Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/22/2011
01:16 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Identity Finder Locates 300K Compromised Names/SSNs Of Workers Comp Applicants

Security researchers at Identity Finder discovered several gigabytes of .dbf, .xls, .cdx, and .pdf files containing confidential information

NEW YORK and SEAL BEACH, CA August 22, 2011 Identity Finder, LLC (www.identityfinder.com), a global leader in identity theft prevention and data loss protection (DLP), discovered that a website exposed documents containing hundreds of individuals health information and database files containing approximately 300,000 names and social security numbers of California residents who applied for workers' compensation benefits. Identity Finder notified the websites owners, Southern California Medical-Legal Consultants, Inc. (SCMLC), of the breach on May 11, 2011 and SCMLC restricted access to all files within minutes of notification.

Identity Finder is in a race against identity thieves, said Todd Feinman, CEO of Identity Finder. If we dont help companies discover exposed data, thieves will find them first and harvest social security numbers for illicit use or trade the knowledge of their existence so others can steal them.

The risk to victims is far lower than it could have been thanks to Identity Finders discovery and SCMLCs remediation. Recent trends show that when unethical hacking groups find personal information, they are now more commonly posting that information to the internet for everyone to see and potentially download for identity fraud.

Security researchers at Identity Finder discovered several gigabytes of .dbf, .xls, .cdx, and .pdf files containing confidential information by using the Identity Finder DLP enterprise software and manually searching internet search engines for common keywords. The files were neither encrypted nor password-protected and some were cached by at least one major search engine. Identity Finder subsequently worked with Google to clear search engine caches and provided SCMLC with a comprehensive report generated by Identity Finder DLP software. SCMLC launched its own internal investigation and issued a press release.

Identity Finder analyzed the data using their sensitive data discovery software that automatically finds health records, social security numbers, and other types of confidential information. It found that the data contained patients confidential health records and other personal details. The largest cache of personally identifiable information included approximately 300,000 Social Security Numbers belonging to workers compensation benefits applicants. A detailed analysis of the data was provided to SCMLC in the Identity Finder DLP Report and a summary of statistics is below:

3,875 uncompressed files contained personally identifiable information 311,778 unique Social Security Numbers 33,146 non-unique Dates of Birth 76,848 non-unique Phone Numbers 39,669 non-unique Postal Addresses Businesses that store any sensitive information should be using DLP software to find and protect data-at-rest, said Feinman. By combining business processes with technology such as Identity Finder, companies can prevent or minimize data breaches.

About Identity Finder The companys technology provides users the ability to prevent identity theft and data leakage by searching and securing sensitive data that could be used to commit identity fraud. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19037
PUBLISHED: 2019-11-21
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
CVE-2019-19036
PUBLISHED: 2019-11-21
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19039
PUBLISHED: 2019-11-21
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.