NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
Non-Encrypted Hall of Shame
print the content item {PDF=create pdf file of the content item^plugin:content.54}
in General IT Security > Non-Encrypted Hall of Shame


No Longer Supported


October 30, 2006 – SacBee.com
Core-Logic - Sacramento company makes software that helps mortgage lenders detect fraud. A laptop computer was stolen containing the names and Social Security numbers of 50,000 people who had applied for mortgage loans with CoreLogic customers. "The big fear was that the names would be used for identity theft", says company spokesman Pete Kreiser. No kidding. Apparently the information on the laptop was not encrypted.


October 28, 2006 – SavannahNow.com
Hancock Askew & Co. LLP – A laptop computer belonging to Hancock Askew & Co. LLP partner Michael McCarthy, was stolen Oct. 5. The laptop contained 401(k) information for employees of at least one company, Atlanta-based Atlantis Plastics Inc. Though the company is being very tight lipped about the situation the computer is believed to contain at least the names, Social Security numbers, and some salary information of the employees. Mr. McCarthy says that the laptop was password protected and "other safeguards" were in place to prevent unauthorized users from accessing the data. Data encryption was not mentioned and therefore probably wasn't in use. Without that the other protections are probably meaningless.


October 2006 – DailyRecord.com
Picatinny Arsenal / U.S. Army - officials are looking for 21 missing or stolen laptop and personal computers that have 8vanished from the Army base or were stolen from employees as far back as January 2004. Arsenal spokesman Pete Rowland said 15 laptops, mostly Dell models, and eight personal computers were reported missing, but two of them later turned up. They are not sure if all of the computers were stolen or if some are simply lost. None of the computer processed classified information but there is a very high likelihood that some contained Personally Identifiable Information (PII). The information was not encrypted but was “password protected” (isn't it always?).


October 20, 2006 - Minneapolis Star Tribune
Allina Hospitals and Clinics – A laptop with names, Social Security Numbers, and medical information on 14,000 obstetrics patients was stolen from a nurses car. The hospital says that the information was protected by “two passwords” but as we all know this is not the same as encryption and that the data would still be accessible by your average 15 year old script kiddie (amateur hacker). Allina says that laptops will no longer contain Social Security numbers.


October 20, 2006 - The Oregonian
T-Mobile USA - A laptop containing the names, Social Security numbers, home address, home telephone numbers, date of birth, pay and other personal information of T-Mobile USA Inc. employees recently disappeared from an employee's checked airline luggage. The laptop contained information on as many as 43,000 current and former T-Mobile employees and putting them at risk of identity theft. Again the company PR department puts out the standard “the laptop was protected by a password” claim. Passwords are easy to circumvent and are not the same as data encryption. Companies should know this by now. There is plenty of information included in this theft to make this laptop worth many times more than its pawn shop value.


October 20, 2006 - St. Paul Pioneer Press
University of Minnesota – A laptop with personal data on 200 students was stolen from a faculty member while on a trip to Spain. The information included names, student ID's and grades. University officials say that their laptops now contain encryption software but that they're having a hard time getting professor's to use it. This of course isn't as much of a problem in the corporate world where you can fire people that don't follow policy.


October 10, 2006 The Detroit News
Troy Athens High School – A computer hard drive is missing and presumed stolen during while renovations took place over the summer. The hard drive contained names, Social Security numbers, and student transcripts of over 4,000 students. The students attended the school between 1994 and 2004. The school did not notify student alumni for 2 months claiming they were searching for the drive during this time. Many of those affected are asking for credit monitoring which the school district has not yet provided. No indication of any data encryption being used.


October 6, 2006 SignOnSanDiego
U.S. Marine Corp. - A laptop belonging to Lincoln B.P. Management Inc., a Camp Pendleton, CA contractor, was stolen on October 3rd. The laptop contained personal information on 2,400 Camp Pendleton Marines that live in base housing there. No information as to what personal information was on the laptop but apparently it was not encrypted as it should have been.


article index
page 1 : March 2007 to Present
page 2 : February 2007
page 3 : January 2007
page 4 : December 2006
page 5 : November 2006
page 6 - current : October 2006
page 7 : September 2006
page 8 : August 2006
page 9 : July 2006
page 10 : Prior to July 2006
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2014-0097
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not c ...
»CVE-2014-0225
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, an ...
»CVE-2014-3527
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Ser ...
»CVE-2014-9970
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
»CVE-2015-0269
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote auth ...
»CVE-2015-1529 (android)
Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a den ...
»CVE-2015-1834
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that a ...
»CVE-2015-3189
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or ear ...
»CVE-2015-3190
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or ear ...
»CVE-2015-3191
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or ear ...
»CVE-2015-4045
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users ...
»CVE-2015-4046
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to ex ...
»CVE-2015-4054
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereferenc ...
»CVE-2015-4455
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For ...
»CVE-2015-4704
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows re ...


Date published: 2017-05-26T20:00:01Z
Details

»FTC Releases Alert on Identity Theft
Original release date: May 25, 2017 The Federal Trade Commission (FTC) has released an alert ...
»Samba Releases Security Updates
Original release date: May 24, 2017 The Samba Team has released security updates that address ...
»ICS-CERT Releases WannaCry Fact Sheet
Original release date: May 17, 2017 | Last revised: May 19, 2017 The Industrial Control Syste ...
»Joomla! Releases Security Update for CMS
Original release date: May 17, 2017 Joomla! has released version 3.7.1 of its Content Managem ...
»Cisco Releases Security Updates
Original release date: May 17, 2017 Cisco has released updates to address vulnerabilities aff ...
»WordPress Releases Security Update
Original release date: May 17, 2017 WordPress versions prior to 4.7.5 are affected by multipl ...
»FTC Releases Alert on Fraudulent Emails
Original release date: May 16, 2017 The Federal Trade Commission (FTC) has released an alert ...
»Apple Releases Security Updates
Original release date: May 15, 2017 Apple has released security updates to address vulnerabil ...
»Multiple Ransomware Infections Reported
Original release date: May 12, 2017 | Last revised: May 15, 2017 US-CERT has received multipl ...
»Cisco Releases Security Update
Original release date: May 10, 2017 Cisco has released a security update to address a vulnera ...


Date published: not known
Details

»WannaCry shows we need to understand why organizations don't patch
Perhaps the question we should be asking about WannaCry is not ...
»Modern security software is not necessarily powerless against threats like WannaCry
The WannaCry ransomware has affected many organisations around the ...
»Throwback Thursday: CARO: A personal view
This week sees the 11th International CARO Workshop taking place in ...
»VB2016 paper: Uncovering the secrets of malvertising
Malicious advertising, a.k.a. malvertising, has evolved tremendousl ...
»Throwback Thursday: Tools of the DDoS Trade
As DDoS attacks become costlier to fix and continue to increase in ...
»VB2016 paper: Building a local passiveDNS capability for malware incident response
At VB2016, Splunk researchers Kathy Wang and Steve Brant presented ...
»VB2016 video: Last-minute paper: A malicious OS X cocktail served from a tainted bottle
In a VB2016 last-minute presentation, ESET researchers Peter Kalnai ...
»Consumer spyware: a serious threat with a different threat model
Consumer spyware is a growing issue and one that can have serious c ...
»VB2016 paper: Debugging and monitoring malware network activities with Haka
In their VB2016 paper, Stormshield researchers Benoît Ancel and Meh ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» FTC Releases Alert on Identity Theft
[25 May 2017 03:20pm]

» Samba Releases Security Updates
[24 May 2017 06:30pm]

» ICS-CERT Releases WannaCry Fact Sheet
[17 May 2017 09:14pm]

» Joomla! Releases Security Update for CMS
[17 May 2017 11:48am]

» Cisco Releases Security Updates
[17 May 2017 11:31am]

» WordPress Releases Security Update
[17 May 2017 07:09am]

» FTC Releases Alert on Fraudulent Emails
[16 May 2017 03:10pm]

» Apple Releases Security Updates
[15 May 2017 03:33pm]

» Multiple Ransomware Infections Reported
[12 May 2017 01:05pm]

» Cisco Releases Security Update
[10 May 2017 11:33am]

***
US-CERT Alerts

» TA17-132A: Indicators Associated With WannaCry Ransomware
[12 May 2017 07:36pm]

» TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors
[27 Apr 2017 04:50pm]

» TA17-075A: HTTPS Interception Weakens TLS Security
[16 Mar 2017 06:40am]

» TA16-336A: Avalanche (crimeware-as-a-service infrastructure)
[30 Nov 2016 10:00pm]

» TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets
[14 Oct 2016 05:59pm]

» TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations
[06 Sep 2016 04:29pm]

» TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities
[05 Jul 2016 08:50am]

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

***
Computerworld Security

» IDG Contributor Network: Eight steps to the GDPR countdown
[25 May 2017 01:52pm]

» The WannaCry scramble
[25 May 2017 11:05am]

» IDG Contributor Network: The complexity of password complexity
[25 May 2017 06:47am]

» Appeals court gives Wikimedia thumbs up to sue NSA for 'Upstream' surveillance
[24 May 2017 09:26am]

» Former NSA chief weighs in on cybersecurity, cyberespionage at ZertoCon
[23 May 2017 03:53pm]

» IDG Contributor Network: Wikileaks reveals potent Windows malware from the CIA
[23 May 2017 03:00pm]

» 4 ways blockchain is the new business collaboration tool
[23 May 2017 04:01am]

» Connecting with work from the road? Here's how to stay safe
[23 May 2017 04:00am]

» 5 ways to stop future global malware attacks
[22 May 2017 03:06pm]

» No, Windows XP didn't fuel WannaCry
[22 May 2017 01:57pm]

» IDG Contributor Network: Winning the war on ransomware
[22 May 2017 12:00pm]

» Leak: Secret Facebook rules on what violence, self-harm and child abuse can be posted
[22 May 2017 07:18am]

» For enterprise protection, antivirus software is no longer enough
[22 May 2017 04:00am]

» Windows Defender does not defend Windows 7 against WannaCry
[21 May 2017 06:37pm]

» The ransomware epidemic: How to prep for a shakedown
[19 May 2017 02:37pm]

***
Microsoft Security Advisories

» 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
[12 May 2017 11:00am]

» 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
[10 May 2017 11:00am]

» 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
[09 May 2017 11:00am]

» 3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[14 Mar 2017 11:00am]

» 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
[27 Jan 2017 11:00am]

» 3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
[10 Jan 2017 11:00am]

» 3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
[13 Sep 2016 11:00am]

» 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
[13 Sep 2016 11:00am]

» 3179528 - Update for Kernel Mode Blacklist - Version: 1.0
[09 Aug 2016 11:00am]

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

***
WIRED

» A Clever New Way to Protect Your Data at the Border Could Also Add Risk
[25 May 2017 12:34pm]

» Russian Hackers Are Using ‘Tainted’ Leaks to Sow Disinformation
[25 May 2017 09:51am]

» An Up-Close View of the Notorious APT32 Hacking Group in Action
[23 May 2017 10:00pm]

» Think Before You Tweet In the Wake of an Attack
[23 May 2017 02:29pm]

» The Silk Road Creator’s Life Sentence Actually Boosted Dark Web Drug Sales
[23 May 2017 08:00am]

» Security News This Week: Hoo-Boy, Mar-a-Lago’s Internet Is Insecure
[20 May 2017 05:00am]

» Another Ransomware Nightmare Could Be Brewing in Ukraine
[19 May 2017 03:48pm]

» Hackers Are Trying to Reignite WannaCry With Nonstop Botnet Attacks
[19 May 2017 11:05am]

» Sweden Drops Assange’s Rape Case—But He’s Not Walking Free
[19 May 2017 07:50am]

» A WannaCry Flaw Could Help Some Victims Get Files Back
[18 May 2017 01:28pm]

***
Network World Security

» Top 5 misconceptions of IoT network and device security
[26 May 2017 10:48am]

» How to conduct an IoT pen test
[25 May 2017 04:12pm]

» IDG Contributor Network: Network analysis can find malware before it strikes
[25 May 2017 05:00am]

» Gravityscan, keeping WordPress sites safe
[24 May 2017 02:34pm]

» Gravityscan, keeping WordPress sites safe
[24 May 2017 02:34pm]

» Network monitoring tools: Features users love and hate
[01 May 2017 04:51am]

» Fight firewall sprawl with AlgoSec, Tufin, Skybox suites
[10 Apr 2017 04:32am]

» Review: Canary Flex security camera lives up to its name
[24 Mar 2017 07:01am]

» Smackdown: Office 365 vs. G Suite management
[16 Mar 2017 07:01am]

» Zix wins 5-vendor email encryption shootout
[13 Mar 2017 04:00am]

» Review: vArmour flips security on its head
[06 Mar 2017 03:50am]

» 5 open source security tools too good to ignore
[21 Feb 2017 07:12am]

» Review: Samsung SmartCam PT network camera
[15 Feb 2017 07:00am]

» How to conduct an IoT pen test
[25 May 2017 04:12pm]

» IDG Contributor Network: Network analysis can find malware before it strikes
[25 May 2017 05:00am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}