wigan council lost personal data on children and teenagers
TRANSCRIPT
NEWS
8 SEPTEMBER/OCTOBER 2009
Web applications with high risk security issues up 10%The total number of web applications with at least one high risk
security issue has reached 27%, an increase of 10%, according to IT
security testing, auditing and consultancy company NTA Monitor.
In the charity and not-for-profits sectors, security
vulnerabilities more than tripled from 2008 to 2009 over a 12
month period. NTA Monitor clients in the services sectors had
the highest number of high risk security issues per test despite
seeing a decrease in the average number of threats. Utilities
and the legal sector clients, on the other hand, had no high risk
security vulnerabilities.
NTA Monitor said the three most common high risk security
issues were:
queries initiated for an application
potentially malicious code in a user’s browser
arbitrary HTTP requests to applications.
In addition to sanitising user-supplied data, NTA Monitor said
organisations should switch from a persistent authentication
method (where cookies, for example, are used to authenticate
users) to a transient authentication (usually using a hardware
token for continuous authentication of a user’s presence) to
help prevent cross-request forgery attacks. An account lockout
mechanism should also be in place to help prevent attackers
from being able to brute force user accounts.
Card spending research reveals UK electronic fraud hotspotsResearch by the 3rd Man, an electronic fraud and security specialist,
has uncovered some interesting statistics about cardholder-not-
present transactions, as well as fraudulent mail order and online card
purchases in the UK.
The study from the 3rd Man shows that, in the year to August
2009, UK shoppers spent around £46 billion on cardholder-not-
present transactions. Around £0.5bn worth of this spending was
carried by criminals using other people’s payment credentials without
authorisation.
“[Fraudsters] know that online shopping has become big business
and they try every scam imaginable to dupe retailers. More and more
honest people are using their cards to buy over the internet, but
unfortunately more and more fraudsters are also upping their game”,
said Andrew Goodwill, a fraud specialist with the 3rd Man.
“However, it’s not all bad news”, he added, saying that retailers now
have better fraud detection and prevention systems in place.
Delving into the card fraud research reveals that London
tops the league of fraudulent card transactions with South
East London, and particularly Woolwich, Plumstead (SE18) and
Thamesmead (SE28), gaining notoriety as the places with the
most fraudulent concentration of `bad’ card activity in the UK.
Based on an analysis of over 85 million `good’ and `bad’ card
transactions over the 12 months to the start of August, 2009, in these
South East London postcode districts alone, there were more than one
million transactions overall, 66 000 of which were deemed fraudulent
at a value of more than £18m pounds.
Outside of the capital, other fraud hotspots – defined as having the
most bad transactions in terms of their value in pounds – in the top 10
places include Manchester (4th) Nottingham (3rd), Romford (6th) in
Essex, Coventry (8th) Birmingham (9th). Erith Marshes (10th), North
and South West London occupy the other places.
As a percentage of good versus bad transactions, Ilford in Essex
also makes it into the top ten as over 7000 bad transactions amount to
more than £2m pounds in fraud.
Similarly, London EC makes it into the top 10 in this category
with high levels of fraud versus good transactions (more than three
percent). Enfield also makes an appearance with more than one
percent of all transactions fraudulent.
Wigan council lost personal data on children and teenagersWigan Council has been forced to sign an undertaking with the
Information Commissioner’s Office (ICO) following the theft of
a laptop, which resulted in the personal data of around 43 000
children and teenagers being potentially open to abuse.
executive, has given a formal undertaking that she will take steps
to improve the council’s IT security.
The data loss happened when a laptop – which contained personal
data on children and young people in Wigan’s schools and which was
The council only revealed details of the loss in March.
As part of the undertaking with the ICO, Wigan council is now
ensuring all of its portable computers and mobile devices used to
trained in the appropriate storage and use of personal data.
Commenting on the ruling, the ICO’s head of enforcement,
Sally-Anne Poole, said: “I strongly advise organisations to avoid
instances where employees can download large volumes of
personal information.”
“This incident could have been averted if the data was simply
accessed from the main council computer network. Storing
information on portable devices is unnecessarily risky.”