Security Breach


July 22nd, 2014

WATCH Your Back with Hard Drive Destruction Services

hard-drive-destruction-serviceDoes your company have a store room filled with old computers? You may want to consider our Hard Drive Destruction Services to properly and legally dispose of the records stored on discarded electronic media. It’s not enough to just wipe or erase your hard drive.

We recently highlighted just a few of the reasons why you need to properly dispose of paper documents.  Your exposure is even worse with electronic information!

The agencies that require proper data destruction include Health Insurance Portability and Accountability Act (HIPPA), Fair and Accurate Credit Transactions Act (FACTA), Florida Unlawful Use of Personal Identification Information Act and at least five others that we reported in that article.

Virtually every piece of paper in your files was probably created or stored on a computer or server that you may not even be using any longer. You are obligated to destroy all sensitive information about employees, patients, clients and customers.  How many credit cards or social security numbers do you have on those hard drives that you are planning to donate to a local charity?

Here are just a few examples of companies who admitted customer records being compromised.  How many thefts of data go unreported?

How many hard drives do you have laying in a junk pile that you would not even notice just “walking out the door?”

There are also potential disclosure and liability issues to be considered. Would you really want some of the private reports you have on your hard drives available for the world to see?

Consider this case where no less than the head of the IRS defends the service’s right to destroy data:

“it was revealed last week that the agency had lost some emails sent to and from Lois Lerner, the retired head of the agency’s Exempt Organizations division” and then in a related article “Lawmakers Want to Dig Up IRS’s ‘Hard Drive Cemetery.”  

Do you have your own hard drive cemetery filled with sensitive information?

Call 877-974-7337 or contact us.  We will gladly review your situation and make you aware of all legal obligations you may have for electronic media retention and destruction.

May 23rd, 2014

Shredding Can Mean the Difference Between Safety and an Information Security Breach

Several large retailers such as Target and Neiman Marcus have suffered security breaches. Their computers had security systems, but they were still hacked. Upwards of 70 million people have had their email and mailing addresses compromised, and around 40 million people have had their credit and debit card information stolen. That was from Target alone, in December 2013. Reports say that Target has spent millions on their information security breach, and the company is still suffering from the catastrophe. Read more about the Target breach here.

People have been made aware of identity theft, through companies like Target making the news. Additionally, there are warnings all over the internet regarding identity theft. People have begun to burn or shred their sensitive papers rather than thoughtlessly throwing them in the trash. Many remember the lady who was gaining recyclable materials from a dumpster, and she ran across sensitive information from people’s recycle bins. Folks are now being much more careful about information security.

For a small business or a business just opening its doors, an information security breach could mean the end of the business. Not only paperwork is subject to theft, but old computers put out for recycling. Businesses may think they have wiped their hard drives clean, but many instances have made the news in which such is not the case.

To examine the problem from the other side, scam artists and identity thieves can and will perpetrate their frauds in a dizzying array of ways. They can even scam the IRS from prison. Information security doesn’t even encompass paper and computers. A simple vacation picture on Facebook can alert an identity thief to his target’s absence from home. A look at the About page, the notation of an address, and someone will need help to recover their identity. What can be done to stop it?

Private citizens should be very careful to let no paperwork with sensitive information like social security numbers, bank account numbers, insurance information or medical information get into the trash or recycle bin. Secure On-Site Shredding offers individuals a one-time service for their security needs. If people are spring-cleaning the desk and need to safely dispose of months’ worth of sensitive information, SOShredding is available for their peace of mind. Small businesses who are upgrading their computer systems should contact the company for secure shredding of their old system’s hard drives. A plus of this service is that all shredded materials are recycled for the benefit of the environment. Contact us to preserve your most sensitive information security.

 

May 12th, 2014

The Importance of Maintaining a Current Document Retention Policy

There are certain articles of information that should always be kept on file. These can include certain IRS paperwork, articles of formation, corporate resolutions, partnership agreements, etc. The problem is, when “cleaning house” these important papers sometimes get sent to the shred pile; never to be seen again. Destruction of these vital documents can cost your firm time and money to replace – if they are even replaceable. This is we recommend maintaining a current Document Retention Policy.

A Document Retention Policy should be designed by the managing individuals within a business. The policy should include what documents should be kept indefinitely, the location of these documents, and should require a chain of custody during each document destruction process.

The Document Retention Policy should be given to each individual within the firm that handles office duties. This way, when it comes time to shred, these individuals will have a clear, current, and comprehensive list of important documents and records that should be kept.

In some cases, some records must be kept for only a certain period of time and then they can be destroyed. The Document Retention Policy should include these documents as well, and the date in which these records can be discarded. For instance, the IRS recommends keeping financial records for at least 7 years. After the seven years has passed, these documents and records can be safely and securely destroyed.

When designing your retention plan, following a basic template for a standard retention policy is a good start, but be sure to tailor the policy to suit your specific business needs.

If you are interested in learning more about how to ensure your important documents steer clear of the shredder, please contact us. At Secure On-Site Shredding (SOS) we pride ourselves on providing our customers with the utmost in customer service. Call today to speak with one of our document destruction experts.

 

February 21st, 2013

Personal info found in recycling bin!

A woman’s hunt for coupons in a local dumpster turns up thousands of sensitive documents, exposing the personal information of hundreds of people.

Confidential material a thief could use to steal your identity sitting at the bottom of a dumpster.

Lynda contacted ABC15 after first finding the private medical forms, then several days later we joined her for another dumpster dive.

We found even more piles of private paperwork in the same recycling bin.

We reunited a registered nurse with her discarded medical information.

She asked us to protect her identity after finding out her driver’s license and social security numbers were trashed. At least one victim told me she plans on taking legal action against the Gila County’s Division of Health and Emergency Services after what our story uncovered. So, we want to know… what are your expectations for a government official to keep your personal information private?

November 28th, 2012

Oops. Confetti at Macy’s Thanksgiving Day Parade Was Made of Still-Readable Confidential Police Docs

The magical specks of color that float down the city streets are normally just a mishmash of multicolored confetti, but this year, shredded confidential documents from the Nassau Police Department were also in the air.

The worst part is that the documents were shredded horizontally, so they were still highly readable. Some strips that stuck to parade attendees contained Social Security Numbers of officers and others detailed crimes like a pipe bombing in the Kings Grant area of Long Island.

Hypothetically, these pieces of paper could have very easily been collected and been put back together again using some simple “unshredding software.”

Macy’s defends to WPIX that they only use the pretty paper bits in their confetti, so this could’ve come out of any of the countless number of office windows along the 6th Avenue parade route.

It’s a very scary Thanksgiving weekend for some Nassau County cops who might get their identities stolen in the first few days of this holiday season.

March 12th, 2012

County trashes confidential information

Violating privacy law, health department discards personal information of people applying for benefits in public trash bin

Gila County Health Department staff dumped confidential personal information that included copies of drivers’ licenses and birth certificates into a public recycling bin found by two Payson residents on Feb. 29.
“The fact this is happening is inexcusable,” said Supervisor Tommie Martin.

The health department reported in a press release this week that an employee threw two bankers-style boxes containing 12 files of internal documentation into a recycle container used by other businesses in Payson.

The employee has been reprimanded and retrained, said county officials.

County officials have not confirmed how many individual’s records were compromised, but the files reportedly included hundreds of pages.

County officials said they’ve launched an investigation but have not yet revealed how the confidential information ended up in boxes of recycling material an employee routinely dumped in the trash. County officials have denied reports that confidential records were discarded at least twice.

Martin insisted the county would change its procedures.

“In this day and age, nobody should have to worry about his or her identification getting out,” she said.

The incident violated federal law protecting the confidentiality of health care records, acknowledged Health Director Michael O’Driscoll.

Since the incident was reported, county officials have moved the recycling bin to a secure location to examine each piece of paper to guarantee all records are found, said Martin.

O’Driscoll said the files were mixed in with outdated pamphlets and material from the federal WIC (Women, Children and Infant) program.

WIC provides grants to states for food, health care and nutrition education to low-income mothers of children under the age of 5. The states then have county health departments administer the program.

O’Driscoll said the health department is investigating exactly how the records found their way into the boxes of recyclable material without being shredded first.

“We moved immediately to put systems in place to stop distribution of files,” said O’Driscoll.

Because the files had to do with personal medical information, they are subject to HIPAA (Health Insurance Portability and Accountability Act) security regulations and so should have been disposed of as required by federal law.

In its press release the health department wrote, “Gila County Health Department maintains extremely strict and cautionary protocols for confidential information, which includes step-by-step measures for its storage, management, and destruction.”

O’Driscoll said each year health department employees go through training on how to properly dispose of confidential paperwork. Files are shredded and discarded after five years, only if they include inactivated clients.

Chamber of Commerce manager John Stanton, who shares the recycling bin with the county office, saw a young mother with a baby, contacted by a Phoenix television station through her information found in the bin, being interviewed.

The incident came to light after people who found the discarded records and called Channel 15. Channel 15 reported that Payson residents Lynda Perkins and her daughter-in-law discovered the discarded documents outside the county health department office located next to the courthouse as they searched for coupons. The Payson women called the Phoenix TV station.

On camera, WIC office employee Sherry Miller admitted to placing the files in the box.

However, O’Driscoll would not confirm the identity of the employee who discarded the records and added he bore the ultimate responsibility as director of the department.

Martin expressed remorse, “I can’t believe we did it,” she said, “I can only explain it as somebody unconsciously throwing it in a box. The weak link is in the strangest places.”