Cambridgeshire County Council breached the Data Protection Act by losing a memory stick containing sensitive data relating to vulnerable adults, the Information Commissioner’s Office (ICO) said today.

The ICO was informed by the council in November 2010 that an employee had recently lost an unencrypted memory stick containing personal data relating to a minimum of six individuals. The information included case notes and minutes of meetings relating to the individuals’ support and was saved on an unapproved memory stick. The device was used to store the information after the member of staff encountered problems using an encrypted memory stick that the council had previously provided free of charge.

Funnily enough, the breach occurred shortly after the council had undertaken an internal campaign aimed at promoting its encryption policy. During this time employees had been asked to hand in unencrypted devices and were warned about the importance of keeping personal information secure.

Mark Lloyd, Chief Executive of Cambridgeshire County Council has signed a formal undertaking to ensure that all portable devices used by the council are encrypted using encryption software that meets the current standard. The council has also agreed to carry out regular monitoring of its data protection policies and IT security measures in order to ensure that they are being followed by all staff.

Both Councils Fined

The Information Commissioner’s Office (ICO) today served Earling Council and Hounslow Council with monetary penalties for serious breaches of the Data Protection Act after the loss of two unencrypted laptops containing sensitive personal information.

Ealing Council – FINED £80,000

Hounslow Council – FINED £70,000

The bug potentially affects every user of the Internet Explorer web browser – around 900 million people worldwide.

In a security advisory, the company warned of a loophole that could be used by malicious hackers to steal private information or hijack computers.

Microsoft has issued a software patch to defend against attacks, and said it was working to develop a long-term fix.

Microsoft admitted that the problem meant users could easily be fooled into downloading malicious files by doing something as simple as clicking on a web link.

“When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session,” wrote Microsoft representative Angela Gunn in a website announcement accompanying the advisory.

Once the computer had been hijacked, hackers could use it to steal personal data or send users to fake websites, she added.

The security advisory is available here, 2501696.

The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim’s Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.

All Windows users – particularly those who use Internet Explorer – are being urged to download the fix while the company’s security team develop a way to plug the hole permanently.

For a faster browser experience, why not spend some time playing with Google Chrome?

Want to see just how fast? Look here for a cool video.

The Information Commissioner’s Office has revealed in a survey that 80% of people are concerned about protecting their personal information online.

Research commissioned by the ICO has also found that 96% of individuals surveyed are concerned that organisations do not keep their details secure, and a further 60% believe that they have lost control of the way their personal information is collected and processed.

In a move to mark European Data Protection Day, Information Commissioner, Christopher Graham, supported by Lord McNally, Minister of State at the Ministry of Justice, is urging people to take more care on social networking sites, to think before giving out their personal details online, and to understand what to do when things go wrong.

Information Commissioner, Christopher Graham, said:

It’s never been more important to protect your personal information. Whether you’re surfing the net, shopping online or signing up to social networking sites, it’s crucial that people are thinking about how their information might be used.
From employers looking up potential employees on Facebook to cyber criminals hacking into unsecured wifi networks, not protecting your personal information can cause serious harm and distress. European Data Protection Day is about motivating people to regain control of their right to privacy. I hope people of all ages across the UK will do just that.

A personal information toolkit is available on the ICO website here:
Personal Information Toolkit

You’d think the head of Facebook would have tip-top security on all his accounts on Facebook, but you’d be wrong.

Mark’s fan page, which has nearly three million ‘likes’, seemingly posted a message calling for Facebook to transform into a ‘social business’.

However, it was neither Mark nor his PR team who posted the status, which was swiftly removed (but not before over a thousand people ‘liked’ it).

While it’s unknown whether the hacker actually did anything more sophisticated than guess the password for Zuckerberg’s fan page, the fact that such a prominent user can be hacked is worrying to all Facebookers.

Facebook has declined to comment thus far; probably busy trying to think up a new password.

Read more: http://www.techradar.com/news/internet/mark-zuckerberg-s-facebook-fan-page-hacked-923992

We monitor a lot of spam messages for clients and have noticed a significant increase in the “Phishing” messages coming in pertaining to be from Natwest. These e-mail messages are fake and do not originate from Natwest or any reputable Bank.

The contents of the email read as follows:

Dear NatWest Customer,

National Westminster Bank have been receiving complaints from our customers for unauthorised use of their Natwest Online accounts

Sign In Here For Your Account Verification

The “Sign In Here” section of the e-mail message actually takes you to a clone of the real Natwest login page. When you enter your details on this page, instead of being authenticated with Natwest’s system, your personal details are simply forwarded to the fraudsters.

Whenever you want to log in to your online banking, always type in the address manually, or at least ensure the address in your browsers address bar is correct. A quick check of the address before logging in can save you hours of struggle and potentially financial losses!

The medic waited 2 weeks before informing his superiors about the theft. The doctor took unencrypted patient information – including names, dates of birth, the treatments – on 1,147 patients and loaded it onto his laptop, which was stolen in November.

Now, Phil Morley, chief executive at Hull and East Yorkshire Hospitals NHS Trust, which runs Hull Royal Infirmary and Castle Hill Hospital in Cottingham, has written to the 1,147 patients affected to apologise.

In the letter, he said: “I am writing this letter to inform you of the incident and also to apologise unreservedly for the loss of your confidential data.
“The doctor acted outside trust and NHS regulations in taking unencrypted patient data away from the trust and installing it on his personal computer.
“I can advise that the trust treats these matters very seriously and the doctor concerned is being managed in accordance with the trust’s policies and procedures.”

The breach is the third incident of personal data exposure to affect Hull residents in less than a year, following an earlier event involving the theft of sensitive data from A4e.

The trust said the doctor informed police the laptop had been stolen following the theft in November but did not notify the trust until two weeks after the incident.

Cathie Holmes, 37, of Beverley, said she was furious when her 12-year-old daughter, Mary, received one of the letters.

Mrs Holmes said: “You can’t send a letter of that magnitude to a child and expect them to understand it.

Sources:-
http://www.theregister.co.uk/2011/01/19/hull_hospital_data_breach_flap/
http://www.thisishullandeastriding.co.uk/news/Undefined-Headline/article-3111119-detail/article.html