Category Archives: Events

The Top Data Breaches in 2017 – And It’s Only August

Since January 1 2017, there have been approximately 156,000 data records breached where the disclosure was unintentional or a malicious breach from an insider. These are breaches in all industries, to all kinds of individuals, and all sizes of companies. To put it in perspective, that’s roughly 867 records breached every day, or nearly two records every three minutes. We’ve rounded up the top data breaches for the first half of 2017. Prepare to be unsettled.

Registered voters in America
198,000,000 Americans registered to vote had their personal information exposed in late June this year. The firm responsible, a Republican data analysis company, Deep Roots Analytics, has taken full responsibility for the situation. Included in the breach was basic information such as voter’s first and last names, birth dates, home and mailing addresses, phone numbers, registered party, self-reported racial demographic and voter registration status. Alarmingly, a voter’s likely stance on abortion, gun control, stem cell research and environmental issues was also part of the breach. Fortunately, it appears that only a single Cyber Risk Analyst from another company was able to access the 1.1 terabytes of entirely unsecured data and was able to alert authorities in time.

Educational records at the University of Oklahoma
Also in June, the University of Oklahoma has been found to have violated federal law with their lax privacy settings across their campus file-sharing network. 29,000 educational records were accessed by email users on the system. These records included social security numbers, financial aid information and grades in records dating to at least 2002. The files have now been safeguarded but each breach could constitute a violation of the Family Educational Rights and Privacy Act.

Email addresses of US corporates
Just under 33.7 million unique email addresses were leaked in March this year. The company responsible, Dunn & Bradstreet, is a business services company so, at 30 million, the records represented a large chunk of the United States corporate population. This is the data that can be bought and sold – it’s unknown what the market rate would be, but it is reported that it can cost up to $200,000 to access just half a million records. The largest organizations affected include the Department of Defense, other armed forces, AT&T, Boeing, and the United States Postal Service. Interestingly, it remains unknown how the breach occurred, other than it was internal, although Dunn & Bradstreet stated it was not released through one of their systems.

Thankfully, many of these data breaches were eventually picked up by security companies monitoring for data exposure before the data could get into the wrong hands. While these are three of the most significant data breaches to happen this year, there are tens of thousands more where companies have had their data exposed through internal sources, either with malicious intent or by total accident. Companies that lose data through their own negligence, or lack of correct privacy procedures, can face legal action and be forced to pay damages to the individual’s affected. A data loss protection strategy is essential for a company of any size. It protects the individuals whose data is owned by the company, and it helps protect the company from the ramifications of any internal losses.

12 Million Records Breached by May 2016

*The ITRC tracks seven categories of data loss methods:Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information:Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

Since our last report in February on statistical data, 327 data breaches affecting 10 million+ records have been reported.

Zecurion offers deeper insight into selected incidents caused either by accidental or intentional data breaches. With all such incidents, the common elements describing the impact of this growing problem are financial loss, compromised intellectual property and dwindling customer confidence. Let us see how some sectors have been impacted between February and May 2016. The excerpts below only provide a glimpse of some of these incidents – the list goes on.

Government

11 April, 2016 – FDIC, Washington, DC notified that 44,000 records of customers were exposed when an authorized employee unknowingly downloaded the classified information of the affected people on a personal portable device. FDIC uses technology to track downloads to portable devices. On being detected, the employee was contacted, who in turn, immediately returned the device and signed an affidavit stating that the information was not used for any purpose.

Source: Washington Post

Healthcare

February 2, 2016 – Hawaii Medical Service Association (HMSA) disclosed that they accidentally sent 10,800 letters to wrong addresses instead of the rightful owners. Luckily, the letters did not have any sensitive data but only information about how these patients can better manage the ailment they are suffering from. The affected members were contacted telling them of the mistake and answering any questions they might have.

Source: Databreaches.net

Business

March 15, 2016 – Laborers Funds Administrative Office of Northern California, reported that an undisclosed number of records had been compromised due to a computer error. Classified information of not only members but also their dependents was accidentally emailed to a fund member instead of the IRS. The office does not believe that the information has been misused but they have offered a one year free credit monitoring to all the affected people.

Source: California Attorney General

March 7, 2016 – Turner Construction, San Diego, California, stated that an undisclosed number of records with classified information were breached as an email containing sensitive information was accidentally sent out to an unauthorized party. The company has since taken many steps to mitigate the threat. Kroll, an ID monitoring service, has been engaged to provide free monitoring to all the affected people for ten years. The services include Credit Monitoring, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Theft Insurance, Identity Consultation, and Identity Restoration.

Source: Maryland Attorney General

Education

16 May, 2016 – Poway Unified School, California inadvertently released data of about 36,444 students and their parents to one parent who had requested information related to her name only. The information included children’s names, nicknames, addresses, phone numbers, hearing and vision exam results, dates of birth, language fluency, academic test results and occupation of parents. It did not list the social security numbers. The exposed data falls under protected information under the Family Educational Rights and Privacy Act and the school could risk losing federal funding. The data contained information of about 70,000 people.

Source: San Diego Union Tribune

25 January, 2016 – California Virtual Academies (CAVA), California informed its registered users on December 9, 2015 that their data storage system is prone to data breach. CAVA, within hours, was able to locate the vulnerability and contain it by securing the system. Since then, it has been established that unauthorized access was limited to the data security researcher who had initially notified CAVA. Users have been urged to check their personal accounts, change security settings online and read information provided on credit and identity protection.

Source: California Attorney General

Zecurion Included in Gartner Magic Quadrant for Content-Aware Data Loss Prevention

Evaluation based on Completeness of Vision and Ability to Execute

New York, Jan. 21, 2014 – Zecurion, a leading developer of DLP systems, today announced that Gartner Inc., the world’s leading information technology research and advisory company, has included Zecurion in the Magic Quadrant for Content-Aware Data Loss Prevention, published Dec 12, 2013. 

Zecurion has successfully developed and implemented security solutions providing proven and reliable protection against leaks for more than 10,000 organizations around the world. Started in 2001, this privately held company was one of the first to bring to the market highly sensitive, robust security products enabling organizations to manage the risk of employees accidentally or intentionally sharing confidential information. 

Zecurion’s suite of DLP solutions, comprising Zlock, Zgate, Zserver and Zdiscovery, are market leading, unified DLP solutions for SMBs and large enterprises. While most DLP vendors only allow storage of incidents, Zecurion’s DLP solution provides full archiving of all data extracted via multiple channels – USB drives, CD/DVD-recorders, printers, email, and internet. In addition, it captures screen shots and has an extensive set of baseline data dictionaries that it uses as the basis for developing rules. 

In addition to DLP solutions, Zecurion is expert in cryptography, and a leading provider of encryption to protect data during storage and transfer. Its product suite and integrated platform is easy to deploy – simple administration set up and policy selection – and easy to manage – with an intuitive console that can easily be customized. Zecurion is continually developing solutions including those addressing the risk of leaks through social and mobile applications. As part of this, it offers an optical character recognition capability for identifying content, and the solution provides interfaces to monitor social media, Web and cloud storage interactions.

“Gartner is a well-respected IT research and advisory company and their evaluation criteria for the Magic Quadrant are based on thorough research, customer feedback and a well-defined methodology. We believe we are validated as a significant player in the DLP market by Gartner,” said Alexey Raevsky, CEO and General Manager, Zecurion. “We feel our inclusion in the Magic Quadrant validates that our products support sophisticated detection techniques that extend beyond simple keyword matching and regular expressions, and that we are considered a significant vendor for enterprise DLP solutions because of our market presence and technology innovation.” 

Eric Ouellet, author of the report noted, “The enterprise content-aware DLP market has continued to experience steady growth, with content-aware DLP market revenues growing from $369 million in 2010 to $458 million in 2011 to $572 million in 2012. Gartner’s current estimate is that this market will reach between $680 million and $710 million in 2013 and is estimated to grow an additional 22% to 25% by the end of 2014, to reach approximately $830 million.” 

About the Magic Quadrant 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Zecurion 

Zecurion – One of the largest developers of DLP systems that protect against internal threats and data leakage. Zecurion has been professionally engaged in the area of information security since 2001. The company’s solutions provide comprehensive protection against leakage of information throughout the course of its lifecycle – from creation, to recording and archiving, as well as deletion. The Zecurion DLP system is used by more than 10,000 organizations, including Allianz ROSNO, Aeroflot, Bashneft, VTB, Rosbank, Rosgosstrakh, Rosneft, Rostelecom, Tupolev, Technosila, and the Federal Ministry of Finance and Treasury.

Zecurion and the Zecurion logo are trademarks of Zecurion.

Media Contact: 
Ratika Garg
Zecurion
+1 (240) 449 6818
Ratika.garg@zecurion.com

Zecurion Selected as Charter Member of GENBAND’s Innovation Exchange

Data Loss Prevention solutions become part of global communications ecosystem as Zecurion previews its software securing Android tablets and smartphones

Orlando, Florida; May 02, 2013

From GENBAND’s Perspectives 13 Global Customer Event

Zecurion, one of the world’s leading Data Loss Prevention (DLP) and encryption technology companies, today announced it has been named one of twenty charter members of a new community of technology providers launched by GENBAND, a leading developer of multimedia and cloud communications solutions at their annual customer event attended by hundreds of the world’s largest service providers, enterprises and channel partners.

Other charter members of the Innovation Exchange include Arrow S3, Avnet, CounterPath, IBM, Intel, IP Command, IP Trade, M*Modal, mPortal, Netas, Polycom, RapidScale, Samsung, SMARTRAC, T-Metrics, UXP Systems, Voxeo, and X-Factor Communications.

At this private, high-level gathering, Zecurion is demonstrating its DLP platform, including its four flagship solutions:

Zgate: the most comprehensive Data Loss Prevention (DLP) product available, enabling companies to monitor all forms of outbound network traffic and online communications.

Zlock: designed to protect against leaks of confidential information at the end-points of the network.

Zserver: engineered to securely protect the data stored on servers and on backup media.

Zdiscovery: scans all stored data across corporate networks, reveals inappropriately stored confidential information and determines violations of security policies.

Zecurion is previewing its DLP solutions for tablets and smartphones, which interoperates with cloud based solutions and monitors all forms of outbound communications transactions, whether email, instant messaging, social network posts, SKYPE sessions, and document sharing through services including DropBox and more.

“We’re honored to join this prestigious group of innovators, enterprise leaders and service providers not only to share the benefits of our DLP solutions, but also togather input regarding specific challenges associated with provisioning the latest mobile devices, applications, productivity tools, and more,” said Zecurion’s founder and CEO, Alexey Raevsky. “Whether businesses adopt a ‘BYOD’ strategy or choose to deploy the latest Android tablets, Zecurion’s DLP solution will help reassure their leadership, and the auditors responsible for ensuring protection of confidential and private corporate assets, that controls are in place which will only further enhance all the benefits of mobile solutions.”

“Zecurion is a great addition to our innovation community,” said Patrick Gilbert, VP and Director of GENBAND’s Innovation Exchange. “As we continue to build solutions together for the very fast-moving and creative world of web and mobile communications, security is a critical part of the equation, and we’re pleased to welcome a data-loss-prevention leader like Zecurion this week as part of our initial launch.”

About Zecurion

Zecurion has successfully developed and implemented security solutions providing proven and reliable protection against leaks for thousands of companies around the world. Started in 2002, this privately held company was one of the first to bring to the market highly sensitive, robust products enabling organizations to manage the risk of employees’ accidentally or intentionally sharing confidential information.

In addition to DLP solutions, Zecurion is expert in cryptography, and a leading provider of encryption to protect data during storage and transfer. Its product suite and integrated platform is easy to deploy – simple administration set up and policy selection – and easy to manage – with an intuitive console that can easily be customized. Zecurion is continually developing solutions including those addressing risk of leaks through social and mobile applications.

Zecurion is a global company with headquarters in Moscow and New York, and representation in Eastern and Western Europe, providing services to over 7,000 small and medium businesses as well as large global enterprises. For more information, please visit http://zecurion.com

About The Innovation Exchange

From GENBAND’s website:

The Innovation Exchange is the culmination of innovation, imagination and inspiration fostered by leading technology providers within the communication industry. A global collaborative forum and marketplace backed by the experience and resources of GENBAND, The Innovation Exchange delivers communication-based solutions with endless possibilities to service providers and enterprises around the world. Consisting of three innovative teams (Labs, Community and Studio) that work synergistically, the GENBAND Innovation Exchange develops visionary solutions, manages an exclusive technology ecosystem and creates Go-To-Market enablement services, all with a passion to make GENBAND customers the most successful in the industry. More than just a technology and applications exchange – IX is a business exchange focused on monetization of solutions for GENBAND and its partners.

Zecurion Wins 2011 Golden Bridge Awards in Two Categories

NEW YORK, NY–(Marketwire – Aug 16, 2011) – Zecurion has earned the prestigious Golden Bridge Awards titles for its Zlock and Zgate DLP (data loss prevention) products. The coveted annual Golden Bridge Awards program encompasses the world’s best in organizational performance, products and services, executives and management teams, women in business and the professions, innovations, case studies, product management, public relations and marketing campaigns and customer satisfaction programs from every major industry in the world.

Zgate 3.0 was recognized as the most innovative product in the Information Leak Prevention category, and Zlock 3.0 was awarded most innovative product in the Data Protection category. Zgate and Zlock are a formidable combination designed to keep sensitive information from being leaked, exposed, or compromised.

More than 40 judges from a broad spectrum of industry voices from around the world participated and their average scores determined the 2011 Golden Bridge Business Awards winners. The winners were announced during the awards dinner and presentation on August 10, 2011 in New York attended by the finalists, industry leaders, and judges.

“It’s an honor to be named a winner by Golden Bridge Awards for this esteemed industry and peer business award,” said Alexey Raevsky, founder and CEO of Zecurion. “These awards are a testament to Zecurion’s innovative approach and commitment to helping customers protect data and prevent information leaks without impeding productivity.”

For more information, click here to see the full press release.

Zecurion Finalist for Three Product Innovation Awards

Zecurion Inc., a data loss prevention (DLP) leader that protects businesses against insider threats, announces that its three core products are all finalists for innovation in the 3rd Annual 2011 Golden Bridge Awards program.

Zgate 3.0 is a finalist in the Information Leak Prevention category. Zgate is a network perimeter DLP solution that monitors all outbound traffic to ensure that confidential or sensitive data don’t get leaked across your network.

Zserver Suite is a finalist in the Encryption Key Management category. Zserver Storage secures and protects confidential information at the processing and storage level on corporate servers. The Zserver Enterprise Key Management Server (EKMS) minimizes administrative overhead for encryption by generating, storing, managing, and automatically loading encryption keys across the enterprise.

Zlock 3.0 is the sole finalist for the Data Protection innovation award. Zlock is an endpoint security DLP solution that provides IT admins the ability to secure, monitor, and control computer ports and external devices to enforce data security policies and prevent exposure of sensitive data.

The 3rd Annual 2011 Golden Bridge Awards ceremony will be held in New York on August 15, 2011.

Cyber Advisors Joins Zecurion Advantage Partner Program

Cyber Advisors is the latest addition to ZAPP–the Zecurion Advantage Partner Program.

Since 1997, Minnesota-based Cyber Advisors (CA) has been providing information technology, e-business services, and solutions that work and grow with their clients. Consistently ranked one of the fastest growing companies by CRN and Inc., CA takes a true 360-degree view of technology and business, applying their knowledge and expertise to build, support, and use technology that enriches their clients and enhances performance. Key practice areas include security, storage, virtualization, DR/backup, Microsoft consulting, and outsourced managed services.

“Auditing and compliance used to be issues specific to the financial and healthcare sectors, but lately they have been spilling over into other industries,” says Cyber Advisors president and CEO Shane Vinup. “There are many security products on the market, but they don’t give companies the control they need. Zecurion is the only single-bullet security solution that fits in terms of price, and allows users to work when and where they want while maintaining corporate control over the data.”

 

“We’ve been aggressive in terms of creating a security solution that blocks, controls, and encrypts sensitive information, and we’ve been equally aggressive at creating a partner program that will attract high caliber partners like Cyber Advisors,” says Zecurion CEO Alexey Raevsky. “We’re pleased that Cyber Advisors selected Zecurion to be their security partner.”

 

You can learn more about Zecurion and Cyber Advisors at the Secure360 conference today and tomorrow in St. Paul, MN.

Zecurion Captures Unique Honor in UK

Zecurion has emerged as one of two organizations–chosen from a field of 75 submissions–selected as winners of a competition sponsored by IT recruitment firm Acumin. The Critical Security Solutions initiative was launched to address a perceived lack of innovation among security vendors and security products in the UK. The other winner was Modulo–a specialist in governance, risk and compliance management.

Chris Batten, managing director of Acumin, said: “Both vendors were able to demonstrate that their products had the innovation that our panel was looking for and could add value to the UK information security market.”

The unique honor comes with a unique award. Both Zecurion and Modulo will “be given advice on defining a UK market entry plan, help with sales and marketing and introductions to appropriate resellers. They will also receive free sponsorship of the Risk and Network Threat (Rant) forum, an end user security forum organised by Acumin.”

Zecurion is pleased to have been recognized with this distinctive honor, and is looking forward to capitalizing on the valuable opportunity to extend its market presence in the UK and provide UK customers with innovative and effective solutions to protect data and guard against internal information security threats.

Protecting Sensitive Information from Inside Threats

I had the privilege of joining host Tom D’Auria for the weekly IMI-TechTalk radio show once again this week. The show airs weekly on KFNX AM 1100 out of Phoenix, AZ at 3pm local time. Because Arizona doesn’t play Daylight Savings with the rest of the country, though, that means that half the year its on Mountain time and the other half its on Pacific time–so for now the show airs at 6pm Eastern / 5pm Central. If you are not in the Phoenix listening area, you can also listen to the show streamed live via the Web.

The topic of discussion this week was Protecting Sensitive Information from Inside Threats. Tom and I talked about the prevailing perception that information security is an ‘us vs. them’ or ‘inside vs. outside’ battle, while the reality is that internal employees pose a much larger threat than malware or malicious attacks from outside. The default security model relies on simple file and folder permissions to determine access rights for sensitive information, but offer no safeguards or protections regarding what the authorized user does with the data once its accessed.

Click here to listen to the recorded MP3 of the show: Protecting Sensitive Information from Inside Threats.

Zecurion Nominated as ‘Breakthrough Technology Vendor’

Following directly on the heels of the 2010 RSA Security Conference in San Francisco, Zecurion made the trip to Los Angeles to attend the XChange Solution Provider event hosted by EverythingChannel. The audience at XChange Solution Provider is unique–giving Zecurion an opportunity to meet with solution providers and potential channel partners interested in working with and representing Zecurion as a partner.

The event was a tremendous success, capped off by a unique honor. The attendees of the XChange Solution Provider event are asked to nominate vendors for various categories of awards. In a field dominated by established and respected names like Microsoft, HP, Xerox, Lenovo, and Dell, the attendees chose Zecurion as one of the nominees for the Breakthrough Technology Vendor award.

The criteria for selection in this category include:

  • New or enhanced product (introduced to the channel in the past 6 months)
  • Product creates new revenue streams/business opportunities for me
  • Product I would want to represent
  • Product contributes to solving real business technology needs
  • Strong market opportunity for this product

While Zecurion did not ultimately win the award, the recognition of being nominated shows that attendees were impressed with what they saw from Zecurion, and validates that Zecurion has a lot to offer potential partners looking for products with strong market potential, and an immediate revenue opportunity.