CNET employees notified after data breach
More than 6,500 CNET Networks employees and relatives are being notified of a possible data breach after burglars stole computer systems from the offices of the company that administers the Internet publisher's benefit plans.
CNET was one of several clients affected when burglars broke into the Walnut Creek, California, offices of Colt Express Outsourcing Services, stealing equipment "which contains the human resources data of several of their clients including CNET networks," CNET Senior Vice President of Human Resources Jose Martin said in a June letter notifying employees of the incident.
The computers contained names, birth dates, Social Security numbers and employment information of the beneficiaries of CNET's health insurance plans.
It was unclear which other Colt Express clients were affected by the breach. Its other customers have included BroadVision, JDS Uniphase and 24 Hour Fitness.
The company's CEO, Samuel Colt III, did not return a call seeking comment Monday, but in a letter to CNET, published on the Web site of the attorney general for the state of Maryland, he said that local police were investigating the matter.
Data breaches such as Colt's must be reported to the Maryland attorney general when they affect state residents. State laws typically require such notification when an unencrypted computer is lost or stolen. According to Privacy Rights Clearinghouse, more than 230 million records have been exposed in this fashion in the U.S. over the past three-and-a-half years.
Four days after the break-in, Colt Express installed an alarm system, and the company is "looking into what additional steps may be taken to provide enhanced security," Colt wrote in his letter.
Customers looking for free credit-monitoring services from Colt Express should not get their hopes up, however.
Colt's letter included some marketing materials for Kroll, a company that helps companies respond to data breaches, but the information was provided "only out of courtesy and to give you an idea of the types of services available," Colt said.
"By this letter and enclosures we are providing you with all the information we believe you need and that we are able to give you," Colt added. "We do not have the resources financial and otherwise to assist you further."
Hurt by a downturn in business late last year, Colt is now in the process of going out of business, he said.
Affected CNET employees can sign up for one year of free credit-monitoring from Equifax, Martin said.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
An excellent and timely
An excellent and timely article: It's amazing that breaches and thefts keep happening. There is something that is helping a lot of people, judging by the business blogs I’ve been reading. It’s a defined eCulture called The Business-Technology Weave - it helps to influence employee behaviour as regards security, use and integrity of data - as well as protection of hard assets (such as laptops). The book I.T. Wars is the leading voice, and concentrates on the solution – a proactive treatment and training of people, and reinforcements to their corresponding security awareness. This is particularly relevant: www.businessforum.com/DScott_02.html . Some good stuff here too: www.david-scott.net . We use his book at work - stupid mistakes like deleted and misplaced data have dropped tremendously. Our CEO even requires our vendors to read it.Ha - one of our interns from
Ha - one of our interns from University of WI brought that book in. good stuff.