TRENDING:

NASA Breach Leads Roundup

Unencrypted Laptop Stolen; Court Employees Indicted in Code Theft Jeffrey Roman (gen_sec) • November 20, 2012    
NASA Breach Leads Roundup

In this week's breach roundup, the National Aeronautics and Space Administration is ramping up efforts to encrypt all laptops following the recent theft of an unencrypted device. Also, two former employees of the Alabama Administrative Office of the Courts were indicted for stealing the programming code for a court data system.

See Also: Why Active Directory (AD) Protection Matters

NASA Encrypting Laptops After Breach

The National Aeronautics and Space Administration is ramping up efforts to encrypt all laptops following the recent theft of an unencrypted device containing sensitive personal information.

Commenting on the Oct. 31 breach, NASA spokesman Michael Braukus tells Information Security Media Group: "Currently, it is estimated that 10,000 people have been affected, but the final number could be higher. Affected individuals identified to date include people who have applied for access to NASA information or facilities. The effort to identify all those who were affected is ongoing."

In an e-mail to employees, Richard Keegan Jr., NASA's associate deputy administrator, reveals that the laptop was stolen from an employee's locked vehicle. The device contained personally identifiable information on "a large number of NASA employees, contractors, and others," according to the e-mail, obtained by the news site SpaceRef.

Braukus offers further details: "The computer was password-protected, but some of the specific files were not encrypted as required by NASA policy," he says. "The hard drive also had not yet received the whole-disk encryption software as part of the ongoing agency-wide effort."

NASA is assessing whether the data breach resulted from any violations of the agency's security policy and procedures, Braukus adds. The organization is also offering those affected by the breach free credit monitoring and related services from ID Experts, the e-mail from Keegan states.

Court Employees Indicted for Stealing Code

Two former employees of the Alabama Administrative Office of the Courts were indicted for stealing the programming code for a sensitive court data system, according to the Justice Department.

The two employees, Michael David Carroll, 58, and Jill Hawthorne, 35, allegedly stole the code of the Namemaster database, which holds the court records, and also stole the digital blueprint, known as the schema, for how the database was constructed.

Carroll is the former director of information systems for the AOC, and Hawthorne is a former database administrator.

According to the indictment, Carroll and Hawthorne allegedly transferred the code and schema to an Orlando-based private software development company, CyberBest Technology Inc. They also allegedly facilitated the transfer of hundreds of thousands of Jefferson County, Ala., court records to CyberBest.

If convicted, Carroll and Hawthorne each face a maximum penalty of 10 years in prison and a $250,000 fine.

Lawsuit Against Gaming Site Dropped

A class action lawsuit against Valve Corp., developer of the online gaming platform Steam, has been dismissed by a federal judge because the plaintiffs failed to adequately plead damages.

Judge James L. Robart of the Western District of Washington dismissed the claims on Nov. 14, according to Data Privacy Monitor, a blog maintained by the BakerHostetler law group.

In November of 2011, Valve Corp. confirmed that it had suffered a data breach that may have exposed up to 35 million users to fraud. Gabe Newell, founder of Valve, said intruders obtained access to a database in addition to user forums. The database contained information including user names, hashed and salted passwords, game purchases, e-mail addresses, billing addresses and encrypted credit card information.

E-mail Error Exposes Taliban Mailing List

A Taliban spokesperson transmitting a press release accidentally made the names on its mailing list public, according to ABC News.

The error consisted of the sender CCing everyone on the list instead of using the BCC function, which keeps e-mail addresses private, the report said.

The list consisted of more than 400 recipients, most of whom are journalists. The Taliban, an Islamic fundamentalist militant movement, routinely sends out press releases to that mailing list, ABC reports.

Previous
PCI Risk Assessment Tips Offered
Next
Stolen Password Led to South Carolina Tax Breach

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.