Personal information including names and Social Security numbers of 1,753 state employees leaked after it was posted to the Department of Administrative Services website. The personal information was included in a spreadsheet of vendors used by the state that was accessible to the public on the state web site. Officials believe the information was on the website since October 2003. After the leak was detected, the file was scrubbed. This leak was disclosed due to Connecticut’s S.B.650 which requires breach notification.

State officials claimed that the leak was not too serious because the Social Security numbers were displayed without hyphens and each had a numerical suffix attached, making them not easily recognizable.

The protocol was HTTP and the type data was NPI (e.g. customer data).

Websense Content Protection Suite can easily prevent such leaks by preemptively blocking internal and external communications such as emails and web posts that include confidential information. Being format agnostic, Websense Content Protection Suite can protect against leaks even if Social Security Numbers are displayed in different methods.

Content Protection Suite can also protect organizations against leaks from the outside when used in reverse proxy mode to prevent unauthorized access to web pages that contain such information.

Using Content Protection Suite’s Content Auditor module for monitoring and discovery of data at rest and data in use at the endpoint, organizations could identify confidential and private information and determine how it is being used.

For additional information on how to discover your sensitive data, monitor its movement throughout your network, and protect it against breaches, visit:

http://www.websense.com/global/en/ProductsServices/CPS/

Websense® Security Labs^TM has received reports of three new data security breaches.

Department of Education, Des Moines, Iowa.

Personal information, including Social Security numbers, names, addresses, and dates of birth, leaked from an unprotected file located on the department’s website. The file contained nearly 160,000 records of individuals who obtained a General Educational Development certificate from Iowa between 1965 and 2002.

The protocol was HTTP, and the data was NPI (customer data).

City College of San Francisco, San Francisco, California.

Private information, including names, grades, and Social Security numbers of 11,000 past and possibly current students at City College of San Francisco, leaked from a file posted to the internet for several years. Due to an incorrect business process, students’ details were posted online, allowing a contractor to prepare transcripts.

The protocol was HTTP, and the data was NPI (customer data).

Metropolitan Police Department, Washington, D.C.

Personal information, including Social Security numbers of nearly 2,000 members of the Metropolitan Police Department, has been accidentally released to two Advisory Neighborhood Commission officials who requested information about police overtime.

The protocol was network printer, and the data was NPI (customer data).

Websense Content Protection Suite can prevent such leaks by blocking internal and external communications, such as emails and web posts, that include data that should be protected. Content Protection Suite also protects against leaks from outside the organization by using a reverse proxy mode. This mode prevents unauthorized access to web pages that contain this type of information.

By using the suite’s Content Auditor module for monitoring and discovering data at rest, and data in use, at the endpoint, an organization can identify and locate where confidential and private information is found, and determine if that data is being used inappropriately.

For additional information on how to discover your sensitive data, monitor its movement throughout your network, and protect it against breaches, visit:

http://www.websense.com/global/en/ProductsServices/CPS/

The National Credit Union Administration (NCUA) has assumed control of the operations of Communities United Credit Union, a state-chartered, federally insured credit union serving residents within several zip code areas in Wichita, Kansas.

Results of NCUA’s 2/15/2007 Board Meeting are Available

NCUA is amending its rules to implement amendments to the Federal Credit Union Act (FCU Act) made by the Financial Services Regulatory Relief Act of 2006 (Reg Relief Act). The final rule revises the maturity limit in the general lending rule and permits federal credit unions to provide certain, limited financial services to nonmembers within their fields of membership.

Draft items for NCUA’s 2/15/2007 Board Meeting are available

Draft items for NCUA’s 2/15/2007 Board Meeting are available

Websense® Security Labs™ has observed a surge in email spam messages relating to Valentine’s Day, which attempt to lure the user into installing Potentially Unwanted Software. The majority of these emails appear to have been sent from IAC Search & Media subsidiaries MyWebSearch and MyFunCards.

We have not yet discovered any exploit code being utilized. Instead, these lures rely on social engineering to tempt users into installing their software by promising free electronic cards and other gifts. The installed software may redirect your internet traffic or search results when it believes you have “misspelled” a term.

EULA Excerpt:
The Software, in the course of processing a given search query, sends a request to our servers. This request includes the keyword query, time of day, browser type, default language setting, IP address, an anonymous unique ID, and a code which identifies the distribution source of the Software used by you to conduct your search. If the search query is being generated as the result of a misspelled URL or search term entered in to the browser address bar, we also receive the misspelled URL address or search term.

Just remember this old adage: “There Ain’t No Such Thing As A Free Lunch!”

Email Lure 1:

Email Lure 2:

Software Install Attempt:

National Credit Union Administration (NCUA) Board Member Hyland has announced the schedule for upcoming Outreach Task Force “Town Hall” meetings.

National Credit Union Administration (NCUA) Board Member Hyland has announced the schedule for upcoming Outreach Task Force “Town Hall” meetings.