Posts tagged "Data Breach"
It’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014. They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name. Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.
KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each. This data is being sold in hundreds of online “stores” advertised in cybercrime forums. A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.
Universities perfect learning environment for data security
Higher Ed Organizations are among the highest risk groups to become victims of identity theft and data breach. Because students are relative “beginners” when it comes to personal finances, because university environments are predicated on trust and credibility, and because of the recent progress towards a mobile-centric, social-networking-dominated campus, higher education’s digital footprint is constantly exposed to manipulation.
“The most engaging speaker I’ve ever heard – period.” Debbie Bumpous, NSU Chief Information Technology Officer speaking about John Sileo
“John Sileo was the secret sauce in launching our cyber security awareness program” – University of Massachusetts Director of IT
Identity Theft: involves the misuse of another individual’s personal identifiable information for fraudulent purposes.
- Identity theft is the fastest-growing crime in the U.S., affecting 1 in 20 consumers.
Medical Identity Theft: occurs when someone uses an individual’s name and personal identity to fraudulently receive medical services, prescription drugs or goods, including attempts to commit fraudulent billing.
- Medical identity theft affected 2 million people in the U.S. in 2011.
Data Breach: a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized individual. Data Breaches may involve:
- Credit card numbers
- Personally identifiable information
- Protected health information
- Social Security Number
- Trade secrets
- Intellectual property
Who/What’s at Stake?
An identity is stolen every 3 seconds!
- 5 million Americans were victims of identity theft in 2003.
I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands. And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train. Why? Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.
Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage. If it can happen to the big boys, it can happen to you. If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:
Online reputation services have a special responsibility to keep clients safe. How can you protect yourself when the very company you rely on is breached?
Would you trust a site with your personal information after it suffered a breach? What if that site’s sole purpose is to protect your reputation?
helps its members maintain a reputable online profile, but the site’s own profile was damaged by a recent data breach that led to the exposure of customer information. Although no Social Security numbers or financial information was lost, names, email addresses, and physical addresses were exposed. It’s been reported that some dates of birth, phone numbers, and occupational information were also lost. A “small minority” of customer accounts had hashed and salted passwords stolen.
Hashing’ passwords is the process of using algorithms to change customers’ passwords to a unique data string. The ‘salt’ adds more characters to produce a unique data fingerprint. The company has notified all customers of the breach and reset passwords to protect them. But Reputation.com
is not alone in being hacked recently. LivingSocial, a daily-deal website, was breached, affecting 50 million customers.
Maintaining our online reputation is important to us and the internet, social media and mobile technology are great tools that give us a competitive advantage. However, we cannot ever take our online privacy
for granted. Three tips to keep you ahead of identity theft are:
- Use a password protection program that makes it easy to use highly-encrypted passwords
Do you use the discount site LivingSocial? If so, your email and password could now be a little more “social” than you wanted thanks to a new data breach that occurred on April 26.
A data breach has punctured LivingSocial and resulted in the exposure of the personal information of at least 50 million users. The leaked information includes names, birthdays and email addresses – very useful pieces of data if you’re an identity thief trying to figure out a way to get into someone’s profile or make a profit selling that same information. But what makes this attack even more devastating is that hackers were also able to get a hold of encrypted passwords. Even though the passwords were encrypted through processes called hashing and salting, it likely will not take hackers long to figure out the original passwords.
Identity theft prevention is not a one-time solution. You must accumulate layers of privacy and security over time. The following identity theft prevention tips are among those I cover in one of my speeches, Think Like A Spy Crash Course and expand into protecting organizational or corporate data.
- Trust Your Instincts. Most of prevention is common sense.
- When someone asks you to share private information, think – Hogwash! Learn more about establishing a Fraud Reflex.
- Ask aggressive questions to spot a ConJOB: Control, Justify, Options & Benefits. Learn more about exposing a ConJOB.
- Target (or prioritize) your responses & options to protect the most valuable items first.
- Use sophisticated Identity Monitoring software to detect theft before it’s disastrous.
- Review your Free Credit Report 3X per year at www.AnnualCreditReport.com.
- Opt-Out of financial junk mail at www.OptOutPreScreen.com (1.888.567.8688).
- Stop Marketing Phone Calls at www.DoNotCall.gov – remove phone & cell numbers from junk caller lists.
You should take five minutes to understand Java browser threat before it undermines your security. The internet has become much like the Wild Wild West, where individuals play by their own rules and do as they please. Think of hackers as being malicious like Mongo from “Blazing Saddles,” but as smart and cunning as the most nefarious of Bond villains. It all reads like a bad Hollywood script until you get hit.
These outlaws of the digital age have turned their attention to your browser, and specifically to Oracle Corp’s Java software, continuing their efforts to victimize unsuspecting individuals who think they’re surfing the net safely. According to a recent Reuters report, the company is hard at work on a software update meant to address a critical security flaw that would allow hackers to infect your computer, possibly even taking control of it and using it in an attack on another server.
South Carolina Governor Nikki Haley blamed an outdated Internal Revenue Service standard (see below) as a source of a massive data breach that exposed the SSNs of 3.8 million South Carolina taxpayers plus credit card and bank account data. The identity information, nearly 75 GB worth, was stolen from computers that belonged to the SC Department of Revenue.
The breach reveals some shocking realizations for the people of South Carolina, and the rest of us:
- South Carolina is compliant with IRS rules, but the IRS DOES NOT REQUIRE THAT SSNs BE ENCRYPTED. In other words, the keys to your financial buying power (your credit profile via SSN) is protected in no material way by the IRS, and therefore by your state government.
- Technology isn’t the only source of blame. As is the case in nearly every data breach I’m brought in to help clean up, a HUMAN DECISION is at the heart of the breach.