriff's Capt. Klint Anderson said: “You take anyone in the workforce who has a laptop and their work information will probably be on it. I can't imagine any profession (that) wouldn't have sensitive information or vulnerability.”

	eGov Monitor
UK ICO: Wigan Council Improves Security After Details on Most School Children are Stolen A laptop computer containing unencrypted personal information relating to about 43,000 school children and young people was stolen from the Wigan Council in the UK in a breach of the nation’s Data Protection Act. The UK Information Commissioner's Office has now required the council to take a number of steps to improve data security, including ensuring that portable and mobile devices, such as laptops and media used to store and transmit personal data, are encrypted.

	WALA
U.S. Navy Laptop with Personal Information on 38,000 Pharmacy Customers Missing A laptop computer containing a registry of 38,000 U.S. Naval Hospital Pensacola pharmacy service customers' names, Social Security numbers and birth dates reportedly has gone missing. The last date that the computer can be accounted for is Aug. 18, according to an internal investigation, which found that the computer has a damaged exterior and may have been improperly disposed.

	BankInfoSecurity
Biggest Breaches of 2009 The non-profit Identity Theft Resource Center (ITRC) reported a total of 356 data breaches thus far in 2009, and 46 of those incidents have involved financial institutions - up from 34 at the same time last year. A review of data incidents shows that May currently holds the record as the busiest breach month this year, followed by March and August.

	Dark Reading
IDC Report: Most Insider Leaks Happen By Accident Accidental security leaks happen more frequently and cause more damage than malicious insiders, according to a study published this week by research firm IDC. According to the report, 52% of respondents characterized their insider threat incidents as predominantly accidental, 26% said they believed their insider issues were an equal combination of accidental and malicious threats and 19% considered the threats deliberate.

	Information Management
Under Pressure, Small Banks Outsource Security Facing increased pressure to improve their data security, a growing number of small and midsize banks are outsourcing their information security management, industry observers say. More companies will consider outsourcing, observers note, as auditors and regulators step up their efforts to ensure that banks of all sizes are safeguarding financial data.

	Help Net Security
Trade Body Loses Unencrypted Laptop with Data on 37,000 People UK-based Repair Management Services, a trade association representing car repair companies, reportedly lost a laptop computer containing unencrypted personal data on 37,000 people and information on 1,900 driving convictions. The company has agreed to the UK Information Commissioner’s Office (ICO) demands that it ensure that its mobile devices, including laptops and portable media, are encrypted, following its violation of the UK Data Protection Act.

	KCAL
Cal State LA Students, Employees IDs At Risk Hundreds of former California State University, Los Angeles students and faculty members are now at risk for identity theft after 12 laptops and two desktop computers were stolen from the university's Minority Opportunities in Research (MORE) program. The computers reportedly contained names, addresses and Social Security numbers.

	SearchSecurity.com
Data Breach Avoidance Begins with Security Basics, Panel Says The biggest mistake leading to a data security breach is often pinpointed by investigators as a fundamental security error within a business organization, often simple employee mistakes, according to a panel of experts who discussed the topic this week. "The weakest link in the chain is and always has been the people," said panelist Bob Russo, general manager of the PCI Security Standards Council. Other panelists urged companies to enforce security policy and process documentation through better employee education.

	WHAS
Chase Bank Releases Statement that Computer Tape Containing Personal Info Missing A computer tape containing personal information, including names, addresses and Social Security numbers, for an unspecified number of Chase Bank customers reportedly was lost, bank officials stated. In a statement, the bank indicated that no financial or banking information was on the tape. Like the hardware that utilizes it, portable media can easily be lost or stolen, endangering confidential information.

	Help Net Security
Study: 69% of Australian Organizations Hit by Data Breach The Ponemon Institute released results of a survey of IT security professionals that found 69% of Australian organizations have been hit by at least one data breach incident within the past year, up from 56% in the previous year. The number of firms experiencing multiple breaches also rose, with 41% of respondents admitting to more than two data loss incidents in 2009, up from 28% in 2008.

	SearchSecurity.com
Data Has Become Too Distributed to Secure, Forrester Says Security pros should work on ways to embrace consumer off-network devices by reducing the risks they pose to the workplace, according to Forrester Research. Forrester research director Rob Whiteley said security professionals can't control the technologies being used by employees and instead need to look at the issue through a risk-oriented approach as opposed to a security-oriented approach. Security pros need to figure out what needs to be protected at all costs, and at the very least monitor the flow of data to understand what is moving beyond the company's walls, he said.

	Dark Reading
Report: Less Budget, More Data Leaks Half of senior IT professionals surveyed in a new study said they consider their ability to protect corporate data has been harmed by budget constraints, while 34% of U.S. companies in the survey said they had suffered from the leakage of sensitive or embarrassing data in the past year. Another 34% said they had investigated a violation of data protection regulations or privacy in the same period. While these statistics clarify the economic downturn, the cost of responding to a data breach can be much more expensive than preventative measures.

	Stars and Stripes
Laptop Theft Exposes Personal Data of 131,000 Guardsmen A military contractor’s laptop containing personal data on about 131,000 U.S. Army National Guard soldiers was reported stolen this week. National Guard Bureau officials said the laptop was taken in July during a conference in Atlanta. The data affects soldiers enrolled in the Bonus and Incentives Program, with files containing names, Social Security numbers and payment information.

	Network World
Improve Data Protection or Face Government Intervention Businesses in the Asia Pacific region are being warned to sharpen their data security or soon face the prospect of having governments force them to comply. Experts say in 60% of data breaches, employees and contractors are more likely culprits, and 80% of regional organizations have no security protection for thumb drives. Multi-function devices with their own hard drives are vulnerable to data theft, but largely unprotected, experts contend.

	Tulsa World
Williams Laptop with Data is Stolen A laptop containing personal and compensation information for more than 4,400 current and former employees was stolen from Williams Cos. Inc., an Oklahoma natural gas producer and distributor, company and police officials said. The computer contained names, birth dates, Social Security numbers and compensation data for every Williams employee since Jan. 1, 2007.

	KRDO
UCCS Students' Personal Information at Risk Unencrypted personal information, including Social Security numbers, of 766 students who attended the University of Colorado at Colorado Springs (UCCS) since 2003 was stored on a laptop computer that was stolen from a faculty member’s home on July 5. Other information on the laptop included student names and grades.

	Information Week
Security Worries Ratcheting Up; Spending Down IT managers are increasingly worried about lost or stolen data-bearing devices, employee mistakes and getting their bosses' buy-in for data security, according to a new survey exploring the impact of cyber-security and budget constraints. About 20% of survey respondents said they expect to bypass or curtail investments in encryption because of budget cuts. This would be a mistake because unencrypted data has been the source of many serious off-network security breaches at several high-profile companies.

	Security Park
Good Data Security is an Important Consideration for Major Purchases According to a new research study, 47.7% of UK consumers say they would not purchase goods or services from a company that had suffered a major security breach, while 43% said a breach would make them more thoroughly check how the company would protect their data. Sixty percent of survey respondents said security is an important concern and nearly a third of consumers claimed a company’s reputation for good security is vital when they decide to make a purchase.

	Business and Leadership
Your Data is Your Business Despite an increasingly dangerous digital environment, a surprising number of businesses have not implemented an encryption solution for their data, security experts say. Confidential business information is especially at risk when stored on portable computing devices such as laptops, data backups, USB flash memory drives, CD/DVDs and handheld devices. Experts on security agree, worrying about laptop theft is pointless if businesses fail to protect the data itself by encryption and strict best practices regarding how data is managed.

	Dark Reading
GAO: Many Federal Agencies Still Don't Meet Security Standards Virtually all of the U.S. federal government's key civilian agencies show weaknesses in the ability to ensure only authorized individuals can read, alter or delete data and are struggling in their efforts to deploy user identification and authentication that might prevent unauthorized users from gaining access to sensitive data, according to a new Government Accountability Office (GAO) report. The report states that the GAO has made "hundreds" of data security recommendations, yet many have not been addressed.

	St. Louis Suburban Journals
Stolen Laptop Could Have Employees’ Personal Information The Francis Howell School District in St. Louis has warned its employees that a laptop computer containing names and Social Security numbers for 1,700 non-certified employees who worked for the district between 2005 and 2008 was stolen from a human resources office at the school district’s administrative building during a recent burglary.

	Tech Herald
C-Level Survey Shows Disparity Between Security Priorities A new study focusing on data security and the perspectives between CEOs and other C-Level executives discovered that C-Level executives believe good data protection practices can support important organizational goals such as compliance, reputation management and customer trust. However, the study published by the Ponemon Institute, also learned that the majority of respondents are not confident in their ability to safeguard sensitive and confidential information. Eighty-two percent of the C-Level executives surveyed said that their organizations had experienced a data breach, and many of them say they are positive they cannot prevent another breach.

	InternetNews
Report: 85 Percent of U.S. Businesses Breached A new Ponemon Institute study has found that 85% of businesses surveyed about encryption say they have experienced a data breach during the past year, up from 60% in a 2008 study. According to the report, 59% of respondents said it is “very important” or “important” to encrypt employees' mobile devices; a sign that organizations recognize that valuable data is more mobile than ever. Organizations should adopt encryption to comply with industry regulations and state and federal laws.

	PR Newswire
70% of UK Organizations Hit by Data Breach Incidents Within Past Year Seventy percent of UK organizations have been impacted by at least one data breach incident within the past year, up from 60% in the previous year, according to the Ponemon Institute’s 2009 Annual Study: UK. Enterprise Encryption Trends. The number of firms experiencing multiple breaches also rose, with 12% of respondents admitting to more than five data loss incidents in 2009, up from 3% in 2008. Only 43% of the UK breaches were publicly announced, the report stated.

	Raleigh News & Observer
Report: U.S. State Department Can't Keep Track of its Laptops U.S. State Department inspectors found that 27 agency laptop computers were missing out of a sample of 334 laptops from four department bureaus, according to a new report by the department's inspector general, which determined that the State Department does not have an accurate accounting of its laptop computers, including equipment used for classified work, and has failed to encrypt machines to protect sensitive information. "Because the content and the encryption status of the missing laptop computers are unknown, there is a risk that PII (Personally Identifiable Information) and other sensitive Department information may be susceptible to unauthorized access and use," the report stated.

	Computing
Security on the Move A potential treasure trove of company assets can be found on a laptop, mobile phone and USB sticks held in the average briefcase today, warns a Quocirca research analyst, who notes that the cost of the physical replacement of all those devices is just the tip of the iceberg when compared to the total cost of a data breach. Every one of those devices is likely to contain a great deal of data, ranging from client information to intellectual property, and their loss can result not only in reputational damage, but may also lead to financial loss as customers take their business elsewhere.

	Pittsburgh Tribune-Review
Pennsylvania Legislator's Laptop Stolen from Vehicle A state-issued laptop computer used by Pennsylvania State Rep. Frank Dermody was stolen from the legislator’s vehicle recently. Dermody said he used the laptop mostly for e-mail and there were an undetermined number of e-mails from constituents in his Oakmont district inside. After discovering the theft, Dermody said he contacted the legislature's IT department, which erased his password.

	KXTV
Missing Laptop Contained Sutter Workers Data Technicians in a computer repair shop found the names and Social Security numbers of 6,000 current and former Sutter Health workers on an old laptop computer that had been brought in for repair and reported it to the company. Sutter Health had believed the computer was in the possession of a Sutter employee since 2007. Sutter said it has taken steps to safeguard employee information in the future by encrypting all data on company laptops and will track the disposal of old computers to make certain equipment is returned when new systems are issued.

	Gainesville Sun
Private Data Stolen from Florida Agency A flash drive containing names, addresses and Social Security numbers of about 3,000 people employed by six large Florida corporations was reported stolen from the car of a Florida Department of Revenue employee in Georgia. The corporations were being audited by the state and the data was not encrypted, department officials said. Analysts have found that one of the biggest dangers of off-network data-bearing devices is that they can be easily lost by third-parties, leaving the companies whose data disappeared responsible for dealing with the impact of a breach.

	CTV Calgary
Laptops with Patient Information Stolen from Alberta Hospital Two laptop computers containing health information about 250,000 patients were stolen in a burglary earlier this month from the University of Alberta Hospital. Information on the laptops is said to include names, birthdates, personal health numbers and lab test results for communicable and reportable diseases.

	Ithaca Journal
Valuable Computer Swiped from Cornell University A computer containing files with names and Social Security numbers of about 45,000 Cornell University students, current and former staff, and dependents was reported stolen from a university employee earlier this month. Cornell officials declined to share what type of computer was stolen, where the theft occurred, why the theft is not listed on the Cornell Police daily crime log and if the employee faces disciplinary action. Cornell's information security policies reportedly do not allow unencrypted confidential personal data to be stored on any device that is not in a physically secured location and the employee's actions appear to have violated the policy, the university’s website states.

	Tech Herald
Stolen Laptop Contained 75,000 Unencrypted Customer Records Irish energy provider Bord Gáis reported that a laptop computer with unencrypted account details, including bank records, of 75,000 customers was one of four portable devices stolen from its offices in Dublin. The lack of encryption was explained as a “flaw in the system” by one official, who noted “this computer should have been encrypted before it was given to the staff member.” A security commentator said the massive off-network data breach indicates that some large companies have not yet learned the importance of protecting customer data.

	Help Net Security
Employees Evade and Ignore Network Security Policies New research from the Ponemon Institute has found that most employees admit to serious non-compliant workplace behaviors that put their companies at risk, including the insecure use of USB memory sticks, turning off security settings and sharing passwords. According to the study, 69% of employees surveyed said they copy confidential or sensitive business information onto portable devices, while about half of respondents said their corporate data security policies are largely ignored by employees and management. Dr. Larry Ponemon said employees “are taking data outside of the organizational structure without complete understanding or awareness of the serious implications of a breach or misuse of sensitive information."

	Chicago Tribune
Audits Slap Illinois Agencies for Waste, Lax Oversight Fifty-two missing computers that may contain sensitive information were highlighted in reports released by Illinois auditors investigating several cases of state government mismanagement. Illinois Auditor General William Holland's office found that the Illinois Department of Financial and Professional Regulation cannot account for the 52 computers and other equipment valued at $170,000 and the state auditors said the agency doesn't know how much confidential information was on the missing devices. The agency regulates banking, insurance and the medical, accounting and engineering professions.

	Dark Reading
Growing Security Risks As Businesses Adopt Emerging Web, Mobile Technologies More than eight of 10 respondents to a survey of 100 top security executives at companies with revenues of $1 billion say they are concerned that pressure to cut costs and generate revenue has increased their exposure to security risks, according to new IDG research. More than seven in 10 said they have experienced a security incident during the past 18 months. The research revealed that some companies are so enthusiastic about the potential of new mobile technologies that they are deploying them without adequately securing critical processes and data.

	Help Net Security
Your Next Data Breach: It’s Not If, It’s When oday’s hard drives contain tens of thousands of documents, putting an overwhelming amount of information in a small and easily concealed device. Unfortunately, in many IT departments, hard drives and other data containing media become orphans receiving low priority for data destruction. As a result of lax safeguards, a high risk of theft and compromise exists. Hard drives need to be treated the same way “Top Secret” documents are handled and corporations must initiate proper safeguards, procedures and protocols to protect these data-rich and vulnerable hard drives, security experts say.

	CIO
Data Security - It's All About the Information, Stupid The unprecedented transformation in the nature and consequences of security breaches is causing a shift in the way security practitioners specifically, and business leaders in general, must think about the security of data within the enterprise. The basic elements of a data leakage prevention program should consist of employee awareness covering the basics of data security, technology to manage and prevent data loss, and encryption on targeted off-network devices, including laptops and other mobile devices.

	Aberdeen Press and Journal
‘Urgent Steps’ Needed to Protect Data Fifteen of Scotland’s 32 local authorities and 11 of 14 regional health boards reported lost or stolen electronic files during the past two years, many of them containing sensitive data on Scottish citizens. Missing portable devices and media include nine laptop computers and two memory sticks stolen from National Health Service facilities, while local government councils also reported lost laptops and media.

	Information Week
Do Executives Take Security Seriously? Survey Says Yes According to a new Information Week survey, 70% of IT directors say executives provide meaningful support of security operations, likely prompted by a string of high-profile security breaches during the past three years that have demonstrated that data theft isn't a phantom menace. When asked about examples of executive support, 66% of respondents said they receive input into critical business decisions and 57% said executives provide sufficient budget. Programs such as state breach disclosure laws, the Payment Card Industry Data Security Standard and the Health Insurance Portability and Accountability Act also have raised the profile of information security because the failure to comply with regulations has consequences that are felt all the way to the boardroom.

	Yorkshire Post
UK NHS Loses Medical Data on Tens of Thousands The UK National Health Service’s Department of Health confirmed that 140 security breaches were reported within the health service between January and April, including lost computers and disks containing medical records on tens of thousands of people. UK Information Commissioner Richard Thomas has ordered an urgent review of security in the health service which may result in severe disciplinary action or prosecution.

	GovInfoSecurity
U.S. Agency Can't Locate 20% of its PCs The U.S. Department of the Interior may be missing as many as 14,000 laptop computers, most of them unencrypted, potentially exposing sensitive and personally identifiable information, the department's inspector general said in a new report. Nearly 20% of a sampling of departmental computers could not be located, the report said. "Compounded by the department's lack of computer accountability, its absence of encryption requirements leaves the department vulnerable to sensitive and personally identifiable information being lost, stolen or misused," Michael Colombo, Western regional manager of Interior's IG office, wrote in a memo accompanying the report.

	Oklahoman
Is Your Data Safe on Oklahoma's Laptops? Even though data protection rules have been in place since 2003, it remains unclear if Oklahoma government agencies are complying, especially when evidence such as three major data security breaches within weeks seems to indicate otherwise. Joe Fleckinger, deputy director of IT with the Oklahoma Office of State Finance, whose office wrote the state’s laptop security policy, said it is up to each individual agency to comply with the rules, but some agencies may not be in compliance. Several serious breaches involving laptops and impacting more than 1.2 million Oklahomans occurred in April.

	Computerworld
Hard Drive with Clinton-era Data Missing from National Archives An external hard drive that's believed to contain nearly 1TB of sensitive data from the Clinton Administration reportedly is missing from the U.S. National Archives and Recording Administration (NARA). The Archives was converting information from the drive to a digital records system and apparently removed it from a secure storage area to a workplace where not only government officials, but interns, visitors and others had access. The information on the missing drive includes more than 100,000 Social Security numbers and home addresses of people who visited or worked at the White House.

	News Blaze
One in Five UK Small Businesses Worried About the Effects of Cyber-crime One in 10 UK IT decision makers responding to a new UK survey about data security recorded thefts of mobile devices, such as laptop computers, from their companies. The survey of British small businesses commissioned by Trend Micro found that that 20% of respondents say they are concerned about either personal details or confidential company information being stolen.

	eWeek
Ensuring Data Security When It's Time to Retire Computers Recent news media reports that confidential military data was discovered on a second-hand computer auctioned on eBay provided another serious example for business enterprises to realize what happens when they fail to securely manage data security at the end of equipment life. “Most companies have trouble with data destruction because the task of hardware provisioning and inventory control is delegated to less-experienced IT staffers who have not been trained and do not understand the importance of destroying old data on these machines,” said John Kindervag, an analyst with Forrester Research. Organizations need a policy to provide a chain of custody from the moment a machine is removed from service until it is actually disposed, said Gartner analyst Frances O’Brien.

	Computerworld Australia
Survey Reveals More Than Half of SMBs in Australia and New Zealand Experience Security Breaches Symantec this week released the Australian and New Zealand findings of its 2009 Global Small and Mid-sized Business (SMB) Security and Storage survey, revealing that 58% of SMB respondents said they have experienced security breaches where data was lost, stolen or hacked. The leading barrier to security cited by SMBs in the survey was a lack of employee skills and 31% of respondents noted a lack of awareness of current threats.

	Herts Advertiser
UK Patients' Data was on Stolen Laptops Three laptop computers containing confidential information about 2,000 healthcare patients were stolen in separate incidents at the West Hertfordshire Hospitals NHS Trust in the UK. Although the first laptop was reportedly stolen in 2006, a second in 2007 and a third in 2008, WHHT officials said they only learned that the portable devices contained patient information in April.

	Tech Herald
Study Shows Sensitive Data Still Available U.S. missile defense plans, security logs from the German Embassy in Paris and account numbers of a U.S. bank’s proposals for a $50 billion currency exchange through Spain were found among 300 secondhand hard drives purchased by the University of Glamorgan in a new study to determine the types of residual data that may be recovered from discarded computer hardware. According to the results, 34% of the disks contained information of either personal data that could be identified to an individual or commercial data identifying a company or organization. The drives were bought from the U.S., UK, Germany, France and Australia through computer auctions, computer fairs and eBay. “Of significant concern is the number of large organizations that are still not disposing of confidential information in a secure manner. In the current financial climate, they risk losing highly valuable propriety data,” said Andrew Blyth, who led the research.

	KMGB
Copiers Put Consumers at Risk of Identity Theft Proper disposal of business copiers should be of concern because the hard drives the machines contain can store significant personal and financial information, experts said. Some businesses may not realize that digital copiers essentially are computers that retain confidential information through their use, so disposing of copier hardware requires the same attention to data security as other computers.

	Computer Business Review
Data Breach CEOs Should Face Jail: Survey In a clear indication of growing anger about data breach incidents involving personal information, a new survey found that 62% of security executives say negligent business data security procedures should result in fines for guilty companies. A total of 93% of respondents said companies are under more pressure to protect against data loss due to the economic crisis, while 30% said CEOs and board members should face imprisonment for exposing consumers’ confidential data.

	Oklahoman
Latest Oklahoma Data Loss Puts 225,000 at Risk A laptop computer belonging to the Oklahoma Housing Finance Agency and containing personal information, including Social Security numbers and tax identification numbers, of about 225,000 Oklahomans was stolen from an agency employee’s home, officials reported. Dennis Shockley, executive director, said unencrypted information of past and present clients of the agency’s Section 8 Housing Voucher Program was on the laptop. Shockley added that the agency is upgrading its security and encrypting its computers now. This must be little comfort to the thousands of victims.

	Los Angeles Times
Burglars Hit Landmark Ventura Boulevard Office Building Burglars stole scores of computers from as many as 80 businesses in a landmark office building in Los Angeles, taking portable devices that contained sensitive legal documents, credit card numbers and tax information of thousands of people, police said. The Chateau Office Building has tenants ranging from accountants and property management companies to attorneys and talent agencies, many of which lost sensitive data. One business said credit card numbers of 7,000 clients were stolen, while another noted that a stolen computer held tax documents of 800 clients.

	Oklahoman
Oklahoma DHS Data Loss Puts 1 Million at Risk A laptop computer containing unencrypted personal information on about 1 million Oklahomans was reported stolen from an employee of the Oklahoma Department of Human Services (DHS), officials said. A DHS spokesperson said the computer contained names, Social Security numbers and birth dates for about 1 million people served by the agency, including those using such programs as child care assistance, food stamps, disability coverage and Medicaid. Mark Weiser, director of Oklahoma State University’s Center for Telecommunications and Network Security, said the risk of the data falling into criminal hands is great because the laptop data was not encrypted. “Anybody could take that hard drive and stick it in another machine and read everything on it,” Weiser said.

	PC Magazine
Study: Lost Notebooks Cost Corporations $50,000 Apiece The Ponemon Institute released a new study on Thursday that found that, on average, lost or stolen laptops cost corporate owners $49,246 apiece. Healthcare, pharmaceutical companies, technology and education organizations ranked at the top of the list of industries which are the most financially affected by a lost notebook. Ponemon measured the value of a notebook by estimating the cost of data, loss of productivity, costs associated with replacing a notebook, and other factors. The cost of a data breach was found to be the most expensive aspect of losing a company laptop, taking up roughly 80% of the total average cost to a company.

	Insurance News Network
U.S. Companies Still Underestimate Impact of Data Breaches A new report revealed that 38% of Fortune 500 companies fail to acknowledge the threat of a data breach in the Risk Factors section of their SEC 10-K filing, and 26% of the companies that do include the risk of a data breach in the filing fail to mention the consequential financial impact. An additional 49% failed to identify the impact of a data breach on reputation, according to the research conducted by an insurance company.

	IT World
Rage, Sloppy Eaters Among Top Causes of Lost Data on Laptops A new study from the Ponemon Institute to examine business risks associated with laptop computers determined that important company data gets lost when company laptops are damaged. And while most damage is accidental, a significant portion is caused by "anger or frustration" that employees take out on their laptops. The survey of 3,100 IT and security practitioners located in the U.S., UK, Germany, France, Mexico and Brazil found that Americans rate laptop rage and mishandling on the road fairly low - 13% and 25%, respectively, but 34% of American IT pros told Ponemon that "spilling food or liquids on the laptop" is the top cause of damage.

	WGHP
Stolen Laptop Contains Moses Cone Patient Information Moses Cone Health System in Greensboro, N.C., said a laptop containing confidential information about 14,380 patients was stolen from a hospital vendor. The information on the laptop was not encrypted and included patient histories, names, addresses and information about medical procedures. Social Security numbers for about 6,000 patients were also stored on the laptop. The computer reportedly had been in the custody of vendor VHA at a facility in Canton, Ga., where it was reviewing data to, ironically, help the hospital improve care and reduce costs, but the cost to manage the off-network breach will likely be extensive.

	SC Magazine
Despite Downturn, IT Security Spending to Increase Data security breaches continue to increase, and so do security budgets, according to a new survey of 1,538 organizations in the U.S., Canada, UK, India and China by the Computer Technology Industry Association (CompTIA). The survey determined the primary cause of breaches is human error, followed by a failure to follow security policies, which are rising in prevalence. Additionally, 29% of U.S. respondents said they experienced at least one to three data-loss incidents during the past year.

	Salisbury Somerset Herald
Orthopedic Practice Suggests Identity Theft Action After Breach Tapes containing patient information on as many as 100,000 people were reportedly stolen while in transit from Peninsula Orthopaedic Associates in Maryland to an off-site storage facility. Patient personal information contained on the tapes included health insurance plan data and Social Security numbers, officials said.

	eWeek
Microsoft Outlines Rogue Antivirus, Data Breach Threats The Number One reason for data security breaches remains lost and stolen equipment, according to a new edition of Microsoft’s Security Intelligence Report. “For the second report in a row, what we find is that stolen or lost equipment seems to account for about 50 percent of all reported data breaches,” said Vinny Gullotto, general manager of the Microsoft Malware Protection Center. “So that’s a pretty dramatic difference when you take a look at the fact that only about 20 percent …(of the time) did a security breach come from some bit of hacking or a piece of malware specifically,” he said. “This information reinforces the need for appropriate governance and policies around data and procedures,” Gullotto added. The report’s finding mirrors studies conducted by the Ponemon Institute and the Identity Theft Resource Center.

	Help Net Security
Economic Crisis Increases Americans’ Fears About Fraud and ID Theft According to new research from Unisys, the vast majority of Americans surveyed say they believe that the current world financial crisis has increased their risk for experiencing ID theft or related fraud crimes, and more than one-quarter believe the current crisis raises that risk substantially. Additionally, more than two thirds of Americans said they are extremely or very concerned about other people obtaining and using their credit or debit card details, with 90% at least somewhat concerned.

	BBC
Details of 33,000 Children Stolen A computer containing personal information on 33,000 children was reportedly stolen three months ago from a UK council education office. A burglary at Progress House, the headquarters of Wigan Borough Council's children and young people's services, took place in January, but the incident was not publicly reported until this week Information on the computer included names, birth dates and other personal data, as well as details of special educational needs or eligibility for free school meals.

	San Jose Mercury News
Laptop Stolen Contained Information of 1,000 Santa Cruz Patients A laptop computer recently stolen at the Palo Alto Medical Foundation's Santa Cruz, Calif., office contained personal and medical information of 1,000 Santa Cruz County patients, foundation officials said. The laptop was attached to a piece of medical equipment that was stolen from the foundation's closed office. Information on the computer included patient medical record numbers, treatment plans and diagnoses.

	KPTV
Pacific University Seeking Stolen Laptop Administrators at Pacific University in Forest Grove, Ore., reported a university-owned laptop that contains names and personal information of an unknown number of people was stolen from a staff member's home last week. University officials say they do not believe Social Security numbers were on the computer and adamantly stressed that there is no evidence of identity theft, but the response omits what type of personal information may have been stored on the portable device, to whom the data belonged or if the laptop was encrypted. Also, a week is a little premature to doubt what a thief can do with the information found on a stolen electronic device.

	Information Week
What Keeps Security Pros Awake At Night? According to a new Information Week Analytics/DarkReading.com survey, 52% of security professionals said they are most concerned about internal security risks, including both accidental and malicious data compromises by employees or business partners during the course of their day-to-day activities. When asked about the most potentially dangerous individual events that could occur in their organizations, 35% cited an insider-related mishap such as the loss or theft of a laptop or portable storage device. Costs for data security protection can pale next to the damage done to brands and a loss of customer trust resulting from a data breach.

	TechRepublic
10 Security Threats to Watch Out for in 2009 Laptop computers have presented a known off-network data security risk for many years, but now more than ever, the devices contain important business documents, contact information, e-mail, text messages and personal information. This fact places all portable devices on TechRepublic’s top 10 security threats of 2009, along with side effects of green computing. In this case, recycling computer components can expose sensitive data to strangers if assurances aren’t made to wipe the hard drives clean.

	Dark Reading
Security Departments Turn to Outsourcing As companies cut back on IT staffing and equipment during difficult economic times, security pros are looking favorably at the notion of getting outside help for their security needs. Separate studies by Forrester Research and Symantec indicate that the two top drivers among firms for using a managed security service provider are the demand for a specialized skill set and the need to reduce costs. Redemtech is the outsource partner of choice for data erasure and off-network data security.

	Miami Herald
Disk with Information on 200,000 Visitors to Jackson Hospital Stolen A computer hard drive containing personal information on more than 200,000 visitors to Jackson Memorial Hospital during an 11-month period was reported stolen from the hospital's mainframe data center. Copies of drivers' licenses of visitors from May 2007 through March 2008 were on the hard drive. Hospital officials recommended that visitors during that period place a fraud alert with a credit bureau.

	NetworkWorld
A Real Dumpster Dive: Bank Tosses Personal Data, Checks Data protection is not just an IT security issue, according to analyst Steve Hunt of Hunt Business Intelligence, who said he believes too many people in IT security still have that false perception. “There are so many physical security aspects to data protection, it ought to never be considered merely an IT security issue," Hunt said, noting that sensitive data is sitting on discarded computers, misplaced USB drives, overflowing fax piles and unguarded trash bins, waiting to be found by criminals.

	SearchSecurity.com
Firms Muddle Security Breach Response, Expert Says Getting a handle on how data flows in and out of a company can help enterprises to assess the scope of future data security incidents, experts say, noting that most security breach responses are poorly coordinated despite advance planning. The technical stage of incident response is often where incidents get muddled and businesses should consider the tools available to protect data, especially off-network, experts say.

	Toledo Blade
Stolen University of Toledo Computer Held Student, Faculty Data A computer stolen from the University of Toledo contained personal information for about 24,000 students and 450 faculty members, the university announced this week. The student information included identification numbers and grade point averages, while faculty information included names, Social Security numbers and birthdates.

	Personal Computer World
Recession to Fuel Data Theft Crisis Consultancy KPMG, confirming that 2008 was the worst year on record for data loss, said it expects cases of data loss to increase during 2009 as the economic crisis continues. KPMG forecast that the number of people affected by personal data loss will more than double from 92 million to 190 million globally by the end of the year. While malicious theft of personal details by criminal organizations and businesses sharing data with third parties were primary threats, a significant proportion of data loss is caused by company employees, with potential incidents being both intentional and negligent in nature.

	Indianapolis Star
Flood Victims' IDs on Stolen FEMA Laptop The Federal Emergency Management Agency (FEMA) recently warned that a laptop computer with personal information on Indiana flood victims was stolen from a housing inspector's car last November. A FEMA spokesperson said the laptop contained names, Social Security numbers and other personal information on about 50 victims of last September's flooding in northwestern Indiana.

	Idaho Business Review
INL Disk Containing Employee Data Lost in UPS Shipment The U.S. Department of Energy's Office of Health, Safety and Security reported a computer disk containing personal information for more than 59,000 current and former Idaho National Laboratory employees, including names, birthdates and Social Security numbers, was lost in transit. The department said it is working with UPS, which was transporting the disk, to recover the portable media and make sure the data is secured. The disk contains details on “every employee who’s ever had a badge” at INL from 1949 to 2006, according to DOE spokesman Brad Bugger.

	New York Post
NYPD Civilian Worker Busted in Mass Cop-ID Theft A civilian official of the New York Police Department’s pension fund has been charged with taking computer data that could be used to steal the identities of 80,000 current and retired police officers, sources said. The official, who served as the fund's director of communications but did not have authorized access to the Staten Island site where computer data tapes were stored, allegedly escaped with eight tapes containing Social Security numbers, direct-deposit information for bank accounts, and other sensitive material.

	CNET
Gartner: Financial Fraud Hits 7.5 Percent of U.S. Adults Due to data breaches, about 7.5 percent of U.S. adults lost money as a result of financial fraud in 2008, according to a new Gartner survey. The survey found that financial fraud victims were twice as likely to change their behavior as a result of security incidents as the average consumer. The study also looked at why people switch banks and concluded that security and financial health of a bank were of about equal importance to consumers, Gartner analyst Avivah Litan said.

	InternetNews
ID Theft Threat Grows With 1 Million Already Hit in 2009 Identity thefts soared in 2008, and 2009 is shaping up to be another year of security breaches, according to a new report from the non-profit Identity Theft Resource Center (ITRC), which found that U.S. businesses and other organizations suffered 83 security breaches so far in 2009, potentially exposing the records of at least 1.1 million people.

	Steamboat Pilot
Stolen Computer Contained 1,300 Social Security Numbers A laptop computer belonging to the finance director of Steamboat Springs School District in Colorado and containing names and Social Security numbers of 1,300 people was reported stolen from a school office recently. Although the laptop was password-protected, if the data was not encrypted, it remains vulnerable.

	CSO
Starbucks Sued After Laptop Data Breach In another example of how businesses can be negatively impacted by an off-network data security breach, coffee retailer Starbucks is being sued in a class-action lawsuit. The lawsuit claims damages from an October 2008 data breach involving 97,000 Starbucks employees whose names, addresses and Social Security numbers were on a stolen laptop computer. The lawsuit seeks an extension of free credit monitoring and protection and asks that Starbucks be ordered to submit to periodic security audits of its computer systems because it allegedly failed to follow reasonable precautions to secure its employees' personally identifiable information.

	MSNBC
Arkansas Background Check Records Potentially Exposed A computer storage tape containing data from criminal background checks on approximately 807,000 people dating back to the mid-1990s was reported missing from an information-protection company's vault, officials of the Arkansas Department of Information Systems (DIS) said. Information on the tape included names, addresses, birth dates and Social Security numbers. DIS was informed at the end of January that vendor Information Vaulting Services, charged with providing off-site storage for electronic records and computer files, was unable to locate the DIS computer tape in its inventory.

	Mustang Daily
Campus Laptop Theft Increases Businesses can learn a valuable lesson from colleges experiencing an explosion of laptop thefts: the smaller high-tech devices get, the easier they'll be stolen. During the past two years, the number of reported laptop thefts rose about 48%, according to the FBI's National Crime Information Center. Ryan Matteson, technical security officer at California Polytechnic State University, likened data security to a natural disaster after which victims suddenly are aware of the need to protect their data. "It's like getting ready for an earthquake. Most people don't have the supplies on hand to deal with an earthquake - except for the two weeks after they've experienced an earthquake. Then, they'll go out and they'll buy the stuff to be ready for the next one," he said.

	KVIA
Laptop with Personal Data Taken from Food Pantry A laptop computer containing sensitive personal data of 36,000 clients of the Rio Grande Food Project, an Albuquerque, N.M., food pantry, was reported stolen last week. The laptop belonging to the non-profit organization stored information such as addresses, birth dates and Social Security numbers from the past three years.

	eSecurity Planet
U.S. Government Faces IT Security Gaps The Los Alamos National Laboratory (LANL) in New Mexico reportedly is undergoing a security shakeup following the discovery that 90 computers were reported missing or stolen during the past year. In January, three computers were stolen from the home of a LANL scientist, earning the lab a rebuke from the U.S. Department of Energy's National Nuclear Security Administration, according to the website of the non-profit Project on Government Oversight (POGO). The problems at LANL are troubling because the lab deals with highly classified projects, including safeguarding the U.S. nuclear deterrent and offering mission-critical support for NASA.

	Seattle Times
Product Stewardship Leads Companies to Provide Free E-waste Recycling A new electronics take-back law regulating e-waste in the State of Washington covers televisions, desktop and laptop computers, and monitors and is touted for taking the financial burden from consumers and putting it back onto electronics manufacturers. However, e-waste not covered by the new state law, such as computer keyboards and printers, still may require that consumers pay a fee for e-waste management. Recycling e-waste isn’t “free” under take-back laws, since manufacturers simply incorporate the costs of handling e-waste into the price of new products.

	Computerworld
Survey: 40% of Hard Drives Bought on eBay Hold Personal, Corporate Data A computer forensics firm said that 40% of the hard disk drives it recently purchased in bulk orders on eBay contained personal, private and sensitive information, including corporate financial data. The Kessler International study concluded that the drives originated in computers sold to third-party resellers that disassembled the units and sold the parts. Much of the data had never been overwritten or erased. Companies interested in disposing or recycling computers should trust only vendors like Redemtech that certify with documentation that all data is destroyed.

	TechNewsWorld
With Great Amounts of Data Comes Great Responsibility With respect to data loss, increasing penalties as well as increased transparency are two paths that have been cited time and again in regard to increasing corporate responsibility, industry observers say. Even in corporations that have well-written policies and effective controls, the percentage of data breaches that occur due to human error is still higher than 80%. There is not a 100% guaranteed "silver-bullet" for network security: companies must maintain constant vigilance of their security, including physical security. A "set it and forget it" attitude establishes false expectations.

	Smart Company
Global Data Theft Hits $1 Trillion Laptop computers and portable storage devices are an open gateway to data theft and businesses must be aware of such risks, concluded a new survey. A malicious cyber-underground is growing ever more sophisticated and high-tech criminals trading stolen information are thriving on the economic downtown, experts said, noting that cyber-crime in 2008 cost businesses more than $1 trillion worldwide.

	Network World
Data-Breach Costs Rising, Study Finds In a study of 43 companies that suffered a data breach in 2008, the Ponemon Institute found the total cost of coping with consequences of an incident rose to $6.6 million per breach, up from $6.3 million in 2007 and $4.7 million in 2006. The cost per compromised record in 2008 rose 2.5% over 2007 to $202 per record, according to the study. For the majority of companies surveyed, the data breach reported was not their first, Ponemon said, noting that "84% of the cases were repeat offenders.”

	Indianapolis Star
HoneyBaked Ham Customer Data Stolen A computer server stocked with credit card information on an unknown number of customers was reported stolen at an Indianapolis, Ind., HoneyBaked Ham store. Physical theft of desktop and laptop computers continues to grow. Redemtech recommends adopting tighter controls to account for the many data-bearing mobile devices used by national companies and using encryption as a best practice, but the practice should be used in tandem with other off-network data protections.

	Charlotte Sun
Guidelines for Protecting Personal Information by Businesses Owners Knowing what personal information a business possesses on computers and in files; protecting the data that is kept; properly disposing of data that is no longer needed; and creating a plan to respond to security incidents are among the highlighted guidelines from the U.S. Federal Trade Commission (FTC) that business owners should follow to safeguard data. Businesses should inventory all IT assets to determine where they store sensitive data and track personal information to get a complete idea of the data security picture and eliminate vulnerabilities.

	Dark Reading
Microsoft Study: Users Worry About Privacy But Know Little About Threats A new Microsoft study on privacy raises questions about whether computer users are saddled with too much responsibility in protecting their information. While the Microsoft study was concerned with online security, it has implications for off-line security as well. Businesses must be aware and informed of the dangers of off-network data security threats, because - as this study indicates - those who are uninformed may not be capable of protecting themselves and should rely on outside experts to enable them to establish protections through technology and best practices.

	CNN
VA Will Pay $20 Million to Settle Lawsuit Over Stolen Laptop's Data The U.S. Department of Veterans Affairs has agreed to pay $20 million to current and former military personnel to settle a class action lawsuit related to a stolen laptop computer containing personal data on 26.5 million active duty troops and veterans. The settlement ends nearly three years of litigation, but illustrates that financial culpability for an off-network data breach often goes far beyond the costs of notification and damage control.

	USA Today Blog
Security Experts Ask Obama for Help A band of security and privacy experts is calling on President Obama to create a federal clearinghouse of information about data breaches and make that intelligence accessible to companies, consumers and law enforcement to help stifle crime. The nonprofit Identity Theft Resource Center reported that personal records of at least 35.7 million Americans were exposed in 656 breaches reported last year.

	Washington Post
Firm Reports Massive Data Breach from Credit, Debit Transactions A security breach at New Jersey-based Heartland Payment Systems last year may have compromised data from tens of millions of credit and debit card transactions, company officials admitted this week. The source of the breach was malicious software on the company's processing network which was recording payment card data as it was being sent to Heartland by thousands of the company's retail clients. While this breach does not directly impact off-network data security, the magnitude of the theft highlights the vulnerabilities of our evolving business culture that can have connections to the off-network security arena.

	Computerworld
Heartland Data Breach Could Be Bigger Than TJX's A data breach disclosed this week by Heartland Payment Systems may well displace TJX Companies' January 2007 breach in the record books as the largest ever involving payment data with potentially more than 100 million cards being compromised. This incident also may prove to be more costly than the TJX breach, which ultimately cost the retailer about $100 per stolen record for a total of $4.5 billion. The lesson here is that any organization that fails to protect its data effectively provides an easy target for data theft and must grapple with considerable damage to financial stability and business reputation.

	Dark Reading
Getting the Big Picture on Your Security Situation The first step to obtaining full situational awareness for data security at a business enterprise is to have a thorough IT asset management system that can track all hardware, software and other resources, experts say. Knowing where every IT resource is located and what it's running can be critical during a data incident response. Also important are conducting comprehensive risk assessments of all assets to understand what risks threaten the confidentiality, integrity and availability of IT resources; and achieving full visibility throughout the enterprise network.

	KCBY
Stolen Laptop Creates a Stir at Southwestern Southwestern Oregon Community College reported that a laptop computer containing records for 200 current and former students was stolen from the campus. College officials said “extra measures” are being taken “in order for the college to be proactive in preventing any future thefts,” which is a lot like saying “we’ll plug that leak in the reservoir right after the levy breaks.”

	Finextra
U.S. Financial Institutions Hit by 78 Reported Data Breaches Last Year U.S. financial services companies accounted for 18.1 million compromised records during 2008, 52.5% of the total 35.7 million records that were reportedly breached during the year, according to the Identity Theft Resource Center (ITRC). ITRC said financial institutions suffered 78 data breaches during the year. Only 2.4% of the breaches involved encryption or other strong security methods in use.

	Vnunet.com
IT Leaders Ignoring Encryption New data security research indicates that European IT decision makers are still failing to adequately address information security, despite the fact that more than half of the respondents surveyed admitted that they suffered a security breach in 2008. A total of 70% of companies that had suffered a breach stated that the lost data was not encrypted, even though 82% agreed that encryption technologies could have mitigated the risk.

	Earthtimes
Study Shows Many Employees Undermine Traditional Data Breach Prevention Strategies Ninety-two percent of U.S. IT security practitioners report that someone in their organization had a laptop lost or stolen and 71% report that it resulted in a data breach, according to a new Ponemon Institute study on the use of encryption on laptops. "The data suggests that, because of user behavior, encryption alone is not enough to protect mobile devices and the sensitive data stored on them," said Dr. Larry Ponemon, chairman of The Ponemon Institute. "These statistics are especially disconcerting when combined with our recent studies demonstrating that lost or stolen laptops are the Number 1 cause of data loss, with 3 out of 4 companies experiencing a data breach when a laptop has been lost or stolen."

	eWeek
SMBs to Increase Security Spending in 2009 Analysts at Forrester Research say small- to medium-size businesses are planning to spend a healthy percentage of their 2009 IT budgets on security, with data protection listed as a top priority. Although many midmarket companies are looking to tighten IT budgets in 2009, security is one area where spending will increase, according to Forrester, which said a survey of 1,206 SMB IT and security managers in North America and Europe revealed that data security is the priority for 87% of respondents. Eighty-two percent of SMBs describe protecting sensitive corporate data to be a very important or important business objective for IT security, and 82% say the same for protection of customer data.

	Washington Post
Data Breaches Up Almost 50 Percent, Affecting Records of 35.7 Million People Lost or stolen laptops and other removable electronic devices were named as the cause for more than 35% of all reported data security incidents in 2008, according to the nonprofit Identity Theft Resource Center, which reported that personal records of at least 35.7 million Americans were exposed in 656 breaches reported last year. The number of data breaches in 2008 was up almost 50% from 446 in 2007, with nearly 37% of the breaches taking place at businesses.

	Computer Weekly
Data Loss Victims Expected to More Than Double in 2009 The number of people affected by data losses worldwide could more than double in 2009, according to consultancy firm KPMG, which predicts that as many as 190 million people may be affected by data breaches this year, compared with 92 million in 2008. New research found that 47.8 million people were affected by data losses in September, October and November, which was more than the preceding eight months combined. High-profile data losses in the U.S., UK, Germany, South Korea and Chile accounted for 91% of the people affected worldwide by data breaches in 2008.

	Ft. Lauderdale Sun-Sentinel
Identity Theft Accelerated in 2008, and Experts Fear It Will Worsen in '09 Identity theft became the fastest-growing crime in the U.S. in 2008, affecting more than 10 million Americans, according to the U.S. Federal Trade Commission. Linda Foley of the non-profit Identity Theft Resource Center (ITRC) said: “There's more data on the move that is not being guarded, and human errors happen.”

	Las Vegas Sun
Identities of 16,000 Pulte Homes Customers Compromised A box containing computer backup tapes that held private customer information, including names, addresses, driver's license numbers and financial account numbers, was reported stolen from a Pulte Homes office in Las Vegas. A representative of Pulte Homes, Inc., of Bloomfield Hills, Mich., one of the largest homebuilders in Las Vegas, said it took a month for Pulte's information systems team to identify the customers who have been potentially affected by the data theft.

	Help Net Security
Security Trends of 2008 and Predictions for 2009 Data breaches will persist in 2009 and likely will increase, industry experts say. In 2008, the Identity Theft Resource Center (ITRC) documented 548 breaches, exposing 30,430,988 records. In many cases, insecure business processes and inadvertent employee mishandling of sensitive information are the most common ways that data is exposed.

	Computerworld
IT Predictions for 2009: The Economy Dominates Analysts looking at security issues in 2009 predict another serious data breach that exposes credit card numbers and personal data of thousands of customers “because some people just never learn from the past.” Security vendor Finjan predicts that the number of people participating in cyber-crime will continue to rise "with an increasing number of unemployed IT professionals joining in."

	Knoxville News-Sentinel
Computers Stolen from APSU Contain IDs Austin Peay State University officials reported two computers with the names and Social Security numbers of 750 veterans were recently stolen from campus. The computers were taken from the office of Veterans Upward Bound, a program that helps prepare discharged veterans for college enrollment, and contained information on participants from 1999 to 2007.

	USA Today Blog
More Than 4 Million Health Records Breached in 2008 A staggering 4.07 million healthcare records have been breached during 2008, about four times the amount of reported breaches in 2007, according to researcher DataLoss DB. High-profile breaches often occur through the theft of tapes containing confidential data, although off-network breaches also contribute to the increasing number of breaches, experts say.

	IT Director
Data Leaks Highlight Need for Content Security News of data leaks can cost businesses dearly in many ways, including direct costs such as regulatory fines and loss of assets, but also indirect costs caused by reputational damage leading to lost orders and even share price devaluation. Many high-profile data losses have involved lost laptops or disks used to move data from one place to another, analysts say.

	ChannelWeb
Oops! McCain Camp Sells Loaded BlackBerry A television investigative team this week said it bought a BlackBerry smart phone from the former McCain-Palin presidential election camp that contained a plethora of confidential campaign information, including phone numbers, emails and other sensitive data. The McCain-Palin campaign sold used office inventory, including computers and phones, at bargain prices, and reporters paid $20 for a BlackBerry that had phone numbers for people connected with the campaign, as well as hundreds of emails.

	IT Security
HP, Symantec Warn Employees After Laptop Thefts Technology vendors Hewlett-Packard and Symantec this week warned employees that their names and Social Security numbers may have recently fallen into criminal hands following two separate laptop thefts. HP said that at least several thousand employee records were contained on an unencrypted laptop that was stolen several months ago from an HP employee based in the Houston area. The Symantec breach occurred in October and affected employees who were being laid off as part of a restructuring of the company's IT operations.

	New Hampshire Union-Leader
Thousands Affected in Dealership Data Theft Personal information including names, addresses, Social Security numbers and driver's license information from thousands of people in New Hampshire and Massachusetts has been compromised after a data backup tape from Bill Dube Ford/Toyota in Dover, N.H. was stolen. Although customers were informed of the data breach earlier this month, the theft actually took place in August, sources said.

	Toledo Blade
Deleted E-mail is Still Public Record The Ohio Supreme Court this week ruled that a deleted e-mail doesn't cease to be a public record if it can still be retrieved from a computer's hard drive. The court ruled in favor of an Ohio newspaper and ordered public officials in Seneca County, Ohio, to make "reasonable'' efforts to retrieve deleted e-mails and rejected the county's contention that such a ruling would compromise government's ability to use e-mail. As technology advances, protecting sensitive data in many forms becomes more important.

	InternetNews
Survey Finds Data Breaches Hit Most Enterprises Sixty-seven percent of 179 companies with between 1,000 and more than 20,000 employees surveyed by Enterprise Strategy Group said they had suffered one or more confidential data breaches within the past year. A data loss resulting from losing an off-network device containing confidential information was admitted by 14% of the companies surveyed.

	Help Net Security
Study Reveals Corporate Failure to Safeguard Core IT Assets Many businesses are focusing on IT skills for newer Web 2.0 technologies at the expense of the crucial skill-sets required to future-proof the core systems that are most business-critical to the successful safeguarding of core IT assets, according to a new global study. Despite reinforcing the importance of core IT assets to business success, study respondents said newer technologies receive a larger share of attention and budget.

	Reuters
CIBC's Talvest Data Breach a Mystery, Probe Finds Canada's Office of the Privacy Commissioner recently concluded an investigation of a missing Canadian Imperial Bank of Commerce hard drive from 2007 by saying 500,000 customers of the bank's Talvest mutual funds unit will never know if their personal data was accessed by outsiders. Investigators said deficient security policies and procedures made the status of data transferred to the hard drive unclear and raised concerns about the length of time it took the bank to alert police and customers about the potential breach.

	Seattle Post-Intelligencer
Missing Laptop Puts Starbucks Workers' Data at Risk A laptop computer containing private information on 97,000 Starbucks employees was stolen, placing in limbo the names, addresses and Social Security numbers of the people affected. Starbucks needs to wake up and smell the data security coffee. The new incident rekindles memories of another serious off-network data breach at the coffee chain in 2006, when four laptops containing personal data on 60,000 former and current employees disappeared from Starbucks’ headquarters.

	eWeek
Underground Economy for Stolen Data Thriving, Symantec Says In a new year-long study, Symantec researchers turned the spotlight on the underground market for stolen data and uncovered black market traders advertising stolen data at prices totaling more than $276 million. Symantec tracked 69,130 distinct advertisers and 44,321,095 total messages posted to underground forums. Though stolen bank account information sells for between $10 and $1,000, the average advertised stolen bank account balance is nearly $40,000, Symantec officials said.

	Washington Post
Verizon Staff Viewed Obama's Account Verizon Wireless admitted that a number of its employees accessed and viewed President-elect Barack Obama's personal cell phone account without authorization. The breach of personal data comes as some security experts question whether Obama should for security purposes stop using electronic devices to transfer data when he takes office. Verizon declined to specify how many employees saw the account or what kind of information was viewed.

	Bank Systems & Technology
Best Practices on Data Breaches A survey of victims of financial data breaches conducted by Javelin Strategy & Research revealed that 40% "lose confidence" in their financial providers when a data breach occurs and one in five switches to another financial institution. More than one in 10 consumers have reported sensitive personal data exposed, according to Javelin. Best practices are useful to a business when responding to a data breach and how an incident is perceived by customers.

	Computerworld
Obama Administration to Inherit Tough Cyber-security Challenges While the all-inclusive term “cyber-security” often is attributed to information systems, it also includes off-network security efforts, especially in light of some of the serious data breaches that have occurred in recent years as the result of lost U.S. government laptops. Gartner analyst John Pescatore said many of the initiatives that government agencies are implementing, such as data encryption, are helping to bolster security in bits and pieces. More needs to be done so that off-network security is more closely tied to national and private sector cyber-security objectives.

	Wall Street & Technology
The Overlooked Challenge of Data Security in an M&A Mergers and acquisitions (M&A) in the financial industry have come fast and furious during recent months, but data security designed to protect customer information can easily be overlooked during a transition, experts warn. During an M&A, huge amounts of confidential data changes hands between law firms, auditors, acquired and acquiring companies. Companies undergoing an M&A need to have the ability to identify where data is stored and technology to protect it.

	Dark Reading
Schools Suffer One-Third of Total U.S. Data Breaches Nearly one-third of all U.S. data breaches occur in K-12 schools, colleges and universities, representing a relatively disproportionate amount of overall breaches, according to a new study from consultant J. Campana & Associates. Data from more than 12.4 million students and educators was exposed in 324 breaches during the past three years, according to the report. Analysis and audits of an educational institution’s security by a company such as Redemtech can suggest protective technology as well as best practices to secure data on campus.

	Silicon Republic
Major Data Breaches Predicted as Firms Cut IT Spending According to a Gartner study, the cost of a sensitive data breach will increase by 20% in 2009, as breaches become more targeted. However, many businesses do not have a data-loss contingency plan in place. As the global economic crisis continues and firms look for ways to cut spending, it is vital that companies do not scrimp on protecting their data assets.

	Wall Street Journal Blog
Pushing Standards Isn’t Easy Healthcare providers are required by law to safeguard the sensitive data they collect about patients, but the laws don’t specify how the data should be secured. Nine large healthcare companies are working to develop a common set of security practices for the industry, the nonprofit Health Information Trust Alliance, to oversee the monumental project. If healthcare providers could rely on outside certification, rather than vet the security practices of all the organizations with which they do business, it could save millions of dollars, says Jon Roberts, senior vice president and chief information officer at CVS Caremark.

	Help Net Security
Trust No One Maybe the headline on this article is a little harsh, but it does highlight that anyone can cause a data breach - whether wittingly or not. As computing becomes pervasive, with data being accessed, worked on, saved and sent from almost any location, it’s not just the notional ‘bad guys’ we need to protect against: it’s ordinary people, too. Perhaps a better phrase when dealing with off-network security and the companies that practice proven methods and technologies, is “Trust, but verify.”

	Science Daily
Identity Theft Risk: Huge Amount of Sensitive Data Still on Redundant Computer Hard Disks Research from the International Journal of Liability and Scientific Enquiry suggests a huge amount of sensitive data remains intact on redundant computer hard disks often disposed or sold into the second-hand market by corporations, organizations and individuals. Businesses should trust their data destruction only to a business like Redemtech that can provide verifiable proof of data erasure.

	Dallas Morning News
Baylor Health Care Says Laptop with Patient Data Stolen A Baylor Health Care System laptop computer containing health information on 100,000 patients reportedly was stolen from an employee's car. The data consisted of names of patients and medical codes relating to the treatment they received, along with Social Security numbers of 7,400 patients.

	United Press International
Information of 40,000 Kids on Stolen Hard Drives Five hard drives with personal information on as many as 40,000 children were stolen from a storage unit belonging to Arizona's Department of Economic Security. Information on the hard drives ranged from names, addresses and Social Security numbers of children in the state’s Early Intervention Program to disability and insurance data.

	Vnunet.com
Quarter of Law Firms Admit to Losing Confidential Data A new survey of UK law firms found that 24% of respondents admitted to misplacing at least one mobile device containing confidential documents, putting case notes, contracts and client details at risk. While a third of respondents said they encrypt their data now, more than 90% said they believe a password alone is sufficient to protect the data. Encryption is a good idea, Redemtech notes, but represents only one method of security that should be combined with others for a total technology solution.

	SC Magazine
Credit Crunch Means Fewer Security Professionals and Growing Risks The rapid growth of off-network security devices and a gap between security risks and an organization’s ability to tackle them are not being helped by the current economic crisis, according to risk management professionals. Laptops and other mobile devices represent considerable vulnerabilities to an organization’s overall security, but precautions such as encryption and serialized chain-of-custody can be wise investments during difficult economic times.

	Cleveland Plain Dealer
Medical Mutual Computer Disks on Ohioans Missing Eleven computer disks containing personal information for more than 36,000 Ohio retirees and employees are missing, medical insurer Medical Mutual of Ohio reported. Medical Mutual said it was notified by four retiree groups - the School Employees Retirement System of Ohio, State Teachers Retirement System of Ohio, Ohio Police and Fire Pension Fund and Ohio State Highway Patrol Retirement System - that disks containing information on medical insurance claims that are routinely mailed between the insurer's Columbus office and the retirement systems did not arrive.

	KMPH
Identities of Fresno City Employees Compromised Fresno, Calif. Police Department investigators say thieves broke into a building and stole more than two dozen computers, 35 monitors and a laptop that contained 5,147 names of city employees. The IT equipment belonged to KRM Management which the city hired to process compensation claims for city workers. Many news stories cover crimes involving data stolen while in the custody of third parties, proving the need for valuable technology solutions to protect vulnerable information.

	Help Net Security
Building C-Level Confidence with a Security Blueprint Data is considered the most important asset of an organization, experts say, and management needs a plan for protecting data throughout its lifecycle. Data should be kept safe from corruption and also suitably controlled. Redemtech recommends that any security blueprint include an assessment of operations, technology and strategy.

	Dark Reading
ANSI Launches Guide to Help Calculate Cyber Security Risk The American National Standards Institute and the Internet Security Alliance have issued a guide designed to help enterprises calculate the risks and costs associated with data security breaches, including IT, compliance and other issues. Redemtech agrees that when an organization can accurately calculate the potential risk associated with a data security breach, businesses can make informed decisions on what security technologies or strategies are best.

	Computer Weekly
Financial Data Leaks Put 16 Million at Risk More than 16.57 million people were placed at risk of identity theft after personal data was lost or stolen from financial services firms, Computer Weekly reported after obtaining documents under the Freedom of Information Act. UK financial services companies reported 56 incidents of lost or stolen data to the Financial Services Authority (FSA) last year. The FSA identified another 14 incidents where it was unable to determine the number of compromised records and experts warned there is no guarantee firms always come clean.

	Dakota Student
Stolen Laptop Causes Concern for UND Alumni Association A laptop that belonged to a software vendor and contained personal information of more than 84,000 University of North Dakota alumni, donors and people who have attended alumni events reportedly was stolen from a vehicle. Data that is stored on devices outside the confines and control of an organization are most vulnerable because many colleges and businesses fail to grasp how to manage the many challenges of off-network security.

	SC Magazine
Consumer Confidence Drops Over Protection of Details Almost 50% of people surveyed by Royal Sun Alliance say companies are not doing enough to protect personal details in their custody, while 90% of respondents felt that their personal information is not completely secure. Analysts said the survey shows that businesses must take measures to secure data and restore public confidence.

	United Press International
New York: Laptop Thefts on Rise in Schools More than 300 laptop computers have been stolen from elementary and high schools in New York City during the past two months, a 30% increase from the same period last year, law enforcement officials said. Education officials reportedly suspect school employees rather than students. Recent studies prove that internal threats are becoming more common and costly to institutions and businesses.

	Washington Post
Report: Data Breaches Expose About 30M Records in '08 U.S. corporations, governments and universities reported a record 516 data breaches in the first nine months of this year, representing a dramatic increase from the 446 incidents recorded during all of 2007, according to new data from the Identity Theft Resource Center. A total of 30 million records have been exposed so far this year. At an average of 57 caches of consumer data reported lost or stolen each month, U.S. organizations are on track to clock at least 680 breaches by the end of 2008.

	Network World
T-Mobile Lost Disk Containing Data on 17 million Customers T-Mobile, the mobile phone subsidiary of Deutsche Telekom, lost a disk containing personal information on about 17 million customers in early 2006, the company recently admitted after a report in German news magazine Der Spiegel said the data was for sale on the Internet. Data on the disk included customer names, birthdates, addresses, phone numbers and other personal information, some of it belonging to German business leaders, politicians and celebrities.

	BBC News
Used Mobile Devices Reveal Data A new survey by the University of Glamorgan in the UK, Edith Cowan University in Australia and UK telecom firm BT involving discarded mobile devices discovered confidential information still existed on many gadgets, including corporate financial data and personal medical details. Proper disposition of any mobile device should include guaranteed erasure of data by third parties with the technology and ethics to verify that erased information stays erased.

	TechNewsWorld
Identity Fraud, Part 1: A $45 Billion Snowball Much of the identity fraud common today involves health insurance information and identity documents, data security industry experts say. Beyond financial repercussions, medical fraud can result in incorrect health information appearing on an individual's medical record, which could lead to a potentially deadly mistake for a patient and costly for a healthcare provider.

	Canadian Press
Stolen Laptop Can Either Make Thieves Quick Buck or Aid in Identity Theft A stolen laptop computer can be worth a little quick cash to thieves or potentially cause serious financial damage to thousands of people if the information it contains isn't securely protected. The impact of a theft can often rest on the amount of effort put into laptop security, experts say. Redemtech concurs with security experts who say the issue is not the laptop, but the data that's on the laptop.

	IT Wire
Which Companies Will You Trust With Your Data? Less Than Half It Seems Results from a new Logica study paint an alarming picture of organizational attitudes toward data security. The study revealed that 60% of companies which had experienced a data breach did not tell their clients, and half failed to tell the police or other authorities. Avoiding the truth always is costly to businesses, especially when a data breach already threatens a company’s reputation, stock performance and financial standings. Why make it worse by destroying customer trust?

	Vnunet.com
Firms Ignoring Risk of Security Breaches A new survey from business services firm Logica found a remarkable lack of awareness about how to manage data and respond to the risks of security weaknesses in enterprise systems. Study results indicated that few firms educate staff on how to handle important data or how to cope with data breaches. Redemtech agrees with Logica’s conclusion: data breaches put customers at risk and can lead to large financial losses for companies charged with protecting data.

	Toronto Globe & Mail
National Bank Customer Data Stolen A thief broke into the National Bank of Canada's Montreal headquarters and stole a laptop computer containing information about most of the bank's mortgage customers. The computer contained client names, addresses, bank reference information and checking account numbers. The incident shows that even when kept under lock and key, unencrypted portable devices are vulnerable to physical theft, allowing criminals access to privileged information impacting many people.

	Washington Post
ATF Lost Guns, Computers The U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives lost 418 laptop computers that contained unencrypted sensitive or classified material during a five year period, according to a scathing report issued this week by the U.S. Justice Department. One missing laptop held as many as 500 names, Social Security numbers and bank records of targets of criminal investigations, while another unit held employee evaluations and other personal information. It seems that between the infamous Veterans Administration security fiasco of 2006 to this latest incident, organizations that are supposed to represent the best of the nation’s protective entities instead become poster children for serious data security breaches.

	Computerworld
Cybercrime toll mounts for businesses A large majority of IT professionals surveyed by security firm Finjan say they are more concerned about data theft than downtime or loss of productivity from malware. In addition, 25% of respondents admit to having data breaches occur in their organizations. These findings jive with results of recent Redemtech research, which concluded that data theft not only concerns IT experts, but CEOs and other executive leaders who fear financial reprisals following a security breach.

	Government Computer News
Data Security Can Falter at the Top The failure of former U.S. Attorney General Alberto Gonzales to properly secure highly classified documents, revealed in a recent report from the U.S. Justice Department’s inspector general, illustrates a common problem in information security. Redemtech agrees that despite the best policies and technology, the end user often is the weak link in any security system, and users higher up on the organizational chart often are the weakest links.

	PC World
Is Patient Data Getting Loose on Thumb Drives? As more doctors are handling unencrypted patient data on USB memory sticks, guidelines for protecting sensitive information must be followed, according to a new study. Despite the convenience and flexibility of portable data-bearing devices, including laptop computers that grow smaller and thinner with every new generation of products, managing data security must include best practices that control custody of these handy devices.

	Dark Reading
Forrester: Roles, Methods of Security Are Changing in Business A slew of recent news media stories depicting data security breaches have helped to illustrate the validity of the crisis to corporate CEOs and CIOs, according to Khalid Kark, principal analyst for security at Forrester Research, but security managers also are doing a better job of making their case within the organization. Redemtech praises the trend and the consequential results of protecting all data on and off the network, agreeing that data security goals haven’t changed, but the methods of success are shifting toward technological solutions.

	Network World
Data Security Now 10% of IT Operating Budgets, Forrester Says A new Forrester Research survey of 1,255 security decision-makers at North American companies revealed that 10% of IT operating budgets is devoted to security in 2008, marking an increase from last year. With 21% of survey respondents expecting to increase IT security spending in 2009, Redemtech condones wise planning of data security resources, including a move to introduce best practices into IT operations that actually lower a business enterprise’s total cost of IT ownership, as recommended by Redemtech’s advisory practice.

	Dark Reading
Poll: Data Security Top Concern for IT Pros Every data security breach has the potential to materially impact a business through lost revenue, higher costs, negative publicity, loss of customer confidence and lower employee productivity, according to a poll from the Computing Technology Industry Association.

	Columbus Dispatch
Schools' Laptop, Laden with Student Listings, Taken From Tech's Car A laptop computer containing names, Social Security numbers, addresses and phone numbers for 4,259 students in the Reynoldsburg, Ohio, school district reportedly was stolen from a computer technician's car. Laptops and other mobile devices are big threats to off-network security, especially when precautions such as encryption and serialized chain-of-custody are ignored.

	Help Net Security
Most Organizations Fail to Stop Interior Network Threats A survey by Opine Consulting revealed that more than half of IT professionals say they are concerned about job loss in the case of a security breach on their network. Breaches very often lead to serious consequences not only for employees, but the businesses they were hired to protect.

	Computer Weekly
Personal Details of More Than 1 Million Bank Customers Exposed The personal bank details of more than 1 million people were found on a used computer sold on eBay. Data included bank account information, phone numbers, birth dates and signatures of customers of the Royal Bank of Scotland and NatWest bank, as well as American Express. Redemtech points out that when a business enterprise lacks formal IT asset disposal policies, chances are good that old hardware is out there containing financial reports, customer lists, personal employee data and other company secrets. Media reports of hackers and laptop thieves abound, but the truth remains that data theft from discarded equipment remains a greater threat to many businesses.

	Washington Post
Data Breaches Have Surpassed Level for All of '07, Report Finds More data breaches have already been reported in the U.S. for 2008 than were logged in 2007, according to a new report from the Identity Theft Resource Center, which stated that 449 U.S. businesses, government agencies and universities have reported a loss or theft of unauthorized data so far this year. Obviously, protecting off-network data that is stored on mobile devices such as laptop computers outside the control of a business enterprise continues to be a serious problem as few companies grasp how to manage the many challenges off-network data present to maintaining a strong data security program such as that provided by Redemtech.

	Dallas Morning News
Failure to Guard Customers' Data is Costly for Businesses A data breach is costly to any business in terms of bad public relations, regulatory liability and other financial losses. A Visa security analysis found that small businesses accounted for more than 80% of the data security breaches last year, while Javelin Strategy & Research estimates that the average data breach costs a business $200 per record. A reasonable investment in data security technology designed to prevent loss can save countless dollars that otherwise might be lost in a breach.

	Amateur Economists
Retailers Don’t Report Data Theft to Customers Public embarrassment and loss of goodwill are among the reasons why some companies are reluctant to disclose a data security breach to customers, industry observers say, while other companies fear that such a disclosure can result in falling stock prices. Redemtech warns that businesses that underestimate the importance of securing their data can discover many other serious repercussions to a breach, ranging from the potential expense brought by civil action from victimized customers to serious fines from regulatory bodies.

	Hospital Healthcare
Laptop Theft Highlights Data Issue Following several high-profile off-network data breaches among health care providers, data protection experts are calling on hospitals to use more effective encryption techniques. Incidents involving missing laptops that contain personal data of thousands of patients underline a need for best practices backed by technology, which Redemtech can provide to customers through comprehensive data security solutions.

	Las Vegas Sun
What Was on His Stolen Laptop Gave DA Cause for Nightmares Las Vegas District Attorney David Roger discovered his personal laptop computer had been stolen following a recent flight to California. What is unusual about this case from the many thousands of mobile devices stolen at airports every week is that this particular laptop contained copies of evidence related to a high-profile armed robbery case. The laptop was recovered, but the incident illustrates that the loss of unencrypted data kept on any personal or, more commonly, corporate device, can have far-reaching complications.

	Dark Reading
What to Do After a Breach There are no U.S. government mandates that businesses must establish a breach response plan following a data breach, according to former U.S. Federal Trade Commission official Don Blumenthal. Now an adjunct professor at the University of Michigan, Blumenthal said some organizations take the initiative to set up post-breach plans given the epidemic of high-profile breaches today. According to Redemtech, setting up plans, practices and processes to address data breach issues is imperative to all businesses, but having a plan before ¬- not after data is compromised - is best.

	Federal Computer Week
Missing Laptop Found, But Security Questions Remain A laptop computer containing the unencrypted personal enrollment data of 33,000 people that was reported lost by a vendor involved in the Transportation Security Administration’s Registered Traveler program was later found. Lost or stolen mobile devices are rarely recovered and, as in this case, cause considerable trouble for many people when they disappear. Some observers said the TSA incident highlights evident data security vulnerabilities, despite a two-year effort by the U.S. government to improve mobile device security. Redemtech agrees with Paul Kurtz, chief operating officer of Good Harbor Consulting, who was quoted in the article as saying: “Sensitive personal information will continue to be at risk until the government requires regular third-party audits of all government and contractor information systems — mobile and fixed — that contain such information.”

	PC World
Massive Identity Theft Exposes Troubling Trend The most troubling thing about what's being called the worst case of identity theft in American history is not the fact that tens of millions of credit card numbers were stolen from major corporations, but the fact that it took another huge data security scandal to make businesses realize that they need to protect client information. Redemtech warns that businesses need to be a step ahead of the criminals and apply best practices that can arrest development of widespread criminal plans.

	East Bay Business Times
Anheuser-Busch Laptop Theft Affects 140,000 People It has been revealed that more than 140,000 people in six states were impacted by the recent theft of laptop computers containing employee personal information from Anheuser-Busch. Although this incident previously was reported in this publication, the number of brewery company employees affected has grown significantly, indicative of one of Redemtech’s primary warnings about off-network data security: losing even one device can touch the lives of hundreds of thousands, when proper policies and procedures could prevent the loss and mitigate liabilities.

	Information Week
Most Security Breaches Go Unreported A survey from a recent RSA Conference found that more than 89% of security incidents went unreported in 2007, while 29% of those surveyed said their organizations experienced customer or employee data leakage and 28% reported insider threats or theft. Not reporting a data security breach can be as catastrophic as the loss itself, Redemtech warns, as embarrassing data breach scandals usually come to public light. Appropriate policies can enable organizations to head off data security disasters and reduce the damage done. With appropriate, auditable processes, companies can be absolved of breach notification penalties if they are following established notification guidelines.

	Earthtimes
ID Analytics Study Reveals Employees' Criminal Misuse of Stolen Identities A new ID Analytics internal data theft study has found that intentional data theft and unintentional data loss by authorized employees continue to be the most common sources of data breaches. The study confirms Redemtech’s policy of implementing best practices and solutions that keep a business safe inside and out.

	InfoWorld
How Secure Is Secure Enough? In answer to the common security manager question, “How secure is secure enough?” especially relevant as a faltering economy puts the squeeze on IT budgets, there are several steps to help determine whether a company is sufficiently secure. They include: getting a handle on asset value; implementing a control framework; monitoring all controls; and measuring everything. Redemtech strives not only to answer the how-secure-enough question, but aims to make the question moot with proper protections.

	eWeek
How to Keep Corporate Secrets a Secret Corporate data breaches create catastrophic risk to corporations when trade secrets, customer lists, pricing data and other critical information are exposed. Efforts at data leak prevention focus on making systems and networks secure and include: identifying the data that needs protecting; addressing issues and implementing processes and technologies for data at rest, data in motion and data in use; and securing the message as well as the medium.

	Insurance Networking
Data Security and Global Health Initiatives Top Trends List The Center for Health Value Innovation is studying emerging trends relevant to health improvement and recognized that a data security threat is pervasive in current health information systems. The organization said it sees a need for improved technology and security as e-health initiatives grow and the link to financial institutions becomes more evident in health management. Health care is one of the industries where Redemtech is making great strides in protecting customers’ data through innovative solutions and proven best practices.

	Network World
No Excuses - Encrypt All Laptops Companies that do not encrypt laptops, experts say, are not applying due diligence. Encryption provides cost-effective data leak protection and should be used as one of several approaches to off-network data security.

	PC World
Network Managers Fear Security Threats From Within A new Strategic Counsel survey has found that a majority of CIOs and other senior IT security executives consider security threats from within an organization a bigger threat to business than external attacks. A Redemtech survey came to similar conclusions, suggesting that businesses should establish policies and technologies to defend data internally.

	Smart Money
Bristol-Myers: Tape With Workers' Personal Data Was Stolen A backup computer data tape containing employee personal information was reported stolen by Bristol-Myers Squibb Co. while being transported from a storage facility. Many off-network breaches occur while data is in transit.

	Chicago Tribune
ISU Reports Laptop with Students' Info Stolen A laptop computer containing personal information on 2,500 current and former Indiana State University students reportedly was stolen, prompting the university to notify all students who took economics classes from 1997 through this year. Academic institutions are among the most frequent organizational victims of off-network data theft. Like other businesses, colleges and universities should allocate sufficient resources to prevent breaches and train personnel on the dangers of lapses in off-network data security.

	CNET
IT Managers Worried about Data Leaks, Survey Shows IT managers are almost as worried about what sensitive corporate data is leaking out of the company environment as they are about Internet malware infections, a new survey from Osterman Research shows. Nearly 40% of IT staff surveyed at midsize-to-large companies in North America said they believed that unintentional leaks by employees are a bigger threat to data security than spyware or malicious software. These findings support Redemtech’s Survey of Off-Network Security conducted with the Ponemon Institute, which stated that businesses must prevent and limit damage to their operations by deploying policies, processes and technologies to detect and block leaks and attacks — both internally and externally.

	Computer Weekly
UK Companies Fall Behind on Data Leakage Policies Redemtech notes that strong data security policies are a necessity for modern business enterprises, but serve little purpose if employees are unaware of what policies are in place or face no consequences for ignoring best practices. A total of 54% of U.S. companies possess policies to prevent data leakage, according to a new Trend Micro study. The statistics are higher in Germany (57%) and lower in the UK (48%). U.S. companies are doing a better job of training employees to know what type of information is confidential (69%), compared to Germany (66%) and the UK (57%), the survey indicated.

	Security Park
Many businesses underestimate the importance of securing mobile devices With hundreds of laptops lost or stolen every day, business organizations need to re-assess how they approach and manage the security of mobile workers and can no longer rely on out-of-date and unrealistic policies, experts say. Many businesses underestimate the importance of securing mobile devices, oblivious to the potential security risks the devices represent. Detrimental effects ranging from the increased cost to recover lost data to the potential expense brought by civil action from customers whose data is lost, add up to one equation: No company can afford to overlook data security as a top priority.

	Washington Post
Justice Breyer is Among Victims in Data Breach Caused by File Sharing The names, birth dates and Social Security numbers of about 2,000 clients of Washington, D.C. investment firm Wagner Resource Group, including high-powered lawyers and U.S. Supreme Court Justice Stephen Breyer, were exposed in a breach involving an online file-sharing network. The breach reportedly was not discovered for nearly six months. No doubt the employee who initiated the breach did not intend to create a data breach crisis, but the well-publicized incident represents another example of how many breaches result from a basic failure of insiders to follow established policy, one of several warnings that Redemtech uses to highlight the need to keep in-house data secure.

	Blocksandfiles.com
Companies see information risk as an afterthought when outsourcing IT says ISF Despite numerous well-publicized cases of data loss or theft, many companies continue to ignore the potential problems presented by outsourcing projects, according to the Information Security Forum. The ISF’s research shows that information risk management often is integrated as an afterthought, and information security professionals become involved too late in the process. The correct method of outsourcing can be found by securing the services of a data security provider like Redemtech that guarantees imperative elements such as detailed audit trails of IT assets, secure disposition of end-of-lifecycle computer equipment and documentation demonstrating that data destruction has been performed for each asset.

	The Chronicle of Higher Education
Increase in Stolen Laptops Endangers Data Security Gartner research director Marti Harris states that the best approach to protect data on laptop computers and other mobile devices is to attack the problem on multiple fronts, a policy that Redemtech finds to be sound thinking. As more academic institutions, along with large and small businesses, cope with the alarming number of laptop losses and thefts, more institutions are trying to better control the laptops used commonly by employees. Redemtech security procedures complement and integrate with customer security procedures using expert assessments and on-site audits that identify gaps in security procedures and policies. Ultimately, whether you’re dealing with a single laptop or a thousand, what counts is strict inventory control and accountability.

	Washington Post
Data Breach Reports Up 69% in 2008 Lost or stolen laptops and other digital storage media remain the most frequently cited cause of data breaches, accounting for 20.2% of all reported cases, according to new findings released by the non-profit Identity Theft Resource Center. The ITRC report tracked a total of 342 incidents during the first six months of 2008, more than 69% more than during the same time in 2007. Electronic data breaches accounted for 80.7% of breach events, with incidents resulting from insiders reaching 15.8%. ITRC also reported that 13.5% of all data breaches came from subcontractors or third parties who lost or stole customer data. These figures verify what Redemtech preaches steadily from week to week in the pages of this newsletter and confirms that the need has never been greater for businesses to act in order to head off the next high-profile data loss incident.

	Silicon.com
CIOs Not Taking Security Breaches Seriously According to a new survey by business consultancy Ernst & Young, 65% of CIOs and internal auditors do not consider IT fraud and data privacy a serious threat despite the growing number of high-profile data breaches. Corporate data breaches and data privacy regulation were ranked ninth of top 10 concerns by CIOs and sixth by internal audit executives, the survey found. Data breach incidents cost companies $197 per compromised customer record and lost business opportunities are estimated at $128 per compromised customer record, according to the Ponemon Institute. The role of data security should top the list of corporate objectives and should be strategically aligned with other tactical investments, Redemtech says.

	Network World
The staff, the thief, the device and its data Security experts are dubbing data leakage the big technology issue of 2008 as the number of off-network data security breaches via less secure mobile devices becomes a common occurrence. With the increasing use of laptop computers and mobile devices, important company data is removed from companies every day, experts say. Redemtech adopts tighter controls to account for the many data-bearing mobile devices that are spread across the organization and leave company premises regularly.

	Computerworld
CNET employees notified after data breach Burglars reportedly stole computer systems from the offices of a company that administers Internet publisher CNET’s benefit plans, impacting as many as 6,500 employees and their families. CNET was one of several clients affected by the burglary at Colt Express Outsourcing Services Inc., media sources said. Having the right security policy and technology in place can help a business survive when a third-party loses sensitive data, Redemtech notes.

	Tech Herald
Medical data the next big thing in stolen information The theft of confidential U.S. patient medical information is growing into a global problem, as revealed by security vendor Finjan’s discovery of 500MB of ill-gotten medical data on servers located in Argentina and Malaysia. Like the more commonly stolen credit or debit card information, health care-related data, as well as personal and financial information about patients, is being sold to the highest bidder online. Companies go to great lengths to protect “mainstream” data, but breaches occur just the same and enterprises need to protect all sensitive data – on and off network – everywhere they do business and store data.

	Windows IT Pro
How Secure Are You? Operating in a secure environment means more than just locking down data. Locking down equipment is equally important, according to security experts speaking at a conference who cited recent academic computer thefts at Stanford University, East Tennessee State University, and the University of South Carolina as prime example of preventable incidents. Redemtech points to more widespread threats, especially in financial and health care industries, where more stringent physical security measures are vital. Know what kind of data-bearing devices enter and exit your business or organization every day and allocate the right resources to prevent a data security breach and you will head off a serious lapse in off-network data security, Redemtech warns.

	Information Week
Data Breaches Made Possible By Incompetence, Carelessness A new data breach survey found that 87% of businesses said a combination of incompetence and carelessness represents the greatest threat to business information and most breaches could be prevented with reasonable security precautions. The study concludes that aligning data security policy with actual business processes achieves optimum security, echoing the results of Redemtech’s larger and more extensive 2007 Survey of Off-Network Security conducted with the Ponemon Institute, which stated that the only way to avoid an off-network security breach is to establish protective measures that will head off a breach before it occurs.

	Computer Weekly
Unencrypted AT&T Laptop Stolen, Details of Managers' Pay Lost AT&T has admitted that it failed to encrypt a stolen laptop computer that contained details of managers' salaries, Social Security numbers and other staff details, emphasizing that even the mightiest of corporations can be slow in encrypting data and initiating policies to protect important employee or customer information. Redemtech contends that organizations that fail to protect their data effectively are proving easy targets for data theft and often must grapple with considerable damage to their reputations and financial results.

	Computer World
Rising Popularity of Mac Platform in Enterprises Adds to IT's To-Do List With the slow but steadily rising acceptance of the Mac platform in many enterprises, vendors are beginning to offer encryption support to defend against intrusions. But "the growth highlights the need for IT departments to have more formal controls in place," the magazine writes. From our standpoint, we think it's just one additional complication for already overburdened internal IT departments to add to their plates, and offers yet another possible reason to consider outsourcing the entire process.

	Computer World
Stanford Hit With Stolen Laptop Perhaps the world's most prominent tech-friendly institution of higher learning, Stanford University, got an embarrassing reminder recently that it's not immune to faulty IT security policies. An unencrypted laptop containing personal data on 72,000 students, faculty members and staff was stolen. "As has become typical with such announcements, a university official sought to downplay concerns by expressing doubt that the laptop had been stolen for its data." The publication went on to say that it's not clear that the user was authorized to download the data in the first place.

	echannelline.com
Vendors Beginning to Push Centralized Laptop Encryption A leading IT security vendor, responding to market concerns about the mounting regulatory burdens on protecting private data, begins offering products to centralize the encryption of laptops. While we think this approach has some merit, we also know from long experience that no single product, however good, is the answer to this challenge. A judicious mix of best practices for policies, processes and technologies is generally the way to go.

	ZD Net
Bank Loses Millions of Unencrypted Customer Records The Bank of New York Mellon lost 4.5 million private customer records when two backup tapes were lost by a third-party vendor transporting the tapes to an offsite storage location. But the bank then compounded the problem by keeping quiet about the security breach, which occurred in February but was not reported until May. Like far too many other recent examples of bad decision-making, this case points up the need for enterprises to not only have solid processes in place to prevent data leakage in the first place, but also best practices in the event they do occur.

	SC Magazine
Chinese May Have Gained Access to U.S. Commerce Secretary's Laptop Hollywood screenwriters have long imagined high-level electronic espionage between international rivals. But now reality may have finally caught up with their imaginations. U.S. government experts have come to believe that Chinese officials probably gained access to unsecured information in the American Commerce Secretary's laptop when he left it unattended while on a visit to China late last year. It would appear that the cabinet member wasn't following the federal government's own guidelines on encryption. Unfortunately, this is an old tale for us: data leaking out of off-network devices, despite the existence of rules designed to prevent it. Rules are fine, but they have to be adopted enterprise-wide and enforced.

	Information Week
Shoring Up Offshore Data Security With the rising popularity of global offshore IT outsourcing, more companies are trusting even the most mission-critical data to foreign vendors. The magazine offers some valuable suggestions on how to appraise vendors. We thought one detail had particular resonance: with "the different legal standards companies may face, the problems caused by data loss abroad could be amplified."

	Information Week
Smart Phone Access is Okay, As Long as Removable Storage is Blocked Senior IT management is increasingly being forced to wrestle with the security implications of the rising use of smart phones and their effect on enterprise security. The magazine argues that these powerful portable devices are not necessarily incompatible with maintaining data security, as long as proper device encryption processes are followed and downloading data to removable devices is blocked. "Mass storage in the form of CF, SD or micro SD cards is cheap and easy to remove from an unattended smartphone. Security tools can prevent even authorized users from downloading files or other data to removable storage. You can also choose to enforce encryption on removable storage if it is necessary that employees be able to transfer files back and forth. This way, only approved corporate devices can decrypt the information and access the files."

	Dark Reading
Data Leaks By Insiders Are the Worst Accidental leaks of sensitive data or outright intentional theft by insiders are worse than anything external hackers can dish out, according to a recent survey of IT directors. More than 80% of the IT leaders identified inside threats (defined as either accidental or malicious) as their top concern. And this was no group of theoretical observers: Just over one-third of those surveyed had experienced some form of data leakage in the last year.

	Searchsecurity.com
A Primer on Managing Security Breaches With an eye toward the increasing number of data security breaches, the magazine offers some good tips on how to respond in the event of a breach. We thought this point was an especially important one to keep in mind: "Breach investigations should go beyond Band-Aid remedies and look for the real cause of the failure in controls. Typically after the breach, management is more willing to spend money to get things right, and therefore the investigation should identify the root causes and recommend a phased approach to address those root causes." Getting to the “root cause” was the basis for our off-network security research and recommendations.

	SC Magazine
Missing Backup Tape Causes Huge Data Breach By now, we've all seen dozens or perhaps even hundreds of news accounts about information breaches caused by lost or stolen laptops and thumb drives. But here's a new twist: an unencrypted backup tape is lost by a vendor enroute to an offsite storage location, and sensitive information on 4.5 million bank customers is compromised. We'll add that to the long list of ways in which crucial customer information can be compromised by faulty off-network processes.

	New York Law Journal
If You Operate in Europe, Pay Attention to EU's Tough Privacy Rules Anyone who's ever done business in Europe knows that the European Union takes an extremely aggressive approach to protecting private data, and has done so since 1995. While the Sarbanes-Oxley law put U.S. regulation on a tougher footing, there are still fundamental differences between the European and American regulatory regimes, about which companies must be highly cognizant. To us, this simply highlights one of our oft-expressed principles: operate your entire enterprise under the strictest set of rules that you'll face anywhere in your entire service area.

	Network World
The Hidden Risk of Data Loss Prevention Tools With the ever-rising incidence of data leakage, increasingly sophisticated data loss prevention tools are being pressed into service. But the magazine cautions early adopters that they can cause some unexpected issues. With added insight into how violations occur, "you move from ignorance to compliance jeopardy," warns one expert. For our part, we think the latest and greatest preventive tools and are only part of the answer. A comprehensive solution involves a holistic blending of best practices for people, processes and technology.

	Internetnews.com
Inadvertent Data Losses Tied to Employee Ignorance Losing sensitive data to cunning hackers might sound sexier, but most data that leaks from enterprises does so simply because employees are grossly uninformed about their own company's internal policies. A recent survey of large companies found that as many as half didn't have adequate employee training programs in place to propagate policies. The company may well have had an extensive data policy in place, but too few employees knew about it. We encounter this phenomenon all the time, which is why a key part of our outsourcing process involves getting client team members more involved.

	IT Week
IT Fights 'Losing Battle" Against Mobile Devices A recent survey of attempts to control the use of mobile devices in enterprises suggests that companies should stop fighting a rear guard action and instead look for ways to better manage their use. One analyst concludes: "Enterprises are fighting a losing battle against employees when it comes to mobile devices... they should consider supporting a limited selection of devices rather than banning them outright." We agree that it's probably a waste of time to try to prevent the use of mobile devices, but at the same time think their mounting use increases the importance of well-defined and well-enforced protocols for better protecting sensitive data.

	Internet News
Survey Says Data Loss from Mobile Devices is Rampant A recent survey of large enterprises found that 27% had investigated the exposure of confidential information lost or stolen from a mobile device in the past year. By far the largest source of the leakage was the usual suspect—lost or stolen laptops. While malicious intent is behind some of the leakage, the vast majority of it arises from simple lack of training, according to the survey.

	CIO Magazine
With Increased Mobility Comes Added Security Concerns More than half of corporate IT officials surveyed recently said that security concerns arising from mobile devices and employees working remotely were up significantly over the previous year. The study notes that security comprised 12% of IT budgets in 2007, up sharply from 7% as recently as 2005. These concerns are consistent with findings from the Redemtech-sponsored study National Survey: The Insecurity of Off-Network Security.

	Network World
Federal Laptops Being Encrypted at Furious Pace The U.S. Defense Department and the General Services Administration have been overseeing an aggressive drive in the last year to encrypt all laptops used by federal government employees. Thus far, about 800,000 of the government's two million laptops have been outfitted with the protection. With the government's tremendous purchasing power, it's been able to obtain these licenses for only about $10-12 per laptop, for software normally retailing at $125 or more. Redemtech is a proponent of full encryption, but only as an element of a comprehensive approach to off-network security.

	CSO Security and Risk
Thumb Drives are a Danger, But Where Are the Defenses? A vice president for Novell thinks cheap, high-capacity storage devices such as thumb drives represent potential data breach time bombs. And yet, the article notes, "even with fears at an all-time high, very few companies have put direct controls and policies in place to prevent these attacks on the endpoint." We think every enterprise needs to institute such controls and policies, and quickly.

	CSO Security and Risk
Portable Storage Devices Remain Serious Threats While seemingly innocuous, cheap and portable storage devices represent a real security threat to most enterprises. " In minutes, a rogue user can load proprietary files on to a thumb drive unnoticed and potentially expose a business to a massive data breach," the magazine notes, adding that it's one of the top causes of security breaches, and yet has garnered too little attention. We think this threat is beginning to get the attention it deserves.

	New York Law Journal
Data Breaches Lead to Legal Exposure Breaches of sensitive data are often treated as either public relations fiascos or problems with statutory non-compliance, but the publication points out that they're also causing considerable exposure to lawsuits. "In an increasing trend, corporations are also being pummeled with civil litigation related to data breaches." Thorough forensic investigations of all data breaches are one essential element in cleaning up the mess, the law journal concludes.

	CSO Security and Risk
Turning Employees Into Data Security Assets With the incidence of compromised corporate data up 400% from 2006 to 2007, by one count, it makes sense to enlist the services of every employee in the crucial task of safeguarding a company's data and foiling leakage. It all begins with making data protection a key part of the company culture.

	Bloginfosec.com
SEC Proposing Sweeping Data Security Rules The author takes a microscope to a set of proposed changes in Securities and Exchange Commission regulations governing data security. He suggests that the proposed rules “may represent the most systematic effort of a federal agency to provide guidance to Infosecurity professionals concerning privacy controls,” as they essentially combine “virtually all” federal and state rules in a comprehensive set of regulations. The rules, if adopted, would also include a new and broadly expanded concept of privacy. In short, you’d be well advised to study these proposals, as they may well become the law of the land before long.

	Congressional Quarterly
Hundreds of Laptops Missing from U.S. State Department After noting literally hundreds of news accounts in recent years about missing and stolen laptops bearing sensitive data, few of these stories still have the power to draw our attention. But this one, we thought, was particularly egregious. An internal audit at the State Department found as many as 400 laptops missing or otherwise unaccounted for. The real outrage? They belonged to the department's Anti-Terrorism Assistance Program. To us, it's a harsh but important reminder that even in some of the most sensitive IT environments, security officials are sometimes caught napping when it comes to off-network security.

	IT Week
Data Breaches Dominating Security Discussion The subject of data breaches dominated the discussion at two recent IT industry gatherings, suggesting that it's becoming perhaps the biggest concern in IT enterprise security. One statistic, however, stuck out from a recent PricewaterhouseCoopers survey of data breaches in the U.K. More than one-quarter of companies, including about 10% of large enterprises, are still not documenting their compliance with the prevailing data protection act, 20 years after its passage. We're not entirely surprised, having seen first-hand how slow some organizations—and we emphasize some—are to fulfill their regulatory obligations.

	IT Compliance Institute
Checklist for Steps To Take In Wake of Data Breach This global organization offers a handy checklist full of practical steps it advises organizations to take after suffering what it calls “inevitable” data breaches. We can’t argue with any of this advice after a breach has occurred. At the same time, we think every organization should look more closely at their policies—particularly for data-bearing assets off network—with the intent of preventing them in the first place. With the right systems and processes in place, properly enforced, we’re not so sure there’s any such thing as an inevitable data breach.

	ZD Net
Have British Data Breaches Hurt Public Trust? The British Computer Society thinks a rash of recent data breaches throughout the British government has caused the public to lose trust in its government. It surveyed citizens, and found that as a result of several high-profile data breaches, fully two-thirds had less trust in the government's ability to protect sensitive data. In our work, we also find that such breaches do severely damage the trust others place in the offending parties.

	IT Pro
Time to Update Data Policies to Reflect Mobile Devices With the booming use of mobile devices, it's time for enterprises to stop dealing with these off-network devices on an ad hoc basis, and instead build them into a comprehensive IT policy. "Instead of dealing with setup, support and security on a device by device and user by user basis, you need a mobile data policy that tells everyone what they can connect with, what they can access, how much they can spend, where they can get help - and what they do if they lose a device," the magazine writes. The good news: you don't have to start from scratch. Simply build on your existing IT policies.

	Network World
The Seven Dirty Secrets of Security Industry We thought this article was right on target. But we particularly liked this item: “There is no perimeter. Vendors say that the network perimeter must be defended, but most data that is actually lost doesn’t go through the firewall. Half of all breaches are the result of either lost laptops or lost thumb drives or other removable media.” Our research found nearly 75% of all data breaches are the result of off-network security lapses.

	Tech Republic
To USB or Not USB Besides having one of the more entertaining headlines we’ve come across in some time, we thought this article hit on a couple of key points about the rising security threats from cheap, high-capacity storage devices. He notes that while thumb drives are often seen as the leading threat, iPods and digital cameras are also an issue. Secondly, he rightly notes that while it’s not hard from a technical standpoint to disable USBs across an enterprise; the trickier challenge is handling complaints about that policy. “The problem so much isn’t blocking flash drives from a technical standpoint as it is convincing users about the need to do so. Many users have a sense of entitlement, and even in organizations where security is important, they may balk at the idea of not being allowed to use flash drives.”

	Dark Reading
Web 2.0 Represents Growing Threat to Security Efforts The pervasiveness of booming Web 2.0 technology is changing the very nature of security in most large organizations, the magazine says. Along with the growing use of mobile devices, Web 2.0 is "bringing a whole new rash of vulnerabilities," as one industry expert put it. We'd agree. We also think it's a persuasive argument for outsourcing some of those processes to organizations steeped in best practices.

	Computer World
Travel Group Issues Warning On Digital Device Search at Borders Amid all the recent attention about data seepage from stolen and missing laptops, here’s a new twist: a group representing corporate travelers warns that executives should limit the amount of sensitive data they carry on various devices when crossing borders. The warning from the Association of Corporate Travel Executives follows a recent ruling by a federal appeals court, upholding the U.S. Customs and Border Protection’s right to search electronic devices without showing probable cause. We think this is yet one more reminder that when it comes to protecting sensitive off-network data, we’re living in a very different world than we were just a few years ago.

	Internetnews.com
Does the White House Have Blackberry Security Woes? Does your company have data security challenges as a result of executives using their mobile devices a little too loosely? Don’t feel too bad. After all, it would appear that even the White House may have similar problems. The magazine notes that at a meeting in New Orleans with members of a Mexican delegation, a White House official left his Blackberry around, where it was picked up by an aide to Mexico’s president. The device was eventually recovered by the Secret Service. At the very least, the magazine concludes, “the incident provides both a reminder and a lesson learned on why mobile device security is increasingly critical.”

	E-Week
Peer-to-Peer Becoming a Growing Source of Data Leaks Peer-to-peer file transfers are becoming an increasingly serious source of data breaches in many enterprises, but it remains an under-appreciated threat, the magazine says. A recent survey by the Ponemon Institute found that while 63% of respondents said their organizations banned the practice, only 5% enforced the policy. We've collaborated with Ponemon ourselves, and highly value their research. This study will no doubt help put P2P security issues much higher on some organizations' priority list, which is where we think it belongs.

	Computing Magazine
IT Needs to Be More About Prevention The growing multiplicity of threats to enterprise data security is forcing IT staffs to move from a reactive to a preventive model, this writer suggests. "I have often characterized IT as a fire extinguisher industry, an analogy that makes sense if all people are doing is fighting fires. Challenges, such as the security issues listed above, will require us to move towards a prevention-based approach rather than a series of poorly-funded coping strategies." We heartily agree, and think that outsourcing the function represents a modest but high-return investment for most organizations.

	Computing
Do You Know Where Your Data Is? While Great Britain's Data Protection Act established legal penalties for those who pay insufficient attention to preventing data leakage, the magazine says that too few enterprises consider the damage to their brands and to their reputations from the publicity over data breaches. We think that's a great point, and just one more reason to consider establishing enterprise-wide best practices, the kind that business process outsourcers such as Redemtech are particularly good at.

	Computing
Internal Security Threats Will Continue to Be Biggest This article nicely notes that while “there will always be people who spend most of their waking hours decoding encryption algorithms and looking for back doors into telephone networks,” for the foreseeable future, at least, internal threats—either through malice or stupidity—will continue to be the leading concern for data security officials.

	Information Week
Are IT Security Budgets Recession Proof? Two recent industry surveys suggest that the coming economic recession won’t have much of an impact upon corporate budgets devoted to IT security. Still, there’s no doubt that money will be tight, perhaps for several years. Which means the onus will be on making more intelligent investment decisions about enterprise security. That means, among other things, shifting a greater percentage of the existing budget to areas of greatest risk, like off-network.

	Tech Republic
Analyzing Group Behavior of IT Departments Is Key What’s the collective corporate culture of your IT department? Do its members communicate well with each other? Do they communicate well with those in other departments of the company? “IT executives must look deeper into their organizations to identify, understand, and address the true source of their successes and failures: the collective behavior of their people,” the author argues. We think this is an important reminder that establishing best practices across an enterprise means not only installing processes, but also better understanding how people relate to each other. We discovered just this type of communication disconnect in preparing an off-network security study. We learned that 86% of those surveyed have a policy for safeguarding data-bearing assets off-network, but only 8% communicate the policy to employees and vendors. Given that, is it any wonder that three in four data breaches are off-network?

	Silicon.com
Data More Secure With Added Investments in Protection Data security across enterprises has improved in recent years, in large part because of greater investments in that sector, according to a new survey conducted in Europe. The survey found that companies are now spending about 7% of their IT budgets on data security, up from just 2% as recently as 2002. Overall, the total spending on IT security has nearly tripled in the last six years. Naturally, we think it’s not as much about how much you invest in data security, but how wisely you invest it.

	eWeek
Sending Laptops Off for Repair An editor muses aloud about how he sent his laptop off for a repair without first wiping the hard drive of all its data.” In an enterprise things are different; my understanding is that it's common to have a standard policy in large organizations that all such computers are wiped clean. If you don't have such a policy, you should.” He’s right about that.

	SearchSecurity.com
Worst Practices in Enterprise Security Dissected Everyone talks about best practices in safeguarding security across the enterprise. But this author takes a different (and we think illuminating) tack, assessing the problems looming behind some of the worst security practices he’s seen. In the process, he explodes some myths. Our nomination for worst IT security practice, you ask? That’s easy—spending more than 90% of the budget to lock down network security when 75% of data breaches are the result of off-network security lapses.

	PC World
Flash Drives are Growing Threat to Data Security The widespread use of flash drives is emerging as one of the most serious challenges to data security in years. In surveys, corporate IT security personnel tend to underestimate by half the percentage of employees who use the cheap mobile storage devices to foil their security efforts. According to a recent Ponemon Institute study, lost and stolen devices, including USB flash drives, account for almost half of data breach incidents. We think this problem is as good a reason as any to tap outside expertise in best practices for managing off-network data security risks.

	BBC
Local British Government Units Found Lax on Data Security A survey by the British Broadcasting Corp. finds lax standards for the protection of sensitive court documents and other data by local governmental bodies in Britain. Responding to the report, a governing organization says it will push for tighter regulations. But as has been shown over and over, no set of external regulations will ever alone solve the problem.

	Security Park
Encryption Coming of Age While encryption is a powerful tool, getting it wrong from either an IT or operational standpoint can give an organization a false sense of security, or even worse, can scramble data. “Once seen as a specialized, esoteric discipline of information security, cryptography is finally coming of age,” the magazine says. We support encryption as a best practice, but this does not absolve the need to erase drives at disposition, since the data remains. Verified data destruction for each serialized drive is and should be the requirement at disposition.

	vnunet.com
Remote Workers Called Biggest Security Threat Employees working from remote locations are perhaps the biggest threat to IT enterprise security. A recent survey in Great Britain found that they’re far more likely than their office-bound counterparts to introduce malicious code into their employers’ network, and are generally forcing corporate IT departments to rethink how they support such employees.

	Computer World
Encryption Still A Good Idea, Recent Press Reports to the Contrary An IT security architect explains that when you total up all the risks and rewards, the odds still are decidedly in favor of the effectiveness of encrypting laptops, despite a recent national media report that may cause some CEOs to wonder if the expense is worth it. We’d heartily concur. Which is part of the reason we’ve developed a data-locking application. While not as fool-proof as full encryption, it is a cost-effective alternative to doing nothing, and great for situational use.

	Network World
Ten Security Threats to Consider The magazine offers some newer as well as some tried and true security threats worth considering. Sure, every data security expert worth his salary is ready to defend against targeted attacks. But are they equally on the alert for attacks from virtual reality sites or insecure web applications? We think these are worth remembering.

	Computer World
Should CEO’s Be Jailed Over Security Breaches? In the wake of the Enron debacle, the U.S. Congress passed the Sarbanes-Oxley Act, which made top corporate leaders explicitly responsible for their company’s financial improprieties. Now, with a rising wave of breaches of sensitive data, some are calling for CEOs to be held directly responsible for the oversights, up to and including jail time. We think that’s a tad excessive, but at the same time we also understand the growing public impatience with the problem of data breaches. Our solution: better internal processes for preventing them in the first place.

	Government Computer News
Merely Securing Data Networks No Longer Cuts It With mobile devices growing increasingly popular and more data coursing through corporate networks and, crucially, outside the walls of those networks, the IT security industry is undergoing a fundamental rethinking. Industry leaders are awakening to the fact that data itself must be secure, not simply the networks in which they reside. This supports the findings of the Redemtech-sponsored Ponemon Institute study, The Insecurity of Off-Network Security.

	CIO Magazine
Laptop Encryption Isn’t Always the Silver Bullet While adding encryption software to laptops bearing sensitive data sometimes represents the best available option for protecting data, one security consultant argues that that’s not always the case. Depending on the circumstances, he says there may well be more cost-effective methods for securing data. While we generally recommend laptop encryption as a best practice, we also recognize there are practical cost hurdles that often prevent that from being chosen. Accurate asset management, strict chain-of-custody and verified data destruction are required regardless.

	Dark Reading
Plugging Security Gaps Begins with Honesty About Leaks A security consultant complains that too many companies guard their information about security breaches so tightly that it’s making it hard for the industry to learn from its own collective experience and improve methods. He notes that some corporate security practitioners are barred from even sharing their successful tactics by nervous lawyers. The vacuum of solid information about security breaches only makes it that much harder to prevent future breaches.

	Internetnews.com
USBs Called Biggest Carrier of Malicious Software Before the Internet was widely used, the most common method for spreading malicious software was through floppy disks. Security experts say that with defenses high against malicious code in email, an updated form of the old method has returned: the use of USB thumb drives to spread viruses. For us, that just represents one more reason to adopt best practices for off-network security.

	ZDNet
Getting End Users to Cooperate is Best Path to Security If IT security efforts are to be effective, managers must better engage end users and educate them on good security practices. Simply attempting to better lock down systems won’t be effective all by itself. We think employee education has to be combined with best practices in an organization’s IT processes. In our off-network security study, for instance, we found that 86% of organizations said they have an off-network data security policy or standard operating procedures, but only 8% communicate it to their employees and vendors. Need we remind anyone that simply having a policy in place does little good if it’s not communicated?

	SC Magazine
A Network is Only as Secure as its Weakest Link What are the biggest security threats of the future for your organization? It’s hard to know. But it makes sense for the IT security team to occasionally sit down with various internal stakeholders to help uncover weak points and develop sensible countermeasures. We recognize that 100% security is impossible. So companies need to define their risk tolerance and develop their security accordingly. We agree that “the key is to look for the greatest points of vulnerability,” which are often off-network. While organizations may have the front door locked down, the back door is often left swinging wide open.

	SC Magazine
Smart Phones Increasing the Security Challenge The growing popularity and increasing complexity of applications for smart phones represent an increasing challenge for those charged with securing the enterprise. While it wasn’t too long ago that these devices were used only by top executives, their use has long since spread to middle managers and salespeople. It’s a reminder about the inherent challenges of off-network security.

	Silicon.com
British Government Good at Losing Laptops The British government admitted recently that its various departments and agencies have reported more than 1,000 laptops lost or stolen since 2001. Industry statistics note that a laptop is stolen every 53 seconds, and 97 percent are never recovered. The average laptop, meanwhile, contains $972,000 worth of data. We certainly found ourselves in agreement with the fellow who had this to say about the news of the government’s lost hardware: “It is time we had a complete rethink on the way electronic equipment is protected."

	CFO Magazine
Why the Management Silence About Security Breaches? Dubbing it “a firewall of silence,” the magazine says “computer security remains the corporate risk that dare not speak its name,” with CFOs especially loathe to discuss the subject in public. We think it’s perhaps understandable, given the enormous regulatory burdens to safeguard data that have been added to their plates in recent years. The good news, though: CFO says leading-edge companies at least are beginning to have the kinds of systematic interdepartmental dialogues that will lead to better security.

	Darkreading.com
USB Drives Can be Major Security Challenge Tiny USB digital storage devices—or “thumb drives,” as some call them—are challenging from an enterprise security standpoint. Some organizations react by simply banning them altogether. But since there are many legitimate uses for these devices, a better option may be securing the data once it’s downloaded to these devices. We agree that these devices aren’t going away, so organizations would be better off accommodating them under their security policies.

	IT Security
IT Needs to Better Tie Costs to Threats With every part of a corporation’s budget coming under increasing pressure and the internal competition for resources rising, IT managers will increasingly be expected to explicitly associate cost with each potential threat to the enterprise. We agree, and believe that most organizations are out of alignment in this regard. After all, about 70 percent of data breaches occur due to off-network security lapses, while only about 10 percent of IT security budgets are directed there.

	CIO Magazine
Some Useful Reminders About Preventing Network Intrusions Okay, so you knew most of this already. But CIO Magazine nonetheless reminds you in a pithy, easily digestible fashion what to think about when it comes to making it harder for hackers to get into your network. We find ourselves in agreement on all of these items, and welcome the reminder that while many of us think about defending against more sophisticated intrusions, at the same time, we can’t ever forget about the basics.

	Washington Post
Another Laptop Theft Highlights Need to Enforce Security Measures A government laptop containing information (including Social Security numbers) of 2,500 people taking part in a study by the National Institutes of Health is stolen. And once again, it turns out an arm of the federal government ignored federal rules requiring encryption of such sensitive data. For us, it highlights an all-too-familiar aspect of our work: it’s all well and good to adopt tough security policies across the enterprise, but it’s meaningless if those policies are not strictly enforced.

	Seattle Post-Intelligencer
Big firms lose sight of tech equipment If millions of Americans have trouble keeping track of the technology equipment they have accumulated throughout the years, large and small companies find the task so daunting that many do not even try, security experts say. Sloppy inventory control, however, can cause major headaches for companies, experts add.

	InfoWorld
Data thieves steal credit card data from supermarket chain Data thieves broke into a computer network at supermarket chains Hannaford Brothers and Sweetbay and stole as many as 4.2 million credit and debit card numbers, Hannaford said, marking one of the largest reported data thefts from a retailer in U.S. history. The Associated Press reported that more than 1,800 cases of fraud had been linked to the theft.

	Rocky Mountain News
Holes grow in net safety Breaches of personal data are a growing problem nationwide, as society handles more information electronically, and it becomes more common to transport that information on laptops and other mobile devices, according to security experts. Experts generally agree that large companies are doing a better job of reporting incidents, in part because they realize the lack of disclosure can come back to haunt them in terms of business costs, customer losses and lawsuits.

	Network World
A Generation That’s Giving Data Security Experts Fits The generation born between 1980 and 2000, variously dubbed “Millennials” and “Echo Boomers,” represents a serious challenge to IT managers trying to protect data. With their tech-savvy, reliance on ever-more-robust digital gadgets and insistence on using social software, they can often force their colleagues in the IT department to remain one step ahead. We think this article nicely outlines a too-easily-overlooked component of the challenges involved in erecting off-network security, and one that will only grow over time.

	Security Park
IT departments worry about threat of data leaks from more open networks IT departments are under pressure to make corporate networks more accessible to remote workers and external users despite fears about data leaks, malicious content and hacking, according to a new survey by AEP Networks. With many different types of users remotely accessing networks, IT departments hope to reduce security risks by investing in new technology.

	InternetNews
Enterprises face data growth explosion A new study from research firm IDC and storage vendor EMC found that data requirements are growing at an annual rate of 60%, indicating that the IT impact will be extensive, ranging from the need to boost information governance to improving data security. Companies are responsible for the security, privacy, reliability and compliance of 85% of data in the digital universe, the study said.

	GovernmentExecutive.com
How To Navigate Through A Security Breach Letting valuable private data fall into the wrong hands is bad enough. But institutions—from government agencies to large corporations—continue to compound the initial problem by failing to disclose these breaches in a timely fashion. This article nicely outlines how to be proactive in the event of a data breach. Naturally, we suggest having systems in place which will guard against them to begin with.

	Information Security
All Encrypt: Fortune 500 Company Ups Ante on Laptop Security In a sign of the times, Timken, a major Ohio-based manufacturer, decides to encrypt every company hard drive, including all laptops, with data-security software. Some experts think it’s the wave of the future. We think it’s the best practice, and just one of several possible solutions to enhance data security across the enterprise.

	PC World
Protecting the mobile workforce While the productivity benefits of mobile devices are significant as enterprises continue to roll them out to the workforce, security experts say CIOs and other senior IT personnel must implement comprehensive mobile security policies to defend against internal and external security threats.

	SearchSecurity.com
NAC, disk encryption gaining attention, survey shows A new Forrester Research survey found that network access control (NAC), disk encryption and application security technologies and services topped the list of interests of IT professionals. The survey revealed that many companies are interested in new technologies to automate security, focus on threats at the end point and address internal threats.

	InfoWorld
U.S. FTC settles breach complaint with student lender The U.S. Federal Trade Commission said it settled a complaint against student lender Goal Financial for allowing an employee to sell a hard drive containing unencrypted personal information of 34,000 customers. Additional allegations claimed Goal Financial permitted two employees to access personal information of 7,000 customers and take the data to a competing firm, the FTC said.

	Sarbanes-Oxley Compliance Journal
A Primer on IT security Audit Trails In recent years, the nature of regulations about the protection of data has changed from mostly being anchored in the technical realm to being far more about actual business applications. This article provides a good overview of the best practices for establishing an audit trail of an organization’s process for safeguarding its data.

	Quad City Times
Missing laptop, data could affect 20,000 Kraft Foods employees About 20,000 Kraft Foods employees were recently notified that a company-owned laptop computer with their personal information was stolen from an employee, noting that they could be vulnerable to identity theft.

	CIO Magazine
A Primer on Laptop Security CIO Magazine says with the sophistication of encryption software, there’s no reason for enterprises not to safeguard their entire fleet of company laptops. At the same time, it contends that the next big challenge will be protecting a powerful new generation of personal digital assistants, which are more frequently lost than laptops. We agree that laptop encryption is the best policy, but the reality is that cost is sometimes a prohibitive factor. In that case, utilities which temporarily lock hard drives are a good, cost-effective, choice.

	Washington Post
U.S. GAO finds data protection lagging Many major U.S. government agencies are doing too little to safeguard sensitive personal information, according to congressional investigators. Only two of 24 agencies studied by the U.S. Government Accountability Office have implemented all five security measures recommended by the U.S. Office of Management and Budget to protect personal information.

	Federal Computer Week
U.S. lawmakers ask agencies for data security update U.S. Senators Susan Collins, ranking member of the Homeland Security and Governmental Affairs Committee, and Norm Coleman, ranking member of the committee’s Permanent Subcommittee on Investigations, are demanding that 24 U.S. government agencies submit a timeline for when they will meet all requirements of the Bush administration’s plan to protect personally identifiable data.

	Washington Technology
New funding to protect cyber-assets catches industry attention A dramatic rise in attention and U.S. government funding for cybersecurity and infrastructure protection is expected in fiscal 2009, causing business contractors to seek fresh opportunities, industry observers say. Proposed spending on information technology security in fiscal 2009 is $7.3 billion, 10% higher than in 2008.

	NewsFactor Business Report
Data breaches: A global dilemma Data breaches occur regularly around the world, security experts say, many involving lost laptops and other off-network security devices. Many breaches receive little attention, however, experts note.

	WREG
Lifeblood lawsuit could cost billions A $192 billion class action lawsuit has been filed against regional blood donor Lifeblood in response to the loss of two laptop computers stolen from inside a Lifeblood storage facility in Memphis, Tenn. that contained information on more than 320,000 blood donors.

	Los Angeles Daily News
Employee data theft jolts Los Angeles Department of Water and Power A computer containing personal information on more than 8,300 Los Angeles Department of Water and Power employees reportedly was stolen from a vendor, utility officials have confirmed. The data included names, Social Security numbers, birth dates, employee identification numbers, salaries and healthcare benefits details.

	SC Magazine
ID theft instances down, cost per incident up: Javelin Identity theft remains a major concern of U.S. consumers because criminals have become more creative in how they steal personal information, according to a new Javelin Strategy and Research report. ID theft accounted for a loss of $45 billion during 2007 and the cost of individual ID theft cases rose by 25% to $691 per incident, Javelin reported.

	Media Daily News
U.S. FTC: Data security is top concern Eileen Harrington, deputy director of the U.S. Federal Trade Commission's Bureau of Consumer Protection, said consumer data security is the greatest concern of the agency’s enforcement work. Harrington noted that the FTC has already punished big-name companies for data security breaches.

	InfoWorld
Customers mismanaging access Many companies still fail to sufficiently address access controls for protecting information and IT systems, despite investments in security technologies aimed at thwarting data leakage and compliance violations, according to a new report from the Ponemon Institute. Most IT workers readily admit that their companies are doing a substandard job of keeping tabs on the level of access available to employees, temporary workers and independent contractors, the 2008 National Survey on Access Governance states.

	Computing
Data loss is inevitable, say most businesses A new risk management report has found that 59% of businesses anticipate a major loss of information to occur once every five years while data security concerns associated with mobile and portable devices continue to increase. Nearly half of respondents ranked mobile devices as a serious risk, but only one third said they had the ability to manage those risks, according to the Symantec report.

	TechNewsWorld
The biggest security threat for 2008 and beyond: End users Study after study continues to reveal a fundamental truth about the shifting landscape of IT security: the biggest threat to proprietary systems and information are trusted employees. When it comes to handling corporate data, non-malicious employees often accidentally make improper data security choices, experts say.

	Newark Star-Ledger
Health insurer says stolen laptop had customers' data Unencrypted personal information, including Social Security numbers, on more than 300,000 Horizon Blue Cross Blue Shield of New Jersey members reportedly was contained on a laptop computer stolen in Newark, N.J., recently.

	What PC
Why personal data loss must not be tolerated Many companies and government agencies establish good data security policies, encourage members to sign off on those policies, and then ignore the rules when handling confidential data, security experts say.

	Security Park
UK Ministry of Defence laptop stolen with personal details of 600,000 applicants A laptop computer containing the unencrypted personal details of 600,000 armed forces applicants was stolen from a Royal Navy officer, the UK Ministry of Defence has confirmed. Information on the laptop reportedly included National Insurance numbers, financial data and passport information.

	Columbus Dispatch
Lost tape contained data of 650,000 J.C. Penney customers Personal information on about 650,000 customers of J.C. Penney and as many as 100 other retailers could be compromised after a computer backup tape went missing from a storage warehouse. GE Money, which handles credit-card operations for retailers, said the missing information includes Social Security numbers for about 150,000 people.

	Network World
Cyber espionage seen as growing threat to business, government The SANS Institute has ranked cyber-espionage high on a list of 2008 data security menaces, saying theft of data will become more common as corporations and government agencies seek to gain economic advantage in multinational deals.

	InfoWorld
Nashville laptop theft may cost $1 million The theft of a laptop computer containing the names and Social Security numbers of 337,000 Tennessee voters could cost local officials about $1 million as they roll out identity-theft protection to potential victims.

	SC Magazine
Preventing security breaches from inside your private network Network security experts say the network perimeter is vanishing due to changes involving users, devices and authorizations. Going forward, a new model for enterprise defense must be established, experts say.

	Computing
Enterprises ignoring data security and privacy Technology, media and telecommunications (TMT) firms must increase their data security efforts and investments to keep up with the latest threats, according to a new Deloitte global survey that found only 53% of TMT companies report losses of customer data.

	New Orleans Times-Picayune
Audit of colleges says $1.6 million in items missing After $987,000 in computer equipment was reported missing in a recent audit of two Louisiana state colleges, a legislative auditor said audits commonly reveal such major losses from colleges and hospitals. The audit at the University of New Orleans and Southeastern Louisiana University reported a loss of 156 laptop and 130 desktop computers.

	Johnstown Tribune-Democrat
Pennsylvania seniors’ personal info stolen A computer stolen in a recent burglary contained personal information about 20,632 senior citizens in four Pennsylvania counties, according to the state’s Department of Aging. The information in the database reportedly included client Social Security numbers and other personal data.

	SearchSecurity.com
Hardware-based encryption gains most innovation of '07 In 2007, many businesses turned to new security technologies and products to reduce risk to data in transit, security experts say. The shifting focus on mobile endpoints was most pronounced in hardware-based encryption, experts note.

	ChannelWeb
Data loss prevention trends to watch in 2008 Security experts say 2007 was marked by many high-profile data security breaches, but 2008 will see additional security incidents in the headlines primarily because more companies and organizations will be required to publicly disclose breaches when they occur.

	Daily Tech
Personal data theft reaches record high The Identity Theft Resource Center and Attrition.org reported that 2007 was a record-setting year for data breaches in the U.S., with ITRC noting 79 million compromised records reported since the start of 2007 through Dec. 18. Attrition.org estimated 162 million records were compromised through Dec. 21 in U.S. and global markets.

	PC World Canada
Dumpster-diving for e-data Every user who loses or disposes of a keychain-size flash drive could be unintentionally leaking critical information to a competitor, security experts say, adding that desktop and notebook computers disposed in landfills or even yard sales could represent a rich trove of corporate data left on a hard drive.

	Earthtimes
World of identity theft continues to evolve The Identity Theft Resource Center predicts an increase in the number of data breaches in 2008 due to poor information handling policies and practices. The group also forecasts a higher recognition of identity theft as a crime by law enforcement and more legislative action on identity theft issues.

	eWeek
Office workers confess how they let security slide Research conducted by RSA in November found that 68% of respondents who work for the private sector admitted to taking away from work mobile devices, such as laptops, smart phones or USB flash drives that hold sensitive job-related information, customer data, Social Security numbers and company financials.

	Baltimore Business Journal
Personal information being exposed 'frequently and repeatedly,' study finds A new survey conducted by Deloitte & Touche and the Ponemon Institute found that 85% of North American security professionals reported at least one data breach within their organizations during the past year. The survey claims personally identifiable information of customers and employees is being exposed by businesses "frequently and repeatedly.”

	Dark Reading
Small businesses feel security's burn A new eMedia study found that 32% of small and medium-sized businesses have experienced a security breach during the past year, and these breaches are changing the sector's viewpoint on security tools and products.

	USA Today
Theft of personal data more than triples this year Thieves systematically pilfering sensitive personal data from companies, government agencies, colleges and hospitals contributed to more than 162 million records reported lost or stolen in 2007, triple the 49.7 million that went missing in 2006, according to a USA Today analysis of data losses.

	Earthtimes
Survey finds employees put corporate data and security at risk Most members of Network World's Technology Opinion Panel admitted in a survey to being unprepared to prevent data breaches and computer theft. A total of 42% said their corporation does not have data security policies in place for the use of mobile computing devices.

	InfoWorld
Companies still failing to enforce security rules Company security policies are useless without enforcement, according to new research released by the Ponemon Institute. Companies do not follow basic data security procedures in several high-risk scenarios, including off-network security, the survey found.

	Dark Reading
Study reveals overlooked sources of leaks A new Information Security Forum study found that lost laptops, sensitive documents left on photocopiers and employees taking home confidential storage media remain the most common sources of data security leaks.

	InternetNews
Report details real costs of security breaches A new Ponemon Institute study has found that data breach incidents cost companies $197 per compromised customer record in 2007, compared to $182 in 2006. Most of the cost, $128 out of the $197, is from lost business and having to acquire new customers. For financial services firms, the cost was $239 per lost record.

	Security Park
Businesses are ill-prepared for the security risk introduced by temporary workers Business enterprises may unnecessarily put corporate data at risk by granting temporary staff access to confidential information at the same levels as permanent employees, according to new research from Websense.

	Tech Republic
Ten ways to reduce insider security risks Enforcing IT security policies and increasing security awareness are among the ways business enterprises can combat insider corporate security threats, industry observers say. Recent reports indicate that employees who are authorized to access company systems are most likely to be linked to a security breach.

	Washington Post
UK government apologizes about huge data loss UK Prime Minister Gordon Brown tried to reassure Britons that their personal data is safe after one of the biggest security breaches in the country's history left millions of people exposed to identity theft and bank fraud. Two computer disks lost in transit from one government department to another contained names, addresses, birth dates, national insurance numbers and banking details for 25 million people.

	Indianapolis Star
Veterans Administration laptops, patient information stolen Three computers containing information on 12,000 patients were reported stolen from the U.S. Veterans Administration (VA) hospital in Indianapolis in early November. The VA says the computers were stolen from locked offices at the Roudebush VA Medical Center.

	Computerworld
Montana State University reports three data breaches in single day The State University of Montana recently discovered three separate security breach incidents involving the potential compromise of personal data on the same day. One of the breaches involved a removable storage device containing personal student data that was reported stolen.

	ENN
Used hard drives are ID theft paradise A new study conducted by Irish security firm Rits Information Security reported that personal information, including customer data, client files and credit card numbers, were found on hard drives sold into the second-hand computer market. Even when attempts were made to erase the drives, they had not been securely sanitized, allowing Rits to recover data.

	Fredericksburg Free Lance-Star
ID theft can be a dead issue Only 6% of companies can say for certain that they have not lost important personal information during the past two years, according to identity theft expert James McCartney. Identity theft now produces more revenue than drug trafficking in the U.S. and identity thieves opened 400,000 bank accounts last year using the names of dead people, McCartney said.

	Charlotte Observer
Laptop with personal data missing A laptop computer owned by Cabarrus County, N.C. Emergency Medical Services that contained personal information on more than 28,000 people was reported missing after being accidentally left on an ambulance's back bumper at a medical center. The laptop had names, addresses, phone numbers and Social Security numbers of county EMS patients from the past four years.

	Healthcare IT News
Privacy concerns remain barrier to health information exchanges A new report released by the American Health Information Management Association and the Office of the National Coordinator for Health Information Technology says state public-private health information exchange organizations are making progress in some security areas, but the question of privacy remains a hurdle.

	The Chronicle of Higher Education
Five ways sloppy campuses can clean out personal data In 2007, nearly 70 colleges have experienced security breaches of some sort, according to the Privacy Rights Clearinghouse, including incidents of stolen and lost laptops and flash drives.

	eWeek
Handling goofs cause many data leaks An analysis conducted by Next Generation Security Software found that 43% of personal records lost since the start of 2007 slipped out of organizations on computers, laptops, disks or other backup media. Other researchers and security experts put the figure higher for records that were exposed due to lost or stolen computers or media.

	Computerworld
How many employees violate corporate IT policies? As many as 35% of workers have knowingly violated their corporate IT policies at least once, according to a new MARC Research study. The study also found that 74% of respondents said they don't believe that downloading unauthorized content or software to work PCs is a business risk.

	eSecurity Planet
The ‘IT’ in security guard Shifts in technology, attack vectors and business models have contributed to convergence of IT security and physical security roles in business. Executive leadership must see that physical and computer security should not be separate entities, but two operational arms of an overall security group, security experts say.

	Federal Computer Week
New commission will advise next president on cyber-security The U.S. House Homeland Security Committee announced a new cyber-security commission that will study existing policies and identify incentives, legislation or policy initiatives, and then make recommendations to the next U.S. president.

	HelpNet Security
Block data leakage at the source The opportunities for data theft, information leakage and unauthorized viewing of data have increased tremendously and organizations must look urgently at managing the problem, industry experts say. Laptops are particularly at risk of theft or loss, often disappearing from employees’ homes, cars and hotels.

	Dark Reading
West Virginia notifies 200,000 people of lost backup tape West Virginia state officials are alerting 200,000 current and former members of three state health insurance programs that a computer tape containing names, addresses, Social Security numbers and other personal data was lost in transit to Pennsylvania. The data regards members of the West Virginia Public Employees Insurance Agency, the state’s Children's Health Insurance Program and the AccessWV insurance pool.

	Security IT World
Study places value on sensitive data stored in laptops Most travelers store an average of $525,000 worth of sensitive data on their laptops, according to a survey contracted by broadband service provider iBahn. The survey determined that the personal information on travelers' laptop computers is valued at $330,000.

	Information Week
Identity Theft: Costs more, tech less A study released by Utica College's Center for Identify Management and Information Protection (CIMIP) found that the median actual dollar loss for identity theft victims is $31,356. The CIMIP study shows that ID theft affects companies as well as individuals, analysts said.

	Newsday
Audit criticizes Connecticut agency for lax computer security Several former employees of the Connecticut Department of Revenue Services and other state agencies retained access to state computer networks after being fired or voluntarily leaving their jobs, according to a new audit. The department is facing criticism after a laptop computer containing information on 106,000 state taxpayers was stolen from an employee's car.

	Boston Channel
Home Depot laptop with personal employee data stolen A Home Depot laptop holding personal information of 10,000 employees reportedly was stolen from the car of a Massachusetts employee. The retailer sent a letter to affected employees offering free credit monitoring for a year.

	Philadelphia Inquirer
U.S. TSA laptops with personal information missing Two laptop computers with detailed personal information about commercial drivers who transport hazardous materials reportedly were stolen from a contractor working for the U.S. Transportation Security Administration. The laptops contained names, addresses, commercial driver's license numbers and Social Security numbers of 3,930 people.

	Houston Chronicle
Laptop goes missing with data on 159,000 workers A laptop containing confidential information about 159,000 Administaff workers has been reported missing. The firm, which provides human resources services to small- and medium-size businesses, said the laptop had data on employee names, addresses and Social Security numbers.

	Government Technology
Cost of sensitive data breach to increase through 2009, says Gartner Gartner analysts estimate that the cost of a sensitive data breach will increase 20% per year through 2009. Understanding where security funds are spent and whether that spending is effective is important, Gartner says, adding that security metrics should be established for all major security spending areas.

	Vnunet.com
IT security spending steadily increasing Investments in security technology, training, assessments and certification in the U.S. now account for 20% of total technology budgets, according to new research from the Computing Technology Industry Association.

	InfoWorld
Records security plans still lagging One of the biggest problems facing companies when they discover a data breach is that they finally realize that they don't have a handle on where all their information resides, according to a new study from Iron Mountain. About 65% of study participants admitted that they have no over-arching records retention, storage, backup and management strategy.

	SC Magazine
How is data lost? When thieves with insider credentials exploit large corporate databases, business enterprises often cannot see the security breach because somewhere between the firewall and the data servers, they are not able to track valuable information. An inability to see, in real-time, which users are accessing what data from where and when, has played a role in most mass data breaches that have occurred in recent years, experts say.

	Law.com
Small devices, big liability Laptop thefts from law offices are not uncommon, law firms admit, but many firms enact security measures by creating strict user policies for computers. Smaller information storage devices also present problems based on their compact size, law firms note.

	Atlanta Journal-Constitution
Laptop thief gets personal data on 800,000 Gap applicants A laptop computer containing unencrypted personal information for 800,000 people who applied for jobs at clothing retailer Gap Inc. was reported stolen. The laptop stored Social Security numbers and other data from people in the U.S., Puerto Rico and Canada who applied for jobs at Gap, Old Navy and Banana Republic stores between July 2006 and June 2007.

	InfoWorld
Security experts pitch 'culture of data' Companies that discover how to protect sensitive information without getting in the way of business users are experiencing success in advancing their data security efforts, according to industry experts. Businesses that can foster both ready access to information, along with strong defenses for end-users and IT systems, are making progress the fastest, vendors and service providers claim.

	Computerworld
Confidential data on hard drives turning up Hard drives full of confidential data are still turning up on the second-hand market, researchers from U.S., UK and Australian universities have reported. Combined research found that 37% of 350 drives acquired through online auctions contained traces of sensitive personal data.

	TechWorld
Firms need structure for security, claims Gartner Businesses must establish structured security policies with clear language to address all levels of employees, a Gartner analyst warns. Analyst Les Stevens said it was crucial for businesses to recognize the key factors influencing the success or failure of policy management.

	Silicon.com
IT security breach pitfalls named During a recent Gartner security summit, iPhone, Facebook and operating systems were all named as weak links in the IT security chain by security experts.

	New York Times
Connecticut says data on its money was stolen Connecticut Gov. M. Jodi Rell said a computer backup tape stolen in June from a car belonging to a State of Ohio government intern contained bank account and other sensitive financial data for nearly all Connecticut state agencies.

	ZDNet UK
NHS patient data sold on eBay The Dudley Group of Hospitals NHS Trust is trying to find out how a hard drive containing confidential patient medical information was sold on eBay. The UK healthcare group indicated a breakdown in its computer disposition process.

	Columbus Dispatch
Ohio: More names on stolen tape A computer tape stolen from a state intern's car in June included personal information from 1,329,349 Ohio taxpayers and businesses, 106,797 more than previously thought, a final tally revealed.

	TechNewsNow
Predicting insider data breaches Many insider security breaches go unreported because companies do not know they are happening, security experts say. The potential for both accidental and deliberate breaches of personal information and intellectual property by workers is a growing concern for corporate executives.

	eWeek
Analysts predict death of traditional network security Two Forrester Research analysts said in the next five years the Internet will be the primary connectivity method for businesses, replacing private network infrastructure as the number of mobile workers and other third-party users grows. Corporations will redefine network security and focus on data encryption, managing risk at the endpoint and having strict data access controls, they said.

	Enterprise IT Planet
Mobile users and their risky behavior IT departments suffer countless headaches to lock down their computer equipment, only to have employees undermine security with foolish behavior outside the office, concludes a new report by Trend Micro.

	Consumer Reports
What your hard drive can tell ID thieves Consumer Reports found an abundance of personal and financial data on used computers and hard drives it purchased on eBay to determine the effectiveness of data erasure.

	TechWorld
Wireless technology hits security budgets Security spending to address weaknesses in wireless and mobile technology will rise by 20%, according to a Cisco-sponsored survey of 700 business decision makers in the U.S., UK, Germany, China, India, South Korea and Singapore. The report confirms that many business mobile users are not always aware of security concerns, don't encrypt data and lose their wireless devices through carelessness or theft.

	Information Week
Data losses can harm a business brand A business’ brand integrity significantly suffers from data breaches, according to InfoSurv's survey of U.S. consumers. A total of 87% of consumers said they lost respect for businesses in instances where companies lost customers’ personal information, while 96% of respondents said that protecting customers from data breaches should be a company's highest priority.

	Dark Reading
Enterprises wrestle with security policies A new report from Forrester Research and RSA Security says creating a security policy is the biggest nightmare for most CSOs. A total of 62% of respondents said enforcement of existing company policies is their most pressing driver in ensuring that data is properly secured.

	TechWorld
Road warriors are security risks A survey commissioned by management software maker BigFix says securing the mobile workforce needs to be a top priority for global companies.

	Newsday
Laptop with finance data on New York City retirees stolen A laptop computer containing financial information on as many as 280,000 New York City retirees was reported stolen from a consultant to the city’s Financial Information Services Agency, city officials said. The personal data was related to various city pension systems.

	Network Computing
The importance of being encrypted A new Forrester study indicates that encryption and key management programs are underdeveloped in many companies. The survey results show that budgeting encryption software and a lack of compelling business drivers are major hindrances to encryption use.

	eWeek
Report: Mobile users often lax about security A study performed by research firm InsightExpress found that 73% of mobile users admit that they are not always aware of security threats or best practices. In the U.S., 36% of those surveyed said they were unconcerned or hardly concerned with threats when using wireless devices.

	Computerworld
Your data's less safe today than two years ago Personal data is less safe today than it was two years ago, according to a Gartner analyst. More than 158 million data records of U.S. residents have been exposed as a result of security breaches since January 2005, according to the Privacy Rights Clearing House.

	Security Park
Mobile working and security do not have to be mutually exclusive According to a security survey conducted by SafeNet, a significant increase has been noted in the percentage of businesses that support mobile working, but the percentage of firms that have implemented adequate security technology and processes remains low.

	SC Magazine
Market your security competencies With the scope and scale of recent data breaches, consumers are becoming very weary of doing business with firms that don't adequately protect personal and financial information, according to a new survey. The CMO Council survey showed that 90% of professional marketers believe it is important for organizations to have clear security policies.

	Security Views
The magical ‘human security layer’ If employees are taught to understand the impact of their jobs on protecting an organization’s information assets and profitability, they can be proactive in making other security layers more effective, experts say. Vigilant employees are better able to identify suspicious events that allow for earlier detection and response.

	Channel Register
IT bosses say directors don't take security seriously Surveyed UK IT managers say they believe that board-level executives pay lip service to compliance and security, but do not take the issues seriously. The survey from software developer NetIQ revealed that 51% of companies queried do not have processes in place to manage risk and comply with compliance regulations.

	Dark Reading
Assume your laptop will be stolen Eric Latalladi, CTO for financial services company JB Hanauer & Co., recommends that companies and IT departments assume that any given laptop will be lost or stolen. Enterprises face plenty of potential downsides when a laptop goes missing: public embarrassment, fines, a decline in share price, loss of customers, and damage to the brand name.

	Boston Globe
Employees bypassing IT departments The widespread adoption of consumer technologies in the workplace poses a potential threat to corporate IT departments, according to a new report from the Yankee Group. The trend could lead to a potentially "hazardous mix of secured and unsecured applications in the enterprise," the report said.

	Vnunet.com
Firms not responding effectively to data breaches A computer forensics expert has blasted corporations for the manner in which they deal with security breaches. Most firms dispatch internal IT staff to investigate and tell senior management the scope of the damage, potentially resulting in more harm as staff members usually are not suited for incident response as are professional investigators.

	Evansville Courier & Press
Computer need fixing? Read this first Consumers are complaining that personal data on their laptop computers has been stolen by retail personnel entrusted to repair the devices. In some cases, laptops handed over to large retail chains for disposal have reappeared intact in flea markets.

	CRM Buyer
Data liability - name-brand trouble Extensive damage to a corporation’s reputation is the inevitable result of being a large, well-known company that suffers a data security breach, experts say. Big companies often are more unwieldy and tend to take longer to respond to security breaches, which can increase their liability, experts noted.

	CIO Today
Even after theft, some enterprises don't protect data Despite negative repercussions in terms of cost outlays and reputation diminishment, many companies that experience a data security breach do not take appropriate steps to prevent future incidents, according to Larry Ponemon, chairman of the Ponemon Institute.

	InfoWorld
The dos and don'ts of data breaches Reacting poorly to a data security breach can be worse for a company than the breach itself, according to industry experts. Large and small companies in every industry should be prepared to react to help minimize damage and quickly restore customer confidence, experts say.

	PC World
Cost and security concerns hinder e-cycling Cost and data security concerns hinder electronics recycling, according to a new IDC report on IT asset disposal. About two-thirds of companies say they do not use third-party disposal services, instead opting to donate old equipment, dispose of it in public or private waste facilities, or store it for future disposal.

	Stars and Stripes
Unsecured server may have left personnel files vulnerable Personal data and medical files of more than 867,000 U.S. military personnel were exposed by a U.S. Defense Department records processing contractor. Science Applications International Corp. admitted the unsecured records had been held on a file transfer protocol server in Florida that lacked a security firewall and password protections.

	Forbes
Watchdog: Ohio mishandled sensitive data Ohio technology administrators failed to report to police the theft of a backup computer device containing personal information on hundreds of thousands of taxpayers quickly enough and took too much time relaying the news to top government officials, the Ohio Inspector General reported.

	Help Net Security
Survey says that managing complexity still top security challenge Managing the complexity of security continues to be the top challenge for organizations around the world, followed closely by preventing security breaches, enforcing security policies and spreading user awareness, according to a new survey by Accenture and Information Week.

	InfoWorld
University of California hit with $3 million fine for breach The U.S. Department of Energy has proposed a $3 million fine on the University of California, Berkeley, and a separate $300,000 fine on Los Alamos National Security for their alleged failures to protect classified information in a 2006 security breach involving a contract worker who illegally removed classified data via a thumb drive. A failure to implement new measures could result in additional civil penalties of up to $100,000 per day for each violation.

	Processor
Evolving security threats create challenges Security experts say the top threats facing data centers today ultimately emerge from data convergence, flaws in authorized channels and business procedures, data in transit, and insider access.

	SearchSecurity.com