Tuesday Morning News Kick Off: Lincoln National Revealed Data Breach, Health Net Sued by Connecticut AG and Why Private Sector Keeps Mum on Cyber Attacks

Since yesterday was officially a holiday — and we wanted to keep our most compelling podcast with Mr. Michael Kaiser, Executive Director, National Cyber Security Alliance (NCSA), as the top post — we decided to hold our Monday morning news round up for today. As always, there is never a shortage of news when it comes to cyber security, data breaches and identity theft. This week, we have an assortment of stories, including a data breach at Lincoln National Corp, Health Net being sued by the Connecticut Attorney General and much more. Scroll on and enjoy.

Lincoln National Corp Reveals Potential Breach of 1.2 Million Accounts
Lincoln National Corp., a financial services company based in Radnor, PA disclosed a security vulnerability that may have leaked personal data of 1.2 million customers. The company revealed the possible data breach in a letter to the attorney general of New Hampshire on January 4. In the letter, lawyers for the firm say the breach of the Lincoln portfolio information systems had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. Read the full BankInfoSecurity.com article here.

Private Sector Keeps Mum on Cyber Attacks
The biggest surprise to computer-security experts isn’t that Google Inc. was targeted by attackers from China. It’s that the Internet giant chose to disclose the incident. Despite repeated efforts by the U.S. government to get the private sector to share information about threats, many companies have long kept such incidents confidential. “There’s a culture of secrecy around any bad news, and data breaches are always bad news,” said Larry Ponemon, a security and privacy consultant with the Ponemon Institute. “Organizations don’t like to reveal it.” The reticence can apply both to public disclosure of attacks as well as information-sharing among companies and government agencies—exchanges that can help organizations prevent future break-ins. Read the full Wall Street Journal article here.

E-Commerce Data Security 2010: Learning From 2009’s Debacles
2009 was the first year since 2005 that the number of data breach incidents recorded actually dropped. If that makes you feel a little more secure — there is a counter side. The same site reports on personal records that have been exposed: 220 million records in 2009 as compared with 35 million in 2008. There are two important trends to note here. First, technology advancements (and simplifications) have made breaches increasingly difficult. Second, there is the people side of the equation. In some cases, the small entry errors involved in large-scale breaches are more difficult to manage than the technology issues. With a poor economic state and online shopping becoming a necessary tool for tough times, merchant readiness for handling confidential data — both on the technology and people front — is critical for a successful online presence. Read the full TechNewsWorld article here.

Conn. Attorney General Sues Health Net Over Data Security Breach
Connecticut Attorney General Richard Blumenthal (D) has filed a lawsuit alleging that Health Net of Connecticut failed to properly secure patient information and waited too long to inform consumers about a data breach, the Hartford Courant reports. Blumenthal — the brother of National Coordinator for Health IT David Blumenthal — recently announced his bid for the Senate seat being vacated by Sen. Chris Dodd’s (D-Conn.) In May 2009, a portable external hard drive disappeared from Health Net’s Connecticut office. The insurer did not report the missing data until six months later, in November 2009. Read the full iHealthBeat article here.

Facebook Prime Ground for ID Theft
Social networkers of the world, it’s time to amp up your security software and put on your cynical cap before clicking on friend requests and links to “funny videos.” Facebook and Twitter will be the top targets for cyber attacks in 2010, according to several security firms. Networks such as Facebook are a gold mine of information for identity-theft scams. You might have stumbled upon a cyber-attack or two before on Facebook. It’s usually an inbox message from someone you don’t talk to often, with the message: “Hey is this you in this video? LOLZ!!!” followed by a strange link with random letters in it. Click on the link, and it can take you to a site that will download a program designed to steal your personal information and spread the malicious link to all your Facebook connections, without you knowing it. The Koobface worm was one such program. In 2009, the CA Internet Security Business Unit found more than 100 mutations of that worm. Read the full Miami Herald article here.