From jericho at attrition.org Tue Jan 31 18:01:44 2006 From: jericho at attrition.org (security curmudgeon) Date: Tue, 31 Jan 2006 18:01:44 -0500 (EST) Subject: [Dataloss] test 1 Message-ID: hi From lyger at attrition.org Tue Jan 31 18:04:56 2006 From: lyger at attrition.org (lyger) Date: Tue, 31 Jan 2006 18:04:56 -0500 (EST) Subject: [Dataloss] test 1 In-Reply-To: References: Message-ID: On Tue, 31 Jan 2006, security curmudgeon wrote: ": " hi i am not and i resent the implication From jericho at attrition.org Tue Jan 31 18:05:57 2006 From: jericho at attrition.org (security curmudgeon) Date: Tue, 31 Jan 2006 18:05:57 -0500 (EST) Subject: [Dataloss] test 2 Message-ID: bye From lyger at attrition.org Tue Jan 31 18:35:45 2006 From: lyger at attrition.org (lyger) Date: Tue, 31 Jan 2006 18:35:45 -0500 (EST) Subject: [Dataloss] Data Loss Mailing List Announcement Message-ID: In what has become a near weekly occurance, large companies are collecting your personal information (sometimes without your knowledge or consent), and subsequently letting it fall into the hands of the bad guys. This is your personal information; name, address, social security number, credit card number, bank account numbers, and more. Data Loss is a mail list that covers topics such as news releases regarding large-scale data loss, data theft, and identify theft incidents. Discussion about incidents, indictments, legislation, and recovery of lost or stolen data is encouraged. To subscribe to Data Loss, send a mail to: dataloss-subscribe at attrition.org To unsubscribe from this list, send a mail to: dataloss-unsubscribe at attrition.org From rforno at infowarrior.org Tue Jan 31 19:33:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Jan 2006 19:33:56 -0500 Subject: [Dataloss] Honeywell Investigates Security Breach Message-ID: (first post!! -rf) Honeywell Investigates Security Breach http://news.yahoo.com/s/ap/20060201/ap_on_hi_te/honeywell_internet MORRISTOWN, N.J. - Honeywell International is offering credit monitoring and identity theft insurance to approximately 19,000 current and former employees whose personal information ? including Social Security numbers and bank account information ? was posted on an Internet Web site. The company notified employees about the breach within a day of learning of it on Jan. 20, according to spokesman Robert C. Ferris. "The company immediately contacted the relevant service provider, had the page removed from the Internet and is continuously monitoring the Internet to ensure that the Web page and any copies of it remain taken down," said Ferris. He said the company was working with federal and state investigators to determine who posted the data. Ferris said he didn't know whether the posting was the work of a disgruntled employee or resulted from an administrative error or other cause. "Honeywell will aggressively pursue those responsible for this breach," Ferris said. In a Jan. 24 letter to employees, the company's vice president of global security, John E. McClurg, said the Identity Theft and Fraud Division of insurer AIG would help them protect themselves. "They will provide you with a tool kit of resources and hands-on support to address any issues you encounter," he said. The Morristown-based industrial and aerospace conglomerate employs about 120,000 people worldwide. Incidents like the Honeywell security breach are on the rise as thieves and pranksters take aim at corporate America, according to Ron Teixeira, executive director of the National Cyber Security Alliance, a Washington, D.C.-based nonprofit dedicated to educating individuals and corporations about cyber safety. "There are a number of reasons why this could have happened. When it's put out on the Web, hackers do that to show they could get access to the information and show the company their security was lacking. Other times, hackers are actually thieves or try to sell the information to thieves to commit ID theft. "Any time your info is posted on a Web site, you never know who's using it and what they're using it for," said Teixeira. From audit at c2security.org Tue Jan 31 19:49:15 2006 From: audit at c2security.org (audit) Date: Tue, 31 Jan 2006 19:49:15 -0500 Subject: [Dataloss] American National deploys data loss prevention solution Message-ID: <43E0058B.6070609@c2security.org> American National deploys data loss prevention solution http://www.commentwire.com/article_news.asp?guid=29A379F5-F81A-44FE-8ED2-AE0683937895 American National Insurance Company has implemented a data loss prevention solution from Vontu in a bid to stop the loss of confidential information such as policy-holder data and other privacy-related information. Vontu says its data loss prevention solution, Vontu Prevent, is the only solution on the market that proactively prevents data loss over email and the web. The vendor claims its software integrates with email message chain and web infrastructure technologies, blocks communications containing confidential content, and routes messages to an encryption gateway for secure delivery, enabling enforcement of enterprise-wide encryption and archiving policies. According to Vontu, at American National, Vontu Prevent will analyze email traffic and route messages containing confidential content to PGP Corporation's PGP Universal for encryption and secure message delivery. By preventing the loss of policy-holder data, American National will be demonstrating compliance with state and federal regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach Bliley Act (GLBA) and a growing number of privacy-related regulations. Charles Addison, CIO of American National Insurance Company, said, "At American National, we take a proactive approach to protecting the private information of our policy holders. The Vontu Prevent solution is a key component of our strategy. To meet the highest degree of compliance with both our own data security policies and state and federal regulations, we need a solution that can accurately detect confidential data, prevent it from leaving the network and redirect it, if necessary, for secure encryption. Vontu met all our requirements."