German bank's data breached

Warnings appeared of an enormous data breach in Germany this week. According to media reports, a hacking gang is offering for sale on the black market the accounts of 21 million German bank account-holders.

In the course of the investigation for Wirtschaftswoche magazine, the two reporters said they were able to get hold of a CD-ROM containing the names, addresses and bank account numbers of 1.2 million people, although they had been offered data on 21 million people if they paid the criminals' demands of 12 million euros.

“Incidents like this wouldn't be possible if there were tougher data security laws, enforcing the use of encryption and user authentication solutions. In addition, businesses should log and monitor how data is used and moved inside their organisation to get greater visibility of potential problem areas,” says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.

Another example of an e-mail-based scareware (fake anti-virus software) campaign has also been noted this week.

Messages with the subject line: “Important message for you” are being sent out, posing as a support desk, and saying that the user's computer has been identified as being infected by a file-infecting virus (which they call W.744.A).

“Of course, the Web site and product that the e-mail links to are designed to compromise your computer systems,” says Myroff.

The malware linked to in these e-mails has been identified as Troj/FakeVir-HX.

This week also saw a $100 million venture capital investment fund left with egg on its face. It is designed to help companies develop programs for the Apple iPhone and iPod Touch platforms. A database containing information about 588 start-up firms seeking funding was accidentally leaked onto the Internet.

Start-up companies applied for a slice of the Kleiner Perkins Caufield & Byers (KPCB) $100 million iFund by submitting their business plans, financial information, senior management biographies and demos.

According to reports, KPCB's former hosting provider Meteora has been blamed for accidentally making the SQL database of the applicants public.

“While unfortunate for the companies embroiled in this incident, it is also a chance for all businesses to ask themselves if this could possibly happen to them, too,” Myroff concludes.