subject: Possible Biggest Data Breach In US History Calls For Better Information Security Awareness [print this page] Possible Biggest Data Breach In US History Calls For Better Information Security Awareness
A recent data breach could make it the biggest of its kind in U.S. history. Best Buy, JP Morgan Chase, Citibank, Walgreens, Disney, Barclay's Bank, US Bancorp, Marriott, Ritz Carlton, LL Bean, Home Shopping Network, TiVo; these are the array of companies that have been a victim of a recent data breach as the result of an attack by an unknown party on the database of Epsilon, an email marketing firm owned by Alliance Data Systems.
Epsilon, a leading marketing services firm, with a broad array of data- driven, multichannel marketing solutions acknowledged the incident in a brief statement recently. "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system," Epsilon said. "The information that was obtained was limited to email addresses and/or customer names only."
Epsilon said it doesn't believe any other personal information was compromised, but it is now working with authorities on an investigation, a company spokeswoman said. And, now, Congress is demanding more information from Epsilon about exactly what information was stolen.
The chairman of the Subcommittee on Privacy, Technology and the Law Sen. Al Franken told Politico that Americans should know more about who owns their information. Franken told Politico in a statement "Most of the people affected by the Epsilon breach had never heard of that company before this week. We need to give Americans more awareness about who has their information and greater ability to protect it."
Epsilon is unclear how serious the issue is. In a letter to customers, Kroger said customer names and e-mail addresses were stolen. "As a result, it is possible you may receive some spam email messages," Kroger said. "We apologize for any inconvenience. Kroger wants to remind you not to open emails from senders you do not know. Also, Kroger would never ask you to email personal information such as credit card numbers or social security numbers. If you receive such a request, it did not come from Kroger and should be deleted," the letter states.
Epsilon sent 6.5 billion e-mail marketing messages in 2009, but the company also runs loyalty programs for Citi and Chase credit card users, and the kind of information stored in its databases could be extremely valuable to criminals looking to steal banking information in phishing attacks. Epsilon told Chase that none of its customers' financial information was compromised, the bank said Friday in a press release. A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. "
Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets of corporations or intellectual property. According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of 227,052,199 individual records containing sensitive personal information were involved in security breaches in the United States between January 2005 and May 2008, excluding incidents where sensitive data was apparently not actually exposed.
These report findings clearly points out that data breaches are very common these days. One way to mitigate internet security risks is with technical security training. EC-Council's brand new TakeDownCon is a technical information security conference series, in addition to learning from some of the best security experts, TakeDownCon also offers highly sought after technical training courses, including the Certified Ethical Hacker (CEH) course, often touted as the world's most comprehensive ethical hacking training program. The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.
