Mumbai, July 2 The Cyber Crime Investigation Cell (CCIC) of the Mumbai Police is currently conducting investigations in a case of possible corporate data theft, in which a former employee of a leading IT company illegally logged into the firm’s data network and stole sensitive information by sending data files to his personal e-mail address.
The company, which provides market research, data collection, analytics and online marketing services to global clients, has approached the police with a complaint that the suspected data thief is about to join a rival company in Chennai, armed with sensitive information belonging to his former employers.
On June 24, the CCIC received a complaint from two officials from Ugam Solutions based at Malad Link Road in Goregaon (West), regarding the data theft. “We have received a complaint regarding data theft from Ugam Solutions by a former employee, and the Cyber Crime Cell is conducting preliminary inquiries in the matter,” Joint Commissioner of Police (Crime) Rakesh Maria said.
According to the company’s website, with over 800 professionals across Mumbai, London, San Francisco and Chicago, Ugam Solutions is an Indian-owned company with a global presence, and one of the world’s largest providers of market research outsourcing services.
The company informed the police that on a Sunday last month, a senior programmer who had not been showing up at work for several days reported to office. Since he had been absent for several days, his access to the office through a swipe card had been blocked by technicians. However, since the watchman at the office recognised him as an employee, he was let in after he signed his name in a visitor's entry book.
When his superiors later learns that the senior programmer had visited the office on a holiday, their suspicions were aroused. On alerting the technical staff of the company, investigations revealed that the employee had logged into the office’s internal network and sent himself data files containing sensitive information.
“The company’s investigations revealed that a senior programmer, who did not have access to the company’s internal network from outside office, entered the office on a holiday and sent confidential and sensitive data of about 4 MB size to his personal e-mail address. He never returned to the office after that. The company now fears that this man is about to take its trade secrets and join a rival company in Chennai,” said a police source, on conditions of anonymity.
When contacted, Iran Kareem, vice president (Finance) at Ugam said: “There has been an attempt at data pilferage, in which a former employee has accessed our proprietory methodology.”
By Sagnik Chowdhury
Showing posts with label data theft. Show all posts
Showing posts with label data theft. Show all posts
Sunday, July 6, 2008
Customers warned of data grab - 03 Jul 2008
SPRINGFIELD - Freedom Credit Union is warning customers of a security breach whereby debit card data was electronically captured by individuals who may have used it in a counterfeit scheme.
"We have been notified that your Debit card number was one of several obtained during the arrest and indictment of individuals in Eastern Europe and the United States," reads a June 27 letter from Freedom Credit Union to certain customers.
In response, the credit union has issued new debit cards and PIN numbers to affected customers.
Allen W. Reed, the credit union's information technology administrator, could not say yesterday how many cards were involved.
He said that such incidents are unfortunately common in the banking world.
According to the letter, Freedom Credit Union cards have been linked to points of purchase where criminals were able to capture debit card data. Freedom Credit Union reported cards stolen as of Monday, and then issued replacement cards and new PIN numbers, according to the letter.
The credit union told customers that existing cards "will be coded as stolen in our sytem on Monday, July 30," and that they should contact the credit union at (413) 750-5749 if they want to stop using their cards sooner.
Customers should expect to receive their new debit cards and PIN numbers in separate mailings within the next week to 10 business days.
Freedom Credit Union has offices in Springfield, Northampton, Chicopee, and Turners Falls.
By JIM KINNEY
"We have been notified that your Debit card number was one of several obtained during the arrest and indictment of individuals in Eastern Europe and the United States," reads a June 27 letter from Freedom Credit Union to certain customers.
In response, the credit union has issued new debit cards and PIN numbers to affected customers.
Allen W. Reed, the credit union's information technology administrator, could not say yesterday how many cards were involved.
He said that such incidents are unfortunately common in the banking world.
According to the letter, Freedom Credit Union cards have been linked to points of purchase where criminals were able to capture debit card data. Freedom Credit Union reported cards stolen as of Monday, and then issued replacement cards and new PIN numbers, according to the letter.
The credit union told customers that existing cards "will be coded as stolen in our sytem on Monday, July 30," and that they should contact the credit union at (413) 750-5749 if they want to stop using their cards sooner.
Customers should expect to receive their new debit cards and PIN numbers in separate mailings within the next week to 10 business days.
Freedom Credit Union has offices in Springfield, Northampton, Chicopee, and Turners Falls.
By JIM KINNEY
Friday, June 27, 2008
HMRC slammed over major data breach - ukpress.google.com
Serious institutional deficiencies at HM Revenue and Customs were to blame for Britain's worst-ever breach of personal data security, when details of 25 million people were lost in the post, according to two reports.
Investigators from the Independent Police Complaints Commission found that HMRC procedures for handling sensitive data were "woefully inadequate" and staff adopted a "muddle through" ethos to confidential personal records.
And a separate report by consultant Kieran Poynter found that last October's loss of two computer discs containing the names, addresses and bank details of every child benefit claimant in the country was "entirely avoidable" and raised "serious questions of governance and accountability" at HMRC.
The UK's data watchdog, Information Commissioner Richard Thomas, warned that he would prosecute the agency if it did not improve its handling of private information. He issued formal enforcement notices against HMRC and the Ministry of Defence, which was the subject of a third critical report into its loss of 600,000 recruits' details on a stolen laptop.
Chancellor of the Exchequer Alistair Darling apologised "unreservedly" for the security breach, and assured the House of Commons that measures were already under way to tighten up procedures at HMRC.
The Government has accepted all 45 of Mr Poynter's recommendations and the new chairman of HMRC Mike Clasper has committed £155 million over the next three years to improving security, he said.
But his Conservative shadow George Osborne said that the reports gave a "truly devastating account of incompetence and systemic failure at the heart of this Government".
He said that the reports had "comprehensively blown out of the water" the claims made by Mr Darling and Prime Minister Gordon Brown at the time of the incident that the breach was the responsibility of a junior official breaking the rules. The IPCC report found that no individual was to blame for the loss of the discs, which have never been found.
Instead, the Government agency was accused of wholesale failings in institutional practices and procedures. Staff worked on confidential data without adequate support, training or guidance and there was no coherent strategy for mass data handling.
Officials were so ignorant about data security that when the CDs were lost, they simply sent another set, and it was three weeks before the loss was reported, setting in train a series of events which sparked a national outcry.
Investigators from the Independent Police Complaints Commission found that HMRC procedures for handling sensitive data were "woefully inadequate" and staff adopted a "muddle through" ethos to confidential personal records.
And a separate report by consultant Kieran Poynter found that last October's loss of two computer discs containing the names, addresses and bank details of every child benefit claimant in the country was "entirely avoidable" and raised "serious questions of governance and accountability" at HMRC.
The UK's data watchdog, Information Commissioner Richard Thomas, warned that he would prosecute the agency if it did not improve its handling of private information. He issued formal enforcement notices against HMRC and the Ministry of Defence, which was the subject of a third critical report into its loss of 600,000 recruits' details on a stolen laptop.
Chancellor of the Exchequer Alistair Darling apologised "unreservedly" for the security breach, and assured the House of Commons that measures were already under way to tighten up procedures at HMRC.
The Government has accepted all 45 of Mr Poynter's recommendations and the new chairman of HMRC Mike Clasper has committed £155 million over the next three years to improving security, he said.
But his Conservative shadow George Osborne said that the reports gave a "truly devastating account of incompetence and systemic failure at the heart of this Government".
He said that the reports had "comprehensively blown out of the water" the claims made by Mr Darling and Prime Minister Gordon Brown at the time of the incident that the breach was the responsibility of a junior official breaking the rules. The IPCC report found that no individual was to blame for the loss of the discs, which have never been found.
Instead, the Government agency was accused of wholesale failings in institutional practices and procedures. Staff worked on confidential data without adequate support, training or guidance and there was no coherent strategy for mass data handling.
Officials were so ignorant about data security that when the CDs were lost, they simply sent another set, and it was three weeks before the loss was reported, setting in train a series of events which sparked a national outcry.
Thursday, June 12, 2008
University of Florida Warns 11,300 Students of Data Breach - itbusinessedge.com - 11 Jun 2008
The names, addresses and Social Security numbers of nearly 12,000 current and former University of Florida students were accidentally posted online. The university has mailed notification letters to 11,300 students whose information may have been compromised, according to this Associated Press article on FOXNews.com. Officials could not find contact information for another 570 students.
The Sarasota Herald-Tribune reports that the breach occurred when the Office for Academic Support and Institutional Service created online records of students. Student Employees wanted to work with the information from off-campus locations, but failed to install appropriate security measures.
The information has been removed, and the university doesn’t believe any of the data was used inappropriately.
The University of Florida isn’t the only college to make headlines for security breaches. Earlier this week, we reported about a stolen Stanford University laptop that compromised the information of 72,000 current and former employees. And 155 medical and graduate students at the University of California-Irvine were victims of a scam after hackers used information from their health insurance plans to collect tax returns.
By Susan Hall
The Sarasota Herald-Tribune reports that the breach occurred when the Office for Academic Support and Institutional Service created online records of students. Student Employees wanted to work with the information from off-campus locations, but failed to install appropriate security measures.
The information has been removed, and the university doesn’t believe any of the data was used inappropriately.
The University of Florida isn’t the only college to make headlines for security breaches. Earlier this week, we reported about a stolen Stanford University laptop that compromised the information of 72,000 current and former employees. And 155 medical and graduate students at the University of California-Irvine were victims of a scam after hackers used information from their health insurance plans to collect tax returns.
By Susan Hall
Friday, May 30, 2008
Arco debit-card scams in San Jose, Los Altos linked to statewide ring - MercuryNews.com - 29 May 2008
A group of high-tech thieves who police believe stole bank card information from consumers at gas stations in South San Jose and Los Altos are likely the same group that has been targeting Arco stations statewide, the Mercury News has learned.
Los Altos detective Wes Beveridge, who has been involved with the case since thieves made off with about $100,000 from more than 80 customers at a Los Altos Arco station in March, said the group has also hit Arco stations in southern and central California.
"I've been in contact with five different agencies, including the FBI, to try to track the whereaabouts of these people," said Beveridge, who spoke with San Jose detectives about the case. "In each of these cases, the photos we have match the photos they have as well."
In each case, the victims used debit cards to buy gas at Arco stations, which only accepts debit cards. Thieves attached a card-reading device to the payment machine's keypad that allows them to steal bank card numbers and personal identification codes.
San Jose police first received reports of the thefts Monday night, when a San Jose couple realized three separate $500 withdrawals had been made during Memorial Day weekend. Police traced the thefts to the Arco gas station at 5755 Camden Avenue.
San Jose police say the number of victims is now approaching 80 and estimate the thieves have withdrawn $45,000 from Bay Area banks so far. San Jose police expect those numbers to grow-the skimming machines were in place for about one month - and investigators are still in the process of confirming dollar amounts.
"ATMs are a cash-only business," San Jose police detective Patrick Ward said. "They can get straight up cash, as opposed to buying" merchandise with a stolen credit card.
The practice of card "skimming" works like this: Thieves glue a card-reading device on the front of the Arco payment machine. The carefully positioned device can be difficult to detect.
"I defy anybody to tell me they would have noticed it," Beveridge said.
Every time a customer swipes a card, the skimming device transmits the information instantly to a computer nearby, or at other times, thieves come back and retrieve the tiny device.
Thieves then used cloned bank cards - any card with a magnetic strip, including already used gift cards will work - and go on a withdrawal spree.
In Los Altos, thieves made most of their withdrawals on a weekend, and spent a couple of weekdays in the area before moving on. In some cases, Beveridge said bank photos show thieves making five different transactions in a span of five minutes.
"They go where they know people aren't going to be around when they do remove funds," Beveridge said.
Beveridge has contacted the FBI in hopes of creating a task force aimed at catching the high-tech thieves.
"The more they do, the more likely they will screw up," Beveridge said. "The more crimes they commit, the more information we have and then the more likely we are to catch them and get a conviction."
In a separate case, more than 200 shoppers had their debit card information stolen after swiping their cards at a Lunardi's Supermarket in Los Gatos.
"You have very ingenious people who are doing these things because the rate of return is so high," Adam Levin, chairman of Identity Theft 911, an Arizona company that works with banks and institutions to resolve cases of identity theft, told the Mercury News earlier this month. "It happens all over the U.S., and it happens almost every day unfortunately."
By Mark GomezData theft, web attacks nightmare for IT heads: Survey - The Econimic Times - 29 May 2008
NEW DELHI: It is insider threats and emerging web-based attacks that are presenting nightmares for directors of IT firms than just the hacking menace, reveals a recent survey.
More than 80 per cent of the 103 IT directors surveyed felt that insider threats which are defined as either unintentional data leakage or deliberate data theft, as the biggest problem to their respective organisations.
According to the survey conducted by US-listed Secure Computing Corporation, only less than one in five respondents said that external threats posed by hackers are more dangerous.
About 37 per cent of the respondents had experienced leakage of sensitive information in the past year. Further, internal security is found to be the top priority for the directors.
The survey was conducted among senior attendees at the Infosecurity Europe exhibition last month. Among the respondents, 34 per cent said e-mail is the biggest current security threat, followed by Voice over IP (25 per cent) and web surfing (21 per cent).
However, four in five directors surveyed felt that they could be better prepared for web-borne threats. In terms of external threats, malware is found to be the major headache for about 56 per cent of the directors whereas only 22 per cent are concerned about hacking. Moreover, 31 per cent of the respondents felt that viruses pose a big threat followed by spam (18 per cent) and data leaks (14 per cent). The survey showed that the biggest budgets would be spent on strengthening internal security, with 35 per cent of IT directors identifying it as their priority for planned investment.
State Street says personal data has been stolen - money.cnn.com - 29 May 2008
State Street warns former employees, customers of Investors Financial Services data was stolen
NEW YORK (Associated Press) - Financial services firm State Street Corp. said Thursday the personal data of some employees and customers of Investors Financial Services was stolen from a vendor's facility, but there is no evidence data has been used.
State Street acquired Investors Financial Services, a provider of investment services to hedge funds, in July 2007.
Customers and employees of Investors Financial Services are being notified of the data breach, and State Street set up a page on its Web site to provide customers and employees more information.
State Street said it will provide those with data stolen free credit monitoring services for two years.
Thursday, May 29, 2008
City BPO accused of data theft - TOI Ahmedabad - 29 May 2008
Ahmedabad: It could well be one of the biggest data thefts in the country. An Ahmedabad based BPO owner, Maulik Dave, has been accused of data theft from a Florida-based company and selling them to its rival companies in the US.
Dave stole data worth Rs 1 crore from the company. With the help of his accomplice based in the US, Milan Dabhi, he sold the data to competitors of the company in the US.
The nondescript office of Business Bee Solutions along the SG Road, a BPO working in the IT sector, has been closed for three months soon after Florida-based company Noble Ventures Inc. cancelled their contract with Dave. He then shifted his operations to his home in Vejalpur. Dave had got a contract for two years for designing and maintenance of the website of Noble Ventures Inc. This company provides customer database of 1.25 crore US citizens to various marketing companies in the US and also has a client-base in other international markets.
When his contract got cancelled, Dave tapped into the data bank of Noble Ventures Inc., and stole 85 lakh records and sold it to the company’s rivals in the US.
The US company smelt a rat and sent an email to the Ahmedabad city crime branch. Investigations revealed that Dave had indeed tapped into the server of Noble Ventures Inc.
On Wednesday, assistant commissioner of police, crime branch, Usha Rada, led a raiding party to Dave’s house in Vejalpur. Dave has been arrested and booked for data theft, his computer has also been seized. “The US company owners got suspicious when they detected data loss from the server. When they started retrieving the data, they came upon etraces of Dave. Then the company mailed us,” said Rada.
“The cost of data stolen is estimated to be no less than Rs one crore. However, officials said that it is just the first data block. There could be more,” said investigating police officers.
Police are also scrutinizing two computers, three laptops and three outer storage devices that contains data. Officials will present Dave in court on Thursday to get his remand for further information. How Dave got the password The Florida company had given Dave the password to access their server in January, as he claimed that he often faced server connection error.
In March, the contract ended and Dave started his illegal activities.
Officials explained that Dave had sought the password and user ID on pretext of server connection error. But, he later started using it to steal the database that included EIN, SSN, TAX IDs along with other information of 1.25 crore residents of the US and other countries.
“We are hunting for other accused Milan, who worked as an executive for another unit of Noble Ventures in the US. We are in possession of Dave’s financial transactions that indicate that he had financial transactions with Dabhi. He was one of the key persons who marketed the database to other customers in the US. The duo also sent some of the sample data to two major companies,” said Rada.
Parth Shastri TNN
Dave stole data worth Rs 1 crore from the company. With the help of his accomplice based in the US, Milan Dabhi, he sold the data to competitors of the company in the US.
The nondescript office of Business Bee Solutions along the SG Road, a BPO working in the IT sector, has been closed for three months soon after Florida-based company Noble Ventures Inc. cancelled their contract with Dave. He then shifted his operations to his home in Vejalpur. Dave had got a contract for two years for designing and maintenance of the website of Noble Ventures Inc. This company provides customer database of 1.25 crore US citizens to various marketing companies in the US and also has a client-base in other international markets.
When his contract got cancelled, Dave tapped into the data bank of Noble Ventures Inc., and stole 85 lakh records and sold it to the company’s rivals in the US.
The US company smelt a rat and sent an email to the Ahmedabad city crime branch. Investigations revealed that Dave had indeed tapped into the server of Noble Ventures Inc.
On Wednesday, assistant commissioner of police, crime branch, Usha Rada, led a raiding party to Dave’s house in Vejalpur. Dave has been arrested and booked for data theft, his computer has also been seized. “The US company owners got suspicious when they detected data loss from the server. When they started retrieving the data, they came upon etraces of Dave. Then the company mailed us,” said Rada.
“The cost of data stolen is estimated to be no less than Rs one crore. However, officials said that it is just the first data block. There could be more,” said investigating police officers.
Police are also scrutinizing two computers, three laptops and three outer storage devices that contains data. Officials will present Dave in court on Thursday to get his remand for further information. How Dave got the password The Florida company had given Dave the password to access their server in January, as he claimed that he often faced server connection error.
In March, the contract ended and Dave started his illegal activities.
Officials explained that Dave had sought the password and user ID on pretext of server connection error. But, he later started using it to steal the database that included EIN, SSN, TAX IDs along with other information of 1.25 crore residents of the US and other countries.
“We are hunting for other accused Milan, who worked as an executive for another unit of Noble Ventures in the US. We are in possession of Dave’s financial transactions that indicate that he had financial transactions with Dabhi. He was one of the key persons who marketed the database to other customers in the US. The duo also sent some of the sample data to two major companies,” said Rada.
Parth Shastri TNN
Subscribe to:
Posts (Atom)