Current Event – FAA, Kaiser Permanente Security Breaches; Tens of Thousands of Names Compromised

By cxlt at 10:25 pm on February 10, 2009 | 3 Comments

FAA

In another of a long line of high-profile security breaches both in and out of the government recently, the Federal Aviation Administration has announced that in the course of a breach of their computer system, over 45,000 employee names – and presumably, personal information – were compromised. The systems were thankfully not connected to the air traffic control system or other critical operations systems.

The FAA is said to be following up with potentially affected individuals one by one.

Similarly, healthcare giant Kaiser Permanente reported on Sunday that nearly 30,000 employee names, addresses, Social Security numbers, and dates of birth were stolen. The breach was a chance discovery – the files containing the data were found in the possession of one Mia Garza, who was arrested on unrelated counts of stolen property and fraud. It is unclear how she came to possess the data, and thus it is entirely possible that copies of it are still in the hands of malicious people. As she was arrested on December 23rd of last year, it has clearly been quite some time since the breach occurred.

According to Kaiser, existing security policy included restricted access to sensitive information by ACL and encryption of data on electronic devices, including cell phones – both measures that sound wise. It is still entirely possible that the issue was policy not in fact being followed – Kaiser does not know what caused to the loss of data.

Due to the lack of detail surrounding both of these events, they serve simply as a reminder of how broadly security breaches can affect people on a personal scale. In just a few weeks, companies and government agencies ranging from the above to RBS WorldPay – an event in which 1.5 million people’s financial information and 1.1 million Social Security numbers were stolen – Heartland Payment, which processes over four billion payments a year, and even security specialists Kaspersky have all suffered high-profile data breaches.

Hopefully all these attacks will remind other organizations to take a long, hard look at their security systems.

Filed under: Current Events3 Comments »

Facebook Opens Status API

By lisa89 at 5:27 pm on Comments Off on Facebook Opens Status API

“Facebook is slowly tearing down the wall around its silo and is starting to expose more of its data to the outside” (From Facebook Opens Up: Lets Developers Access Status Updates, Notes, Links, and Videos). Now Facebook allows the third-party developers to have access to users’ private data, such as status updates and notes. This is intended to make both developers more flexible in making and using applications. Moreover, Facebook wants to make more and more people use Facebook by join the OpenID foundation. However, weaknesses and potential security problems are found by doing this update for Facebook’s API.

Assets and security goals

  • Since the Facebook joined the OpenID foundation, people who posses OpenID (one account, one password, multiple sites login) account will also have Facebook account. Thus, more and more people will join Facebook and use Facebook for networking.
  • The developers’ application should be verified before release it to public and allow people to use it. Moreover, there should be stricter terms and conditions on registration for developer, such as phone number validation or email validation, so that they will not misuse users’ private information (pictures, videos…etc)

(Read on …)

Filed under: Security ReviewsComments Off on Facebook Opens Status API