Blog

Archive for August, 2010

Supermarket Customer Data Breached by SQL Injection Hack

Wednesday, August 25th, 2010

Neo Beat–an online Japanese Supermarket–reported that data on nearly 13,000 customers was compromised as a result of a SQL injection attack against its database. Credit card companies have reported that there have been fraudulent charges racked up as a result of the stolen customer data.

A report from Japan Today states “A source close to Neo Beat, which also operates the websites of these online supermarkets, said it believes that the approximately 30,000 unauthorized accesses to its database server were likely ‘‘perpetrated by a group of professional hackers.” Japan Today also states “The company’s investigation has found that its database program has a security vulnerability which made it difficult to block attempts from outside to intrude into the database server.”

Organizations should have sufficient perimeter defenses to prevent unauthorized access to internal servers, and there should be tools in place to monitor access and detect suspicious activity, but there are two other lessons to be learned here. First, IT admins need to stay informed of vulnerabilities affecting critical systems like customer database servers and make sure they are patched in a timely manner. Second, had the data been protected with encryption–using a tool  like Zecurion Zserver Storage–the hackers would have retrieved nothing but useless gibberish and the customer data wouldn’t be compromised in spite of the other security weaknesses.

Tags: , , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »

RAID Provides Data Integrity and Availability, But Not Security

Wednesday, August 4th, 2010

In the storage realm RAID architecture continues to be very popular and is widely used by different vendors because it allows for the combination of different hard drives into one fast, reliable and
spacious storage device that satisfies nearly all enterprise data storage needs. However, along with all the well known benefits of RAID architecture a common misconception continues to exist; many IT
professionals still believe that the data stored on RAID devices is secure.

This false belief stems from the basic concept of RAID – distributing the data among many hard drives which disrupts files formats and makes the stealing of one particular hard drive from the RAID system useless for an attacker. This white paper highlights the threats to data in a RAID architecture and outlines why additional data protection procedures should be employed to ensure complete protection and compliance with the ever-increasing regulatory mandates for securing sensitive data.

Tags: , , ,
Posted in Data Storage Security | 1 Comment »

Hell Pizza Needs to Add Some Encryption to the Menu

Tuesday, August 3rd, 2010

A popular pizza chain in New Zealand–Hell Pizza–has been victimized by cyber attackers. The personal information–including name, address, email address, phone number, account password, and even past pizza orders–of over 230,000 Hell Pizza customers has been exposed in the database breach.

Hell Pizza director Warren Powell said ”We are honestly taking this very seriously. The last thing we have wanted to do is inconvenience our customers. We take customers’ personal details bloody seriously and we spend a lot of money on security.”

Apparently, Hell Pizza needs to learn that the quality of the security spending is more important than the quantity. Unfortunately, spending the most money is not a valid measure of the effectiveness of network security measures. Had Hell Pizza invested in Zserver Storage, the information on the breached database would have been encrypted and the only thing exposed to attackers would be useless gibberish.

Tags: , , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »

Cooper University Reports Personal Data on Missing Thumb Drive

Monday, August 2nd, 2010

ABC News in Philadelphia–WPVI–reports that Cooper University Hospital is missing a USB thumb drive containing sensitive personal data on medical students, residents, and fellows.

It is unknown whether the thumb drive was stolen, or simply lost. But, what is known is that the missing thumb drive contains Social Security numbers, addresses, and phone numbers of the affected individuals.

Cooper University Hospital issues a statement explaining “Cooper University Hospital is investigating the circumstances surrounding a missing thumb drive. The thumb drive contained information with personal data about graduate medical education residents and fellows for the current and prior academic years. We have advised the residents and fellows who were advised to contact their local police. No other employee information was compromised. Further, No patient information or records were compromised.”

There is no indication that the data on the thumb drive was a violation of policy in any way, but it is worth noting that USB thumb drives are a significant security concern for all organizations. Portable storage media capable of holding 32Gb or more of data could contain untold volumes of sensitive or confidential information. IT admins should employ Zecurion’s Zlock to restrict access for storing data on removable media. For additional data protection, the data on removable or portable media should also be encrypted so it can’t be compromised even if the device is lost or stolen.

Tags: , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »