NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
Non-Encrypted Hall of Shame
print the content item {PDF=create pdf file of the content item^plugin:content.54}
in General IT Security > Non-Encrypted Hall of Shame


No Longer Supported


October 30, 2006 – SacBee.com
Core-Logic - Sacramento company makes software that helps mortgage lenders detect fraud. A laptop computer was stolen containing the names and Social Security numbers of 50,000 people who had applied for mortgage loans with CoreLogic customers. "The big fear was that the names would be used for identity theft", says company spokesman Pete Kreiser. No kidding. Apparently the information on the laptop was not encrypted.


October 28, 2006 – SavannahNow.com
Hancock Askew & Co. LLP – A laptop computer belonging to Hancock Askew & Co. LLP partner Michael McCarthy, was stolen Oct. 5. The laptop contained 401(k) information for employees of at least one company, Atlanta-based Atlantis Plastics Inc. Though the company is being very tight lipped about the situation the computer is believed to contain at least the names, Social Security numbers, and some salary information of the employees. Mr. McCarthy says that the laptop was password protected and "other safeguards" were in place to prevent unauthorized users from accessing the data. Data encryption was not mentioned and therefore probably wasn't in use. Without that the other protections are probably meaningless.


October 2006 – DailyRecord.com
Picatinny Arsenal / U.S. Army - officials are looking for 21 missing or stolen laptop and personal computers that have 8vanished from the Army base or were stolen from employees as far back as January 2004. Arsenal spokesman Pete Rowland said 15 laptops, mostly Dell models, and eight personal computers were reported missing, but two of them later turned up. They are not sure if all of the computers were stolen or if some are simply lost. None of the computer processed classified information but there is a very high likelihood that some contained Personally Identifiable Information (PII). The information was not encrypted but was “password protected” (isn't it always?).


October 20, 2006 - Minneapolis Star Tribune
Allina Hospitals and Clinics – A laptop with names, Social Security Numbers, and medical information on 14,000 obstetrics patients was stolen from a nurses car. The hospital says that the information was protected by “two passwords” but as we all know this is not the same as encryption and that the data would still be accessible by your average 15 year old script kiddie (amateur hacker). Allina says that laptops will no longer contain Social Security numbers.


October 20, 2006 - The Oregonian
T-Mobile USA - A laptop containing the names, Social Security numbers, home address, home telephone numbers, date of birth, pay and other personal information of T-Mobile USA Inc. employees recently disappeared from an employee's checked airline luggage. The laptop contained information on as many as 43,000 current and former T-Mobile employees and putting them at risk of identity theft. Again the company PR department puts out the standard “the laptop was protected by a password” claim. Passwords are easy to circumvent and are not the same as data encryption. Companies should know this by now. There is plenty of information included in this theft to make this laptop worth many times more than its pawn shop value.


October 20, 2006 - St. Paul Pioneer Press
University of Minnesota – A laptop with personal data on 200 students was stolen from a faculty member while on a trip to Spain. The information included names, student ID's and grades. University officials say that their laptops now contain encryption software but that they're having a hard time getting professor's to use it. This of course isn't as much of a problem in the corporate world where you can fire people that don't follow policy.


October 10, 2006 The Detroit News
Troy Athens High School – A computer hard drive is missing and presumed stolen during while renovations took place over the summer. The hard drive contained names, Social Security numbers, and student transcripts of over 4,000 students. The students attended the school between 1994 and 2004. The school did not notify student alumni for 2 months claiming they were searching for the drive during this time. Many of those affected are asking for credit monitoring which the school district has not yet provided. No indication of any data encryption being used.


October 6, 2006 SignOnSanDiego
U.S. Marine Corp. - A laptop belonging to Lincoln B.P. Management Inc., a Camp Pendleton, CA contractor, was stolen on October 3rd. The laptop contained personal information on 2,400 Camp Pendleton Marines that live in base housing there. No information as to what personal information was on the laptop but apparently it was not encrypted as it should have been.


article index
page 1 : March 2007 to Present
page 2 : February 2007
page 3 : January 2007
page 4 : December 2006
page 5 : November 2006
page 6 - current : October 2006
page 7 : September 2006
page 8 : August 2006
page 9 : July 2006
page 10 : Prior to July 2006
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2015-0249
The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with a ...
»CVE-2015-5152
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl ...
»CVE-2016-0764
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, R ...
»CVE-2016-10397 (php)
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL ...
»CVE-2016-10398
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic ...
»CVE-2016-4000 (debian_linux, jython)
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunctio ...
»CVE-2016-4982
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by levera ...
»CVE-2016-4984
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS ...
»CVE-2016-4996
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes disp ...
»CVE-2016-5394
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.enco ...
»CVE-2016-6018
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features t ...
»CVE-2016-6019 (emptoris_strategic_supply_management)
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-s ...
»CVE-2016-6312
The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat E ...
»CVE-2016-6793
The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.7 allows remote attac ...
»CVE-2016-6798
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an ...


Date published: 2017-07-20T16:00:32Z
Details

»Cisco Releases Security Update
Original release date: July 20, 2017 Cisco has released a security update to address a vulner ...
»Apple Releases Security Updates
Original release date: July 19, 2017 Apple has released security updates to address vulnerabi ...
»Oracle Releases Security Bulletin
Original release date: July 18, 2017 Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Oracle July 2017 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
»Cisco Releases Security Updates
Original release date: July 17, 2017 Cisco has released security updates to address a vulnera ...
»FBI Releases Article on Privacy Risks Associated with Internet-Connected Children's Toys
Original release date: July 17, 2017 The Federal Bureau of Investigation (FBI) has released a ...
»FTC Releases Alert on Digital Security While Traveling
Original release date: July 14, 2017 The Federal Trade Commission (FTC) has released an alert ...
»Cisco Releases Security Updates
Original release date: July 13, 2017 Cisco has released security updates to address several S ...
»Juniper Releases ScreenOS Security Update
Original release date: July 13, 2017 Juniper has released ScreenOS 6.3.0r24 to address multip ...
»Samba Releases Security Updates
Original release date: July 12, 2017 The Samba Team has released security updates that addres ...
»Microsoft Releases July 2017 Security Updates
Original release date: July 11, 2017 Microsoft has released updates to address vulnerabilitie ...


Date published: not known
Details

»Avanced and inept persistent threats to be discussed at VB2017
Unsurprisingly given today's threat landscape, the VB2017 programme ...
»Password security is 1% choosing a half-decent password, 99% not using it anywhere else
Password security advice focuses too much on password strength and ...
»Save the dates: VB2018 to take place 3-5 October 2018
Though the location will remain a secret for a few more months, we ...
»Review: BSides Athens 2017
The second edition of BSides Athens saw a great and varied programm ...
»Let's not help attackers by spreading fear, uncertainty and doubt
Spreading 'FUD' in the wake of cyber-attacks is never a good idea. ...
»Calling next-gen security researchers: student discount for VB2017 announced
For the third year in a row, we have set aside a limited number of ...
»Nominations opened for fourth Péter Szőr Award
Virus Bulletin has opened nominations for the fourth annual Péter S ...
»VB2016 paper: BlackEnergy – what we really know about the notorious cyber attacks
According to some researchers, there is some evidence linking the r ...
»Security advice in the wake of WannaCry and Not(Petya)
As WannaCry and (Not)Petya have shown, malware attacks can do a lot ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Cisco Releases Security Update
[20 Jul 2017 10:24am]

» Apple Releases Security Updates
[19 Jul 2017 01:12pm]

» Oracle Releases Security Bulletin
[18 Jul 2017 02:03pm]

» Cisco Releases Security Updates
[17 Jul 2017 03:26pm]

» FBI Releases Article on Privacy Risks Associated with Internet-Connected Children's Toys
[17 Jul 2017 11:37am]

» FTC Releases Alert on Digital Security While Traveling
[14 Jul 2017 07:39pm]

» Cisco Releases Security Updates
[13 Jul 2017 06:44pm]

» Juniper Releases ScreenOS Security Update
[13 Jul 2017 06:06pm]

» Samba Releases Security Updates
[12 Jul 2017 12:57pm]

» Microsoft Releases July 2017 Security Updates
[11 Jul 2017 11:38am]

***
US-CERT Alerts

» TA17-181A: Petya Ransomware
[30 Jun 2017 11:41pm]

» TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
[13 Jun 2017 09:45am]

» TA17-163A: CrashOverride Malware
[12 Jun 2017 03:44pm]

» TA17-156A: Reducing the Risk of SNMP Abuse
[05 Jun 2017 06:11pm]

» TA17-132A: Indicators Associated With WannaCry Ransomware
[12 May 2017 07:36pm]

» TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors
[27 Apr 2017 04:50pm]

» TA17-075A: HTTPS Interception Weakens TLS Security
[16 Mar 2017 06:40am]

» TA16-336A: Avalanche (crimeware-as-a-service infrastructure)
[30 Nov 2016 10:00pm]

» TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets
[14 Oct 2016 05:59pm]

» TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations
[06 Sep 2016 04:29pm]

***
Computerworld Security

» Tech Talk: Azure Stack, cyberattacks, the next iPhone and ... keyboards
[20 Jul 2017 10:00am]

» Tech Talk: The latest on Azure Stack, cyberattacks, the next iPhone and ... keyboards
[20 Jul 2017 10:00am]

» More June security patch bugs: You can patch an IE flaw, CVE-2017-8529, or print inside iFrames—but not both
[19 Jul 2017 01:00pm]

» Verifying and testing that Firefox is restricted to TLS 1.2
[16 Jul 2017 01:56pm]

» Microsoft yanks bad Outlook patches of patches KB 3191849, 3213654, 401042
[15 Jul 2017 02:16pm]

» Restricting Firefox to TLS version 1.2 makes browsing safer
[13 Jul 2017 08:43pm]

» Mingis on Tech: The language of malware
[12 Jul 2017 04:00am]

» Mingis on Tech: How linguistics can help catch cyberattackers
[12 Jul 2017 04:00am]

» The 15 worst data security breaches of the 21st century
[11 Jul 2017 10:00pm]

» Easy way to bypass passcode lock screens on iPhones, iPads running iOS 10
[11 Jul 2017 09:05am]

» Linux group pushes out production-ready blockchain collaboration software
[11 Jul 2017 09:01am]

» Kill it! Kill Windows XP now!
[10 Jul 2017 05:20am]

» With Patch Tuesday imminent, make sure you have Automatic Update turned off
[10 Jul 2017 05:17am]

» Unclear on the concept, plastic edition
[10 Jul 2017 04:00am]

» Get 72% off NordVPN Virtual Private Network Service For a Limited Time - Deal Alert
[06 Jul 2017 03:05pm]

***
Microsoft Security Advisories

» 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
[27 Jun 2017 11:00am]

» 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
[23 Jun 2017 11:00am]

» 4025685 - Guidance related to June 2017 security update release - Version: 1.0
[13 Jun 2017 11:00am]

» 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
[12 May 2017 11:00am]

» 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
[12 May 2017 11:00am]

» 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
[10 May 2017 11:00am]

» 3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[14 Mar 2017 11:00am]

» 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
[27 Jan 2017 11:00am]

» 3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
[10 Jan 2017 11:00am]

» 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
[13 Sep 2016 11:00am]

» 3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
[13 Sep 2016 11:00am]

» 3179528 - Update for Kernel Mode Blacklist - Version: 1.0
[09 Aug 2016 11:00am]

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

***


***
Network World Security

» Unix: How random is random?
[17 Jul 2017 09:01am]

» IBM touts full data encryption in new Z series mainframes
[17 Jul 2017 08:23am]

» IBM wants you to encrypt everything with its new mainframe
[17 Jul 2017 07:17am]

» What is IoT?
[14 Jul 2017 11:56am]

» Gravityscan, keeping WordPress sites safe
[24 May 2017 02:34pm]

» Network monitoring tools: Features users love and hate
[01 May 2017 04:51am]

» Book Review: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
[27 Apr 2017 12:45pm]

» Fight firewall sprawl with AlgoSec, Tufin, Skybox suites
[10 Apr 2017 04:32am]

» Review: Canary Flex security camera lives up to its name
[24 Mar 2017 07:01am]

» Zix wins 5-vendor email encryption shootout
[13 Mar 2017 04:00am]

» Review: vArmour flips security on its head
[06 Mar 2017 03:50am]

» 5 open source security tools too good to ignore
[21 Feb 2017 07:12am]

» Review: Samsung SmartCam PT network camera
[15 Feb 2017 07:00am]

» Tech Talk: The latest on Azure Stack, cyberattacks, the next iPhone and ... keyboards
[20 Jul 2017 10:00am]

» IBM touts full data encryption in new Z series mainframes
[17 Jul 2017 08:23am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}