South Carolina Governor Nikki Haley blamed an outdated Internal Revenue Service standard (see below) as a source of a massive data breach that exposed the SSNs of 3.8 million South Carolina taxpayers plus credit card and bank account data. The identity information, nearly 75 GB worth, was stolen from computers that belonged to the SC Department of Revenue.
The breach reveals some shocking realizations for the people of South Carolina, and the rest of us:
South Carolina is compliant with IRS rules, but the IRS DOES NOT REQUIRE THAT SSNs BE ENCRYPTED. In other words, the keys to your financial buying power (your credit profile via SSN) is protected in no material way by the IRS, and therefore by your state government.
Technology isn’t the only source of blame. As is the case in nearly every data breach I’m brought in to help clean up, a HUMAN DECISION is at the heart of the breach.
A hacking group known as D33Ds Company leaked about 453,000 hacked email addresses and passwords of Yahoo Voices users in order to send a “wake up call” about poor data security practices at Yahoo. The information posted online was NOT restricted to YahooMail login credentials, but included Gmail, Hotmail, Aol and Yahoo user information. In the past few weeks, there have been similar breaches at LinkedIn, eHarmony, Formspring, Nvidia, and AndroidForum. Whazzzup?
Corporations are clearly ignoring warnings that are now commonplace from privacy and security experts: protect your customer data or lose stock value, subscribers and ultimately, your brand reputation.
The average business will NOT take responsibility for preventing a similar breach of their data until AFTER THEY GET HIT. Which is why 95% of companies will hit the snooze button on the wake-up call.
On the surface, social networking is like a worldwide cocktail party—full of new friends, fascinating places and tasty apps. Resisting the urge to drink from the endless fountain of information is nearly impossible because everyone else is doing it—connecting is often advantageous for professional reasons, it’s trendy and, unchecked, it can be dangerous.
Beneath the surface of the social networking cocktail party lives a painful data-exposure hangover for the average business. Sites like Facebook and Twitter are now the preferred tool for malware delivery, phishing, and “friends-in-distress” scams while more business oriented sites, like LinkedIn, allow for easy corporate espionage and the manipulation of your employees.
To avoid the cocktail party altogether is both impractical and naïve—the benefits of social networking outweigh the dangers—but applying discretion and wisdom to your social strategy makes for smart business. Follow these 7 Security Secrets of Social Networking to begin locking down your sensitive data.
Healthcare data breaches are on the rise, 32% over last year. Though some may find this to be alarming, there is a school of thought that this is actually good news and that we are identifying breaches that perhaps went unnoticed in the past. However, the fact remains that breaches are on the rise, statistically, and many organizations fear they lack the infrastructure and budget to protect patient privacy.
The study found the reasons for growing data breaches in healthcare organizations to include:
employee mistakes and sloppiness
lost or stolen mobile computing devices
unintentional employee action
On average, it is estimated that data breaches cost benchmarked organizations $2,243,700. This represents an increase of $183,526 from the 2010 study, despite healthcare organizations’ increased compliance with federal regulations. Respondents in the study noted relying less on an “ad hoc’ process to prevent or detect data breach incidents and are relying more on policies, procedures and security.
The IRS admittedly has little control over protecting your tax returns against identity theft. The problem is too big, the data too widely available, prevention too rarely attended to until it’s already too late. Your tax returns are the Holy Grail of identity theft because they contain virtually every piece of information a fraudster needs to BECOME you. But you don’t have to be a victim; you simply need to take responsibility for what is rightfully yours – your tax return information and your identity. The changes aren’t difficult, they simply require you read through this document so that you recognize the risks. Once that’s done, you simply avoid the highest-risk behaviors.
Here is a comprehensive list of frauds, scams and high risk tax-time practices.