Security Breach at IEEE Compromises Member Information 

by iClass - Friday, April 01, 2011
Recently, the Institute of Electrical and Electronics Engineers (IEEE), the world's largest and renowned technical professional association notified members of possible data breach. The association identified the unauthorized access to customer database in December. Computer forensic professionals were engaged to investigate the security breach incident. In February, the forensic investigators identified that a file containing customer data was deleted from the computers of IEEE in November last year.

The investigation led to the disclosure of several system vulnerabilities. Information security professionals of the association have mitigated the vulnerabilities. The compromised information was provided by the members, while registering for an IEEE conference. The file contained names, credit card numbers, credit card expiry dates and card identification numbers of around 828 members. The association reported that they are not aware, whether the attackers extracted customer data from the deleted file. The incident is alleged to be a sophisticated network intrusion attack. The association has notified the Federal Bureau of Investigation (FBI) on the incident and the concerned regulatory authorities.

Attackers scan the networks to identify and exploit security flaws in networks, computer systems and websites. Once they identify a vulnerable network and computer systems, they use sophisticated techniques to bypass security mechanisms and gain access to privileged databases. A successful intrusion attempt may provide access to sensitive customer information. The collected information could be misused for fraudulent activities such as identity theft, misrepresentation and conducting unauthorized transactions. The offenders may also sell the extracted information to their peers in the crime world and corporate rivals of the targeted organization. Organizations must conduct regular security evaluation of the websites. Hiring professionals qualified in computer science degree may help them in streamlining the security of the IT infrastructure.

IEEE has offered to provide one-year free subscription for Identity theft protection policy. Members must notify the credit reporting agencies and request for fraud alert on their accounts. The affected individuals must monitor their credit card statements and report any unauthorized activity to their respective banks and credit institutions.

Organizations must adhere to the regulatory provisions for collection and storage of data. Payment Card Industry Data Security Standard (PCI DSS) establishes security standards to be implemented by merchants, hardware and software developers, financial institutions and professionals. Training sessions, online degree and e-learning programs may help employees in understanding and implementing security standards and practices.

Employees must be aware of the various IT security threats, measures to be initiated in case of a security breach incident, protection of evidence, procedures for reporting security incident procedures and data recovery procedures. IT employees must be encouraged to undertake online university degree courses in computer forensics and incident management. Access to computers containing privileged information must be restricted to few authorized employees.

Contact Press

EC-Council
Website:
http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228


EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

-

0    submitted by iClass -
Read More Press Releases

Thanks to robots, company registration in Singapore has become cheaper

Koincable Introduces Four Customizable HDMI Cables

SKS Ispat& Power Ltd commissions first 300-MW power unit of their 1,200-MW RaigarhPower Plant

How a Bodybuilding Diet Can Help Build Muscle Naturally

Low Carb Diet Report Casts Light On New Research Findings

Increase in the number of student visa is trending nowadays

Wiwigo Technologies: First of its kind selfie campaign takes place in moving Delhi-Chandigarh Shatabdi

An important day in real estate sector

Leonard Kim to Appear on Critical Mass Radio Show

Nishan Kohli's recent exhibition on photography

Get press releases by email