News & Reviews


Keep up to date with Origin Storage

Tagged: Data Breach RSS

  • Origin Storage 12:55 on 06/03/2012 Permalink | Reply
    Tags: Data Breach,   

    Data Encryption Software: Avnet Servers Stolen, ICO Looking Into Breach 

    The UK’s Information Commissioner’s Office is looking into a data breach that occurred in December 2011. According to channelregister.co.uk, Avnet Technology Solutions suffered a data breach on December 21 when “unknown parties broke into” their offices. Could the use of data encryption software mollified the ICO? Probably. Was it an option? Well…maybe.

    Server Hard Disks Stolen

    The Haslingden, Lancashire offices of Avnet were broken into on December 21, 2011. Server hard disks — and not the servers themselves — were stolen. These contained data on staff and customers related to the acquisition of Bell Micro. While channelregister.co.uk originally reported that addresses, bank account numbers, sort codes, passport numbers, and national insurance numbers were stolen, it was later contacted by Avnet, and a correction was issued: passport and national insurance numbers were not part of the stolen data.

    Avnet would not confirm how many people were affected by the breach, or how many hard disk drives were stolen.

    The thing about servers is that, generally, people don’t want to use disk encryption software on them because of its negative impact on system resources. It depends from server to server, of course: if a server is accessed every five seconds, then encryption software would probably not impact it negatively. However, if the server is running at 100% all the time, then that computer needs all the resources that can be spared and then some.

    What kinds of servers were involved in the Avnet case? We don’t know. We do know, however, that the breached data was probably not needed on a 24/7 basis. Of course, what else was on these servers is unknown, so it’s hard to decide whether encryption would have been a viable data security measure in this particular case.

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

  • Origin Storage 12:41 on 13/02/2012 Permalink | Reply
    Tags: Data Breach, , unecrypted laptops   

    Eircom confirms data breach after unencrypted laptop theft 

    Data Protection Commissioner slams Irish telecoms giant for “bog standard” security failings

    Irish telecoms firm eircom has confirmed the theft of three laptops containing personal information of over 7,000 customers.

    According to the Irish Independent, details of more than 7,000 mobile phone customers and employees were compromised while bank account or credit card details of 550 eMobile and Meteor customers was also potentially at risk.

    Two of the laptops were stolen from eircom’s Dublin offices in December last year while the third was taken from the home of an employee. It was this laptop that contained the names and address of nearly 700 eircom employees, the Irish Independent says.

    The laptops stolen from eircom’s office contained personal information of 6,441 eMobile business customers. Nearly 150 of these contained financial or bank details. Another file contained details of just over 400 Meteor post-pay customers, the report said.

    The laptops were not encrypted.

    Paul Bradley, head of communications at eircom, apologised to customers and said two separate investigations are underway. He added that no evidence had yet been uncovered that the data had been used by a third party.

    However, the group was slammed by Irish Data Protection Commissioner Billy Hawkes. Speaking to RTE, he said the breach is one of the “most serious” his team had faced, “For two reasons: Because of the nature of the financial data that was on the unencrypted laptops puts people at risk of data theft and secondly the long delay in telling people that their data had been compromised and giving them the opportunity to protect themselves.”

    Hawkes said that data breaches should be reported within 24 for 48 hours and that eircom’s explanation that it was waiting to find out what data was on the laptops before notifying people was “not acceptable”.

    He was said that encryption on laptops that contain personal information is “bog standard security” and that it is “extremely surprising that in two separate incidents eircom laptops were not encrypted.”

    The Data Protection Commission confirmed it is investigating the incident

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

  • Origin Storage 10:44 on 29/07/2011 Permalink | Reply
    Tags: , , Data Breach, , , , , ,   

    Sun, Sand, Sea and Security Survey 2011 

    Work obsessed Brits abroad – 73% of workers check emails whilst on holiday
    And a further 62% admit their boss expects to be in touch with them whilst enjoying the summer sun.

    London (UK), July 2011: Bags packed, flights booked and foreign currency in their pockets. The workforce might be jetting off but they’re definitely not leaving the daily grind behind. Instead –according to a survey conducted by the secure storage specialist Origin Storage – of 1,000 office workers in the City of London, a whopping 73% of workers will check in with the office, whilst on holiday. The results also show that over 50% of those planning a summer break abroad will remain in contact with the office every day to ensure things stay on track during their absence, by checking email accounts and text. Of this group, 32% check their emails more than once a day and if you’re the boss, it seems you never truly rest as 83% admitted that they will be in touch with their offices throughout their entire vacation.

    Key Highlights :

    • 73% of workers phone, text or email their places of work during their holiday of which 54% will check emails at least once a day and 32% more  than once a day!
    • 41% take mobile devices on holiday for work purposes
    • 62% expect their employers to contact them whilst away on holiday
    • 44% of respondents feel that being contactable gives them job security
    • 51% of laptops are left totally unsecured without even a password for protection
    • Only 26% of these laptops will be encrypted

    Paranoid or Laid Back – which are you?
    We are divided. 39% of our sample group felt less stressed after checking emails whilst another 39% admitted checking their emails would leave them more stressed.
    22% are undecided.

    Over 50% of respondents have no security on laptops at all!
    In a worrying new statistic, 51% of those storing work on their laptops are doing so without any security whatsoever with not even a password for protection! Let’s hope they’re not left behind at the airport, in a café or on the beach.

    From the horse’s mouth:
    Jane, City PA from Harpenden:”My director feels he can contact me at any time for the most inane of queries, ‘Where is the contacts folder?’ or ‘What time did you book me on my flight to Geneva?’ and I feel it’s an invasion of my privacy. I was even called off the beach by the hotel reception because my mobile was not picking up signal so my boss called the hotel directly.”
    Mike, CEO from Barnes: “I absolutely expect to contact my staff when on holiday. If they don’t want the job, there are thousands who do. Myself included, can we really afford not to work all the hours in this economic climate? I think not. I know I feel better knowing that things are ticking over nicely whilst I’m away so I don’t come back to an unmanageable workload.”
    Speaking on these results, Andy Cordial, MD of Origin Storage concludes, “We seem to have changed to a nation of workaholics. Only 23% (a jump from the survey conducted just 8 months ago from 35%) of our respondents have no contact whatsoever with work during their holiday which puts them firmly in the minority. Although on the surface this may seem like a good trend, especially for cash struck organisations, we deal with the aftermath from these industrious workers when company secrets have gone AWOL. The reality is that when corporate information is accessed from a mobile device, whether it’s personal or company owned, and it’s misplaced there are consequences”.

    Cordial continues, “Who is to blame? Is it the employee who just can’t let go or the employer for making them feel that they have to be accessible in the first place? Regardless of why it’s happening, our advice to the corporate world is: if you expect to contact your staff while away then it is down to you to secure their devices. Especially as the Information Commissioner’s Office are under pressure to flex its muscle and fine up to £500K for data breaches. Take the opportunity to re-evaluate your security – especially of your mobile devices, and perhaps invest in some holiday insurance of your own.”

    This survey was carried out amongst 1000 city workers by interviewing them at London Bridge and Monument station commuter platforms during July 2011

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

  • Origin Storage 12:08 on 24/05/2011 Permalink | Reply
    Tags: , , Data Breach, , , , , , , , , , , , , , , , ,   

    Data Protection 

    Self-encrypting drive solutions based on TCG specifications enable integrated encryption and access control within the protected hardware of the drive. Self-encrypting drives provide the industry’s premier solution for full disk encryption, protecting data when the machines or drives are lost or stolen. TCG’s open standards provide multivendor interoperability.

    Self Encrypting Drive Benefits:
    Better Performance
    • Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation
    • Scalable solution – every drive contains encryption engine

    Stronger Security
    • Encryption always on – major compliance requirement
    • Keys for encryption are generated in the drive and never leave the drive
    • User authentication is performed by the drive before it will unlock, independent of the operating system

    Easier to Use
    • Encryption is transparent to both users and software.

    Lower Cost of Ownership
    • No need for complex infrastructure to manage encryption keys
    • Main processor cycles not used for encryption
    • No modifications to OS, applications or tools
    • Crypto-erase provides instant repurposing / decommissioning

    Self-Encrypting Drives in the Marketplace
    • Latest information on product availability and software support – (September 2010) and (August 2010)

    For more information on our Encryption product range, please click here.

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

  • Origin Storage 09:14 on 10/05/2011 Permalink | Reply
    Tags: , Data Breach, , , , , , , , , , , , , , , , , , , , , , , , , , , , Survey   

    41 Percent of IT Professionals Carrying Sensitive Information on Mobile Devices – Unprotected 

    Basingstoke (UK), 10 May 2011: A study by Origin Storage – the secure storage specialist, has revealed that 41 percent of what should be a security savvy audience are carrying sensitive information on mobile devices unprotected. In fact, 19 percent revealed that their organisation had suffered a data breach following the loss of a portable device (i.e. laptop, USB, CD) with 54 percent confessing the device had not been encrypted – an offence under the Data Protection Act and subject to regulatory action by the ICO, were it made aware!

    With 70 percent of organisations making data encryption mandatory, 11 percent of those respondents carrying sensitive information unprotected are actually breaching their organisation’s data protection efforts while the other 30 percent are simply following their organisations woefully inadequate example. When digging a little deeper the study, amongst IT security professionals at this years Infosecurity Europe show, uncovered a staggering 37 percent of respondents who confessed that between 81 and 100 percent of all sensitive data stored on their device(s) was actually left unprotected – so not just one or two documents transferred in a hurry.

    Andy Cordial, Origin’s managing director, explains, “When you consider the level of knowledge this audience is assumed to have, working in IT and having some form of security remit, yet the lax protection used for sensitive data, it’s hardly surprising data breaches are increasing in frequency and especially recently in size. I’m astounded that 30 percent of organisations are still oblivious to the Data Protection Act and the recommendation from the Information Commissioner that encryption be used to protect sensitive information.”

    The problem of sensitive data isn’t restricted to any particular device as 67 percent use laptops, 52 percent USBs, 33 percent still rely on CDs with 52 percent using another form of portable storage device.

    A final startling revelation is that just 36 percent of visitors felt that FIPS certification is ‘a must’ for encryption technology.

    Andy concludes, “The ICO recommends any solution should meet FIPS 140-2 yet 31 percent of our sample flippantly state that it ‘doesn’t matter’. Certification is the only ‘proof’ that the product actually does what the company ‘claim’ it does. It’s not just me saying this because our products have the certification as there have been incidences where products have fundamental design problems, or even companies that have made false claims. My advice – don’t leave security to chance. Lock it down with something that’s actually proven to work or there is a strong possibility you’ll be crying over spilled data.”

    To explore our solutions for Data Security, click here.

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

  • Origin Storage 16:11 on 28/04/2011 Permalink | Reply
    Tags: , ChannelWeb, Chris McIntosh, , Cyber, Cyber Crime, , Data Breach, , , , , , , , OriginStorage, ViaSat UK   

    ICO hits out at data breach figures 

    Watchdog claims data loss figures released under the Freedom of Information Act have been misunderstood

    The Information Commissioner’s Office (ICO) has hit out at encryption vendor ViaSat over claims it has misinterpreted data supplied to the firm via a Freedom of Information (FoI) request

    The data watchdog came under fire last week after it emerged that it has issued a handful of financial penalties totalling £310,000 for Data Protection Act (DPA) breaches, despite acquiring powers to impose fines of up to £500,000 a year ago.

    The figures were obtained via a FoI request by ViaSat who said the ICO’s inaction was harming the deterrent value of the fines.

    The ICO has since released a statement claiming that one of the statistics, relating to the number of data breaches reported between 6 April 2010 and 22 March 2011, supplied to ViaSat, has been misinterpreted. This is a claim the firm staunchly denies.

    According to ViaSat, 2,565 potential data breaches were reported during that period, while the ICO claims the actual figure is far fewer.

    A representative from the ICO explained: “While it is true that the ICO has concluded that in 2,565 cases compliance with the DPA was unlikely, the figure for self-reported security breaches – where information has been disclosed or lost – is far lower.

    “The 2,565 [figure] cover all types of compliance including a company sending unwanted postal marketing, incorrect data being held or an organisation not handling a subject access request appropriately.”

    In total, the ICO said it received 603 self-reported data breaches, 37 of which resulted in action being taken.

    The representative continued: “These [self-reported security breaches] vary from minor administrative errors, where enforcement action would not be appropriate to serious data losses which led to the ICO imposing a monetary penalty.”

    In a statement to ChannelWeb, Chris McIntosh, chief executive of ViaSat UK, defended his firm’s use of the figures, claiming the fault lies in the way the ICO supplied its data.

    “The figure of 2,565 was given to us by the ICO in direct response to an FoI request on the number of data breaches reported since 6 April 2010,” he said. “Our request was clear in that we wanted information on the number of data breaches.

    “Even if you look at the revised figures the ICO has released, it is still clear that monetary penalties have been enforced in less than one per cent of the data losses it has dealt with.”

    Daniel Hamilton, director of public privacy campaigners Big Brother Watch, said the issue is not with the number of breaches reported, but the small number the ICO is clamping down on.

    “For the ICO to only take enforcement action in such a small number of cases, suggests he is little more than a paper tiger,” he said. “The ICO has tough and wide-ranging powers and it is time he used them to maximum effect.”

    This is a view shared by Andy Cordial, managing director of vendor Origin Storage. “We still see a number of high-profile data losses and very little action from the ICO,” he said.

    “The majority of the 603 cases could have be prevented with a small investment and until fines become more widespread, confidential data will continue to be compromised,” he added.

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

  • Origin Storage 12:41 on 15/04/2011 Permalink | Reply
    Tags: Data Breach, , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,   

    Enigma SED Video Podcast 

    For more information on the Enigma SED – click here.

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

  • Origin Storage 14:43 on 14/02/2011 Permalink | Reply
    Tags: , , Data Breach, , , , , , , , , , , , , , , , , ,   

    Self-encrypting drive sales on the up, claims Seagate 

    But total sales still modest
    Disk maker Seagate claims it is finally making some headway in its attempts to get businesses to start buying its self-encrypting drive (SED) products, with a tripling in sales in the last two quarters.

    The company is now quoting total sales figures of “more than 1 million,” which is not much of advance of a similar figure offered informally in May last year, but Seagate can still point to numbers heading in an upward direction. Laptop shipments have, Seagate said, “doubled in each of the last three years.”

    Factors helping SED shipments in laptops and enterprise sectors will have included that the critical Momentus drive range first launched as far back as 2006 is now being qualified by partners as compliant with the Trusted Computing Group’s Opal specification. This offers a standard way for software to manage the drives compared to the previous proprietary approach.

    Partners include Dell, Lenovo and Panasonic in hardware and Credant, McAfee, Mobile Armor, Secude, Softex, Symantec, Wave Systems and WinMagic in software, which integrate with 24 separate Seagate SED products in the Savvio, Cheetah, and Constellation, and Momentus families.

    As impressive as the growth sounds, the figures are still miniscule when set against the 150 million drives the company might ship in a single quarter, which is where the challenge comes. SEDs are still a long way from being a mainstream sector, even in business despite attempts to push the technology since at least 2008.

    Last September, Seagate announced that its Momentus SED had become the first drive in the laptop encryption drive market to get the important FIPS 140-2 certification that matters so much to public sector organisations.

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

  • Origin Storage 09:35 on 09/02/2011 Permalink | Reply
    Tags: , , Data Breach, , , , , , , , , , , , , , , , , , , ,   

    Origin Storage Launches Enigma FIPS Solution For Laptops 

    Origin Storage, a leading manufacturer and distributor of IT storage solutions, has today announced the launch of Enigma FIPS. The FIPS 140-2 solution is the latest in the Enigma range to provide companies of all sizes with a quick and cost effective way to secure laptops using the highest levels of hardware encryption. The Enigma FIPS will be on show at CES in Las Vegas 6-9 January 2011.

    The Enigma FIPS solution incorporates the Seagate Momentus ® Self-Encrypting Drive which has recently secured FIPS 140-2 certification from the U.S. National Institute of Standards and Technology (NIST). The Momentus drive provides hardware-based encryption without performance degradation.

    With remote working becoming an important part of modern day corporate environments, organisations are more likely to issue laptops over standard desktop PCs. Companies are risking the security of sensitive and confidential information as it leaves the physical confines of the traditional office environment. Origin Storage’s launch of Enigma FIPS can put corporate minds at ease, offering the highest levels of security and a competitive price.

    Andy Cordial, MD of Origin Storage comments, “More than 3,300 laptops are lost or go missing at the eight largest airports in Europe, the Middle East and Africa (EMEA) each week and according to new research, six out of ten of these are never claimed. More worryingly, nearly half of the professionals surveyed keep confidential information on their laptops, and over half take no steps to protect that data (research carried out by Ponemon Institute).

    “FIPS 140-2 certification exemplifies Seagate’s commitment to security standards that enable the widespread adoption of encrypting hard drives for laptops and other computers as the explosive growth of laptop PCs puts more sensitive personal and business information at risk,” said Mark Whitby, Seagate’s vice president of EMEA Sales and Marketing. “Certification gives solutions providers like Origin and end-user customers the peace of mind that Momentus ® Self-Encrypting Drives delivers the full power of government-grade security.

    Enigma FIPS is a compatible upgrade with all PC based SATA notebooks designed specifically for the corporate and SME market. Each Enigma hard drive is supplied with the correct fitting kit, pre-mounted and ready to fit straight into the laptop. Developed by WinMagic, MySecureDoc Express has a Pre-Boot Authentication system that allows the user to authenticate using a password. This removes the need for the drive to rely on the laptop’s BIOS, making it possible to upgrade SATA based systems to an Enigma SED.

    “Seagate’s FIPS 140 compliant drive and WinMagic’s MySecureDoc Express self-encrypting drive (SED) management software combine to provide the complete solution for customers that want to upgrade their existing computing systems with the latest government approved encryption technology to protect their sensitive data.”

    “We continue to work closely with Seagate and other SED manufacturers to provide individuals with security tools that are easy to configure, use, and manage at an affordable price. We recognise that SEDs require software to activate the hard drive pre-boot authentication and provide other value added services. These include self-help password recovery and local administration that combine to allow users to take advantage of the latest certified security technology shipping today.” said Garry McCracken, Vice President of Technology Partnerships, WinMagic Inc.

    The Enigma FIPS solution also includes a data transfer cable and Acronis hard drive cloning software, providing a quick and simple way to move existing data from the laptops non-encrypted hard drive to the fully encrypted Enigma solution. Using a high speed USB2 or eSATA connection a full mirror image clone of the existing drive including the Operating System, Applications and all user data is made which limits the downtime required to upgrade the ,mobile worker’s laptop.

    Key Features
    • FIPS 140-2 validated (Level 2)
    • Supports Windows 7 (32 and 64 bit)
    • No BIOS Limitations
    • Password Pre-Boot Authentication
    • 100% Compatible Matched Solution
    • Fits PC Based SATA Laptops
    • Tamper evident coatings
    • Transfer Existing Data With Ease
    • No Speed Degradation
    • Capacities Up To 500GB and Rising

    Benefits
    • Government security standard achieved
    • Always On Entire Disk Encryption Protects All Data On The Drive
    • On The Fly Hardware Encryption Means No Additional System Resource Usage
    • Local administrative role manageability
    • Self-help password recovery options
    • Activation of drive into encrypted state is instantaneous versus the unavoidable “conversion” time needed with standard hard drives
    • Data encryption key does not leave the drive, hence helps prevent cooled-RAM attack and simplifies key management
    • Read Only PBA ( Pre-Boot Authentication) area supports password authentication using drive’s secure partition
    • Crypto erase enables instant secure disposal and repurposing of self encrypting-drive, rendering all existing data unintelligible, and returning it to manufactured state
    • Complete Matched Solution Makes Fitting Quick And Provides 100% Compatibility
    • Included Transfer Kit Clones Existing data Via USB2 or eSATA To Minimise Downtime

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

  • Origin Storage 10:26 on 14/10/2010 Permalink | Reply
    Tags: , , , Data Breach, , , , , , , , , , , , , , , , , ,   

    Enigma: The single solution to protect the data on your notebook 

    It is clear that attitudes are changing. It is now very common to work out of a home Office to save time during travel or even simply because today’s professionals have not necessarily got a physical office. As more people have made their laptop their virtual office containing all data critical and essential to their professional activities, the loss or theft of the computer has become a very stressful issue and can lead to serious consequences for companies if data falls into the wrong hands.

    Origin Storage, not satisfied to offer just the external encrypted hard drives, known as the Data Locker, have gone one step further by offering secure internal hard drive solutions for your notebook.

    Encryption to secure all of your data
    The proposed solution is to change the laptop hard drive and replace it with an Enigma SED (self encrypting drive). Thus the new data saved on your laptop will be encrypted (256-bit AES) on-the-fly and no loss of speed is noticeable, on read or write, thanks to a system of hardware encryption and not software, as seen by some manufacturers.

    Ease of deployment and installation
    Enigma disks are delivered with a mounting kit designed to perfectly fit the brand and model of laptop. A cable and cloning software are included with all Enigma drives for facilitating the transfer of your data on your current hard disk to the Enigma solution, which guarantees a maximum level of security for all the stored data. Acronis Cloning software makes a copy of your data and operating system to the new Enigma SED, taking around an hour for 120Gb’s, therefore providing minimum downtime to encrypt your data.

    Once the Enigma SED is installed, Winmagic will ask you to enter an administrator password for each start-up of the notebook; this is what is called PBA (pre boot authentication). If the password entered is correct, then the PC launches the BIOS initialisation phase and then launches the OS.

    Our Enigma drives are already available for many brands of laptops with capacities of 250GB at the price of £232.00 and 500GB at the price of £259.00. Unlike competitors, it is important to note that the Enigma solution requires no annual license or update fees of any kind. The selling price includes the use of the licenses for different software provided throughout the life of your laptop.

    To find the appropriate solution, you can visit the Enigma website (http://www.enigmased.com).

    Enigma disks should be destined for every notebook owner wishing to see data protected under any circumstance (governmental agencies, financial services, healthcare, insurance, military, and many others…). Now, companies with a large park of laptops equipped with traditional hard drives will be forced to change them for a secure solution in order to protect data and ensure compliancy as defined by the ICO.

    The Enigma solution is simple to implement and provides a level of security for all embedded data. If you lose your computer or it is stolen, do not panic. Your data is protected to the highest level of encryption available in the commercial world.

    DeliciousDiggFacebookLinkedInStumbleUponTwitterShare/Bookmark
     

← Older posts

c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
esc
cancel