On October 3rd, 2012, a piece of Allied and Nationwide Insurance’s network was breached, affecting upwards of 1.1 million users or potential clients. This affects both current clients, as well as prospects who have requested a quote from the insurance companies.
In the statement made Wednesday by Nationwide, they explained that they identified the attack a little later that day, and immediately took measures to contain the issue. They called the authorities and investigated the data that was accessible, and on November 2nd confirmed the list of persons affected by the breach. Nationwide/Allied found that the exposed information is pretty extensive.
Although we are still investigating the incident, our initial analysis has indicated that the compromised information included certain individuals’ name and Social Security number, driver’s license number and/or date of birth and possibly marital status, gender, and occupation, and the name and address of their employer. At this time, we have no evidence that any medical information or credit card account information was stolen in the attack.
Currently they are working closely with law enforcement to get as much information as possible about the attack.
In response to the attack, Nationwide and Allied Insurance is offering free credit-monitoring and identity theft protection for a year to the persons affected by the breach, including identity fraud expense coverage amounting up to $1 million, although at this time they explained that they haven’t seen any misuse of the information.
Although we are not aware of any misuse of consumers’ information at this time, we have sent letters to notify those individuals whose personal information we believe was compromised, as well as certain additional individuals whose information was or may have been involved, but whom we do not believe had information compromised in the attack.
To avoid these type of attacks, best practice security technology should be implemented and managed by trained professionals. Review a list of technical security tools that can mitigate risk and are requirements for PCI and HIPAA compliance:
|Technical Security Services|
|Daily Log Review
While some providers may offer logging (tracking user activity, transporting and storing log events), Online Tech provides the complete logging experience with daily log review, analysis, and monthly reporting.
|File Integrity Monitoring (FIM)
Monitoring your files and systems provides valuable insight into your technical environment and provides an additional layer of data security. File integrity monitoring (FIM) is a service that can monitor any changes made to your files.
|Web Application Firewall (WAF)
Protect your web servers and databases from malicious online attacks by investing in a web application firewall (WAF). A network firewall’s open port allows Internet traffic to access your websites, but it can also open up servers to potential application attacks (database commands to delete or extract data are sent through a web application to the backend database) and other malicious attacks.
Online Tech offers two-factor authentication for VPN (Virtual Private Network) access as an optimal security measure to protect against online fraud and unauthorized access for clients that connect to their networks from a remote location.
Vulnerability scanning checks your firewalls, networks and open ports. It is a web application that can detect outdated versions of software, web applications that aren’t securely coded, or misconfigured networks. If you need to meet PCI compliance, you need to run vulnerability scans and produce a report quarterly.
Why is patch management so important? If your servers aren’t updated and managed properly, your data and applications are left vulnerable to hackers, identity thieves and other malicious attacks against your systems.
Antivirus software can detect and remove malware in order to protect your data from malicious attacks. Significantly reduce your risks of data theft or unauthorized access by investing in a simple and effective solution for optimal server protection.
In order to safely transmit information online, a SSL (Secure Sockets Layer) certificate provides the encryption of sensitive data, including financial and healthcare. A SSL certificate verifies the identity of a website, allowing web browsers to display a secure website.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.