Hi-Tech-Consulting

Most Breaches Caused by Crime Gangs
BankInfoSecurity.com (07/28/10) McGlasson, Linda

Eighty-five percent of all stolen data last year was the work of organized crime, according to the annual Verizon Data Breach Investigations Report, produced in collaboration with the U.S. Secret Service. Of the 143 million records compromised in 2009, 85 percent of them stemmed from financial service incidents. In addition to organized crime, there was greater incidence of breaches attributable to insiders and social engineering. The Verizon report also notes that most of the breaches could have been avoided if security fundamentals had been implemented. Financial services accounted for a third of the cases investigated, while hospitality made up 23 percent and retail 15 percent. ID Experts CEO Rick Kam points to the growth of hybrid attacks involving collaboration between insiders and external organized cybercriminals. Kam says that criminals are employing advanced data-mining data methods to build more complete identities by “stealing data from public and private data sources that contain both sensitive financial data, as well as other identifiers like health insurance numbers, diagnosis, personal information from social Web sites like Facebook.”

Hospital’s History of Violence Leads to OSHA Fine
Occupational Health & Safety (07/20/10)

The Occupational Safety and Health Administration (OSHA) has cited Danbury Hospital in Danbury, Conn., for failing to adequately protect its employees against workplace violence. After an investigation that began in January 2010, OSHA found several incidents in the past 18 months in which hospital employees had been injured by violent patients. In the past five years, there have been about 25 cases in which employees lost workdays or were put on restricted duty after sustaining injuries from patients. OSHA has cited the hospital for alleged serious violations of OSHA’s general duty clause, which requires workplaces to be free from recognized hazards that are likely to cause death or serious injury to employees. The citation against Danbury Hospital carries a proposed fine of $6,300. “This citation points to the need for the hospital to develop a comprehensive, continuous and effective program that will proactively evaluate, identify, prevent, and minimize situations and conditions that place workers in harm’s way,” said Marthe Kent, OSHA’s New England regional administrator. OSHA’s citation included several suggestions for the hospital, including making sure that security staff members are trained to deal with aggressive behavior, and are immediately available for assistance. OSHA also recommended a system that flags a patient’s chart when there is a history of violence, and to establish administrative controls to ensure that employees are not alone with potentially violent patients in the psychiatric ward.

Thieves Strike U.K. Metals Warehouse
Wall Street Journal (07/15/10) Hotter, Andrea; Pleven, Liam

Growing demand for commodities and rising prices have made metal an attractive target for thieves in the U.S. and the U.K. According to British Transport Police officials, there has been a significant increase in metal theft over the last six months in the U.K. In the latest incident on May 31, thieves stole several hundred tons of nickel and copper from a warehouse in Liverpool that was owned by JPMorgan’s Henry Bath & Son. The theft took place in spite of the stricter security measures that were put in place following JPMorgan’s security review of Henry Bath. It remains unclear how the theft took place. However, authorities say that they believe that whoever stole the metal might be storing it somewhere in the U.K. before taking it to a smelting facility to make it smaller or change its appearance. The thieves will then try to sell the metal at a scrap yard, officials say. In the U.S., meanwhile, authorities are investigating the theft of roughly $500,000 worth of copper rod from a mill in Carrollton, Ga., in April. That theft is believed to be linked to several thefts of copper and other metals in a number of southern states over the last couple of months.

NM Gunman Shoots Girlfriend, Kills Two at Plant
Associated Press (07/13/10) Holmes, Sue Major

Thirty-seven-year-old Robert Reza has been identified as the gunman who attacked a facility in Albuquerque, N.M., owned by the fiber-optic and solar-power manufacturer Emcore Corp. Two people were killed in the attack and four other people were wounded, including Reza’s girlfriend who was reportedly the target of the shooting. Reza also shot and killed himself. Law enforcement officials believe that the shooting was triggered by a bitter child custody dispute between Reza and his girlfriend, and that the girlfriend had told co-workers that she planned to report Reza for domestic violence. It is unknown how Reza, a former Emcore employee himself, was able to force his way past company security. Police Chief Ray Schultz called the Emcore campus a “very secure facility” and reported that detectives and FBI agents had been able to confirm eyewitness accounts using facility surveillance footage.

39 Breaches Involving Financial Service Companies in 1st Half of 2010
BankInfoSecurity.com (06/28/10) McGlasson, Linda

So far this year there have been 39 reported data breaches involving financial service companies, in which more than 8.3 million records have been stolen. This constitutes more than 50 percent of the total number of reported data breaches financial services firms suffered in all of 2009, and experts warn that more attacks are likely. Only 11.1 percent of the data breaches disclosed so far this year involve financial services, but the Identity Theft Resource Center’s Linda Foley says the business sector tops the list for breaches in the first half of 2010 because of the growing number of credit card-related breaches at businesses, retailers, hotels, and restaurants. “We’re seeing a lot of retail, hotel and restaurants being hacked into somewhere between the point of sale and the card-processing server,” she notes. The Ponemon Research Institute’s Larry Ponemon says data breaches at financial service companies are not easing. “My research suggests that financial institutions are particularly susceptible to automated agent attacks such as botnets, data-stealing malware, and other advanced threats,” he says. As a result, data breach costs are likely to climb for retail banks, credit card firms, and other financial service companies, Ponemon warns.